Making Secure Computation Practical

Slides:



Advertisements
Similar presentations
Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
Advertisements

Yan Huang, David Evans, Jonathan Katz
Secure Evaluation of Multivariate Polynomials
Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations Aseem Rastogi Matthew Hammer, Michael Hicks (University of Maryland, College.
Evis Trandafili Polytechnic University of Tirana Albania Functional Programming Languages 1.
ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
Black-Box Garbled RAM Sanjam Garg UC Berkeley Based on join works with
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
SPAR-MPC Day 2 Breakout Sessions Mayank Varia 29 May 2014.
CS 352 : Computer Organization and Design University of Wisconsin-Eau Claire Dan Ernst Elementary Digital Logic Apps O/S Arch  Arch Logic Digital Analog.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Overview of Workshop Goals and RFI Responses Emily Shen SPAR-MPC Workshop 28 May 2014.
AAMAS 2004 – Panel on Business Process Management Tom Wagner, Ph.D. DARPA / IPTO
21/05/2010 AU DEPARTMENT OF COMPUTER SCIENCE FACULTY OF SCIENCE AARHUS UNIVERSITY TATIONpRESEN The homeport system Jeppe Brønsted, Post Doc, Phd Aarhus.
Making Secure Computation Practical IBM: Craig Gentry, Shai Halevi, Charanjit Jutla, Hugo Krawczyk, Tal Rabin, NYU: Victor Shoup SRI: Mariana Raykova Stanford:
SPAR-MPC Day 1 Breakout Sessions Emily Shen 29 May 2014.
* Partially sponsored by IARPA SPAR * Partially sponsored by DARPA PROCEED.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
FULLY HOMOMORPHIC ENCRYPTION WITH POLYLOG OVERHEAD Craig Gentry and Shai Halevi IBM Watson Nigel Smart Univ. Of Bristol.
Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.
PRACTICAL (F)HE Shai Halevi 1 October 2015FHE+MMAPs Summer School, Paris Part I - BGV Basics Part II - Packed Ciphertexts Part III - Bootstrapping.
Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.
Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.
A plausible approach to computer-aided cryptographic proofs (a collection of thoughts) Shai Halevi – May 2005.
Aleksandra Pawlik University of Manchester. Something that can be put into a workflow Well described - what the component does Behaves “well” - conforms.
On the (im)possibility of perennial message recognition protocols without public-key cryptography Peeter Laud Cybernetica AS & University of Tartu
1 A hardware description language is a computer language that is used to describe hardware. Two HDLs are widely used Verilog HDL VHDL (Very High Speed.
Chapter 12. Chapter Summary Boolean Functions Representing Boolean Functions Logic Gates Minimization of Circuits (not currently included in overheads)
Efficient Leakage Resilient Circuit Compilers
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Searchable Encryption in Cloud
Formal Specification.
The Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation
Carmit Hazay (Bar-Ilan University, Israel)
Introduction to Randomized Algorithms and the Probabilistic Method
Mobile Application Test Case Automation
MPC and Verifiable Computation on Committed Data
Foundations of Secure Computation
Using low-degree Homomorphism for Private Conjunction Queries
The first Few Slides stolen from Boaz Barak
The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.
A Verified DSL for MPC in
New Directions in the Development of ABC
Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt
Lecture 4: Activity Diagrams
CS 154, Lecture 6: Communication Complexity
CSc4730/6730 Scientific Visualization
Cryptography for Quantum Computers
CSE 370 – Winter 2002 – Comb. Logic building blocks - 1
Digital Control Systems Waseem Gulsher
Analysis models and design models
Provable Security at Implementation-level
ECE 352 Digital System Fundamentals
MPC Scenario 1. “Privacy-protected contingency tables”
Fast Secure Computation for Small Population over the Internet
SystemC Test Case Generation with the Gazebo Simulator
Challenges with developing a Commercial P2P System
Copyright © Cengage Learning. All rights reserved.
Dept. of Computation, UMIST
Helen: Maliciously Secure Coopetitive Learning for Linear Models
CS 188: Artificial Intelligence Fall 2008
Presentation transcript:

Making Secure Computation Practical IBM: Craig Gentry, Shai Halevi, Charanjit Jutla, Hugo Krawczyk, Tal Rabin, NYU: Victor Shoup SRI: Mariana Raykova Stanford: Dan Boneh UC Irvine: Stanislaw Jarecki

Time for Secure Computation The time has come for secure-MPC to enter computing mainstream Like public-key cryptography in the 1990’s The problems are here So are the solutions At least in principle, need to push it to practice SPAR-MPC should be about technical tools to help make it happen Performance is just one aspect, and not always the main one. Tool support for design, analysis, and implementation is as important.

