Cryptography CS 555 Lecture 22

Slides:



Advertisements
Similar presentations
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Advertisements

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Secure Multiparty Computations on Bitcoin
Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.
ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Cryptography 101 How is data actually secured. RSA Public Key Encryption RSA – names after the inventors –Rivest, Shamir, and Adleman Basic Idea: Your.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
Oblivious Transfer based on the McEliece Assumptions
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Secret Sharing Algorithms
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Privacy Preserving Learning of Decision Trees Benny Pinkas HP Labs Joint work with Yehuda Lindell (done while at the Weizmann Institute)
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Blind Vision Shai Avidan, Moshe Butman Yuval Schwartz.
Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties.
Introduction to Public Key Cryptography
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
Public-Key Cryptography CS110 Fall Conventional Encryption.
Lecture 10: Mental Poker Wayne Patterson SYCS 654 Spring 2010.
Topic 22: Digital Schemes (2)
On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.
Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.
Introduction to Quantum Key Distribution
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
Secret Sharing Nisarg Raval Sep 24, Material is adapted from CS513 lecture notes.
Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.
Introduction to Cryptography Lecture 9. Public – Key Cryptosystems Each participant has a public key and a private key. It should be infeasible to determine.
Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Garbling Techniques David Evans
CS580 Internet Security Protocols
Privacy-preserving Reinforcement Learning
Some slides borrowed from Philippe Golle, Markus Jacobson
Public-key Cryptography
Introduction to security goals and usage of cryptographic algorithms
Oblivious Transfer and GMW MPC
Secret Sharing (or, more accurately, “Secret Splitting”)
The first Few Slides stolen from Boaz Barak
Course Business I am traveling April 25-May 3rd
Gate Evaluation Secret Sharing and Secure Two-Party Computation
Cryptography and Security Fall 2009 Steve Lai
Cryptography for Quantum Computers
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
Cryptography CS 555 Digital Signatures Continued
Appendix 5: Cryptography p
Course Business Homework 5 Extended Practice Final Released Next Week
Discrete Math for CS CMPSC 360 LECTURE 14 Last time:
CSCI284 Spring 2009 GWU Sections 5.1, 5.2.2, 5.3
Oblivious Transfer.
Key Exchange, Man-in-the-Middle Attack
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Presentation transcript:

Cryptography CS 555 Lecture 22 Secure Function Evaluation Ninghui Li Fall 2004/Lecture 22

Lecture Outline The Secure Function Evaluation Problem 1-out-2 Oblivious Transfer Yao’s Scrambled Circuits for 2-party SFE Secret Sharing n-party SFE Ninghui Li Fall 2004/Lecture 22

Secure Function Evaluation Also known as Secure Multiparty Computation 2-party SFE: Alice has x, Bob has y, and they want to compute two functions fA(x,y), fB(x,y). At the end of the protocol Alice learns fA(x,y) and nothing else Bob learns fB(x,y) and nothing else n-party SFE: n parties each have a private input, and they join compute functions Ninghui Li Fall 2004/Lecture 22

Oblivious Transfer 1 out of 2 OT 1 out of n OT Alice has two messages x0 and x1 At the end of the protocol Bob gets exactly one of x0 and x1 Alice does not know which one Bob gets 1 out of n OT Alice has n messages Bob gets exactly one message, Alice does not know which one Bob gets 1 out of 2 OT implies 1 out of n OT Ninghui Li Fall 2004/Lecture 22

Bellare-Micali 1-out-2-OT protocol g: generator of Gq b{0,1} x0, x1 c c R Gq k R Zq PKb=gk PK1-b=c/gk PK0, PK1 C0=[gr0, H(PK0r0)x0], C1=[gr1, H(PK1r1)x1] decrypts Cb=[v1,v2] by computing H(v1k)v2 Ninghui Li Fall 2004/Lecture 22

Yao’s Scrambled Circuit Protocol for 2-party SFE For simplicity, assume that Alice has x, Bob has y, Alice learns f(x,y), and Bob learns nothing represent f(x,y) using a boolean circuit Alice encrypts the circuit and sends it to Bob in the circuit each wire is associated with two random values Alice sends the values corresponding to her input bits Bob uses OT to obtain values for his bits Bob evaluates the circuits and send the result to Alice Ninghui Li Fall 2004/Lecture 22

Secret Sharing t-out-of-n secret sharing divides a secret s into n pieces so that any t pieces together can recover n How to do n-out-of-n secret sharing? Shamir’s secret sharing scheme secret sZp pick a random degree t-1 polynomial fFp[x] s.t. f(0)=s user i gets si=f(i) t users can interpolate f and find out b t-1 shares reveal no information about s Ninghui Li Fall 2004/Lecture 22

Proactive Secret Sharing Suppose that s is shared in t-out-of-n User i has si=f(i) Proactive updates: user 1 picks random degree t-1 polynomial s.t. g(t)=0 user 1 sends yj=g(j) to user j user j does sjnew=sjold+yj Ninghui Li Fall 2004/Lecture 22

BGW n-party SFE Use algorithmic circuits where operations are + and  Each private input is shared among all participants Do computation with the shared value e.g., given x and y both are shared by n parties, compute the shares of x+y and xy Secure when the majority of the parties are honest Ninghui Li Fall 2004/Lecture 22

Summary Yao’s 2-part SFE uses OT and block cipher BGW’s n-party SFE uses secret sharing Ninghui Li Fall 2004/Lecture 22

Next Lecture… Quantum Cryptography Ninghui Li Fall 2004/Lecture 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.