Fast Secure Computation for Small Population over the Internet

Slides:



Advertisements
Similar presentations
Polylogarithmic Private Approximations and Efficient Matching
Advertisements

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Secure Evaluation of Multivariate Polynomials
Secure Multiparty Computations on Bitcoin
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Oblivious Transfer based on the McEliece Assumptions
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University.
TOWARDS PRACTICAL (GENERIC) ZERO-KNOWLEDGE Claudio Orlandi – Aarhus University.
Secure Computation (Lecture 3 & 4) Arpita Patra. Recap >> Why secure computation? >> What is secure (multi-party) computation (MPC)? >> Secret Sharing.
Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.
Secure Computation Lecture Arpita Patra. Recap > Shamir Secret-sharing > BGW Protocol based on secret-sharing > Offline/Online phase > Creating.
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
Secure Computation Lecture Arpita Patra. Recap >Three orthogonal problems- (n,t)-sharing, reconstruction, multiplication protocol > Verifiable Secret.
1 / 23 Efficient Garbling from A Fixed-key Blockcipher Applied MPC workshop February 20, 2014 Mihir Bellare UC San Diego Viet Tung Hoang UC San Diego Phillip.
Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.
Privacy-Preserving Data Aggregation without Secure Channel: Multivariate Polynomial Evaluation Taeho Jung 1, XuFei Mao 2, Xiang-Yang Li 1, Shao-Jie Tang.
Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.
PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.
Bounded key-dependent message security
Cryptography Lecture 13 Arpita Patra
Garbling Techniques David Evans
A Fixed-key Blockcipher
Topic 36: Zero-Knowledge Proofs
The Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation
Carmit Hazay (Bar-Ilan University, Israel)
Fast Actively Secure OT Extension For Short Secrets
TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.
MPC and Verifiable Computation on Committed Data
Foundations of Secure Computation
Committed MPC Multiparty Computation from Homomorphic Commitments
Laconic Oblivious Transfer and its Applications
Oblivious Transfer and GMW MPC
The Round Complexity of Verifiable Secret Sharing
Course Business I am traveling April 25-May 3rd
Gate Evaluation Secret Sharing and Secure Two-Party Computation
Improved Private Set Intersection against Malicious Adversaries
Applications of Blockchains - III
On the Power of Hybrid Networks in Multi-Party Computation
Cryptography for Quantum Computers
Multi-Party Computation: Second year
Malicious-Secure Private Set Intersection via Dual Execution
Two-Round Adaptively Secure Protocols from Standard Assumptions
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
CRYP-F02 Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection Peter Scholl (University of Bristol) Michele Orrù (ENS Paris)
Cryptography Lecture 8 Arpita Patra © Arpita Patra.
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Presentation transcript:

Fast Secure Computation for Small Population over the Internet Megha Byali, Arun Joseph, Arpita Patra, Divya Ravi Indian Institute of Science, Bangalore, India. ACM Conference on Computer and Communications Security, 2018

Our Results Efficient 3-Party (3PC) and 4-Party (4PC) Protocols with honest majority achieving the stronger security notions of: Fairness -- 4 round fair 3PC (n=3, t=1) Guaranteed Output Delivery (god) -- 5 round god 3PC (n=3, t=1) -- 4 round god 4PC (n=4, t=1) -- 5 round god 4PC (n=4, t=1) Assumptions: -- OWF/P -- Minimalistic network of point-to-point channels. -- Necessary Broadcast for 3PC god [CohenHOR16]. [CohenHOR16] Ran Cohen, Iftach Haitner, Eran Omri, and Lior Rotem. Characterization of Secure Multiparty Computation Without Broadcast. In TCC. 2016.

Secure MultiParty Computation (MPC) Joint function: f(x1, x2, …, xn) Inputs: (x1, x2, …, xn) Goals: Correctness Privacy MPC TTP f MPC: Real World emulation of TTP

Why Small Population with Honest Majority? Real world applications: Secure ML, Danish Sugar Beet Auction, Fair Auctions. Weaker Assumptions: Eliminate PK primitives like Oblivious Transfer (OT) altogether as symmetric-key functions are sufficient. Light Weight Tools and Efficiency: Customized Secret Sharing schemes. Customized OT. Stronger Security: The properties, fairness and guaranteed output delivery can be achieved only in the case of honest majority [Cleve86]. [Cleve86] Richard Cleve. Limits on the security of coin flips when half the processors are faulty (extended abstract). In ACM STOC, 1986.

Security Guarantees y y ┴ ┴ y y Fairness Guaranteed output delivery (god) – Strongest Adversary cannot prevent honest parties from getting output. Fairness If adversary gets output, all get the output. Security with selective abort - weakest Adversary selectively deprives some honest parties of the output. y y y y y y y y y y y y ┴ ┴ ┴ ┴ ┴ ┴ y y ┴ ┴ y y

Garbled Circuit (GC) [BellareHR12] Boolean circuit input x Garbling function y output Gb e d GC Encoding function En De Decoding function X Ev Y Evaluation function [BellareHR12] Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. Foundations of garbled circuits. In CCS, 2012.

The Bigger Picture 3-Party Protocols 4-Party Protocols Ref #GCs Rounds Security Broadcast [MohasselRZ15] 1 3 Selective abort No Ref #GCs Rounds Security Broadcast [MohasselRZ15] 1 3 Selective abort No [PatraR18] >3 Fairness, god Yes [CohenHOR16] Ref #GCs Rounds Security Broadcast [MohasselRZ15] 1 3 Selective abort No [PatraR18] >3 Fairness, god Yes [CohenHOR16] This Paper 4 fairness Ref #GCs Rounds Security Broadcast [MohasselRZ15] 1 3 Selective abort No [PatraR18] >3 Fairness, god Yes [CohenHOR16] This Paper 4 fairness 5 god 3-Party Protocols Ref #GCs Rounds Security Broadcast [IshaiKKP15] 12 2 god No This Paper 4 Ref #GCs Rounds Security Broadcast [IshaiKKP15] 12 2 god No This Paper 4 1 5 Ref #GCs Rounds Security Broadcast [IshaiKKP15] 12 2 god No 4-Party Protocols [MohasselRZ15] Payman Mohassel, Mike Rosulek, and Ye Zhang. Fast and Secure Three-party Computation: The Garbled Circuit Approach. In CCS’15. [PatraR18] Arpita Patra and Divya Ravi. On the Exact Round Complexity of Three Party Computation. In CRYPTO, 2018. [IshaiKKP15] Yuval Ishai, Ranjit Kumaresan, Eyal Kushilevitz, and Anat Paskin-Cherniavsky. Secure computation with minimal interaction, revisited. In CRYPTO, 2015.

3PC with Fairness y = f (x1, x