This Presentation Useful directions Musings about automation Protocols for huge crowds Semantic leakage Computation with RAM complexity SWHE-based protocols Comparing MPC technologies Musings about automation Computer-aided design/implementation/proofs

Protocols for Huge Crowds Need for private computing with a huge number of (loosely-connected?) parties Cars on highway collect road-hazard info, smart phones report nearby friends, etc. Most secure-MPC protocols are not designed for these settings Assume full connectivity, require broadcast, … Some existing work in these directions, but much work remains Boyle et al. TCC’13, Zamani et al. 2014, Boyle et al. 2014 Halevi et al. CRYPTO’11, Gordon et al. EC 2013

Semantic Leakage Crypto modeling captures formal leakage Whatever we need to leak to the simulator so that it can simulate But not “semantic” leakage What is actually given away by this leakage This is inherent to some extent Semantic leakage depends on application Same leakage can be harmless in one application, devastating in another

Semantic Leakage Identify useful patterns Composition? What: access-pattern, access-frequency, timing, … How much: Signal-to-noise ratio, … Identify cases where certain what/how-much combinations are acceptable and useful Composition? Connections to differential privacy?

Secure MPC with RAM Complexity When are ORAM-based protocols useful? Asymptotically faster than circuit-based ones But in practice, often much slower Combinations that perform well in practice ORAM for multiple clients Reduce interaction Faster Garbled RAM? Practical RAM-based MPC with little interaction?

SWHE-Based MPC Protocols FHE/SWHE perceived as slow Save on interaction, pay with more processing But low-degree SWHE is a handy tool for designing secure-computation protocols Contemporary SWHE provides: A few multiplications Ciphertext packing Variable plaintext space Parallelism Potential for practical efficiency Very little work so far exploiting it

Comparing MPC Technologies Several low-level technologies Binary (Yao, GMW) Algebraic black-box (using additive HE) SWHE-based protocols and ways of combining them MPC-in-the-head SPDZ MPC-over-ORAM, Garbled-ORAM How to decide what to use where?

Comparing MPC Technologies Develop a comparative corpus of data points Start from a few useful low-level tasks Comparison, Sorting, Regular expressions, … Parameterized by: number of parties, input size, security parameter, adversary model, … Organize a shoot-out, compare different implementations Time, bandwidth, rounds, trust model, … Also need fast methods of converting data between the different representations that are needed for the different technologies

Automation Automation, tool-support, is crucial for practical MPC protocols But our expectations should be modest In general, we cannot expect non-experts to design their own crypto protocols Even without crypto, work-flows design is typically left for domain experts Progress on tool-support for crypto proofs has been slow

Automation Tool support for implementation promises better bang-for-buck than for design Implementing secure-MPC is laborious APIs, development environments, languages, would help Example: integrating libraries is hard E.g., using HElib as a primitive inside SCAPI Without losing the low-level optimizations that HElib supports The HElib/SCAPI example, integration would require joint effort of crypto experts with languages experts, maybe develop crypto-specific design patterns

Automation A good development environment can be “scaled up” to support design, proofs Without limiting the developer Example: Use interface/implementation paradigm to specify security guarantees Put hooks for proofs Add tool support for proof-checking if/when it becomes available Use UC-security, relaxation thereof But allow opt-out of UC as needed

Summary Goal: bring secure-MPC to practice Useful directions Protocols for huge crowds Semantic leakage Computation with RAM complexity SWHE-based protocols Comparing MPC technologies Automation Start small, make extensible

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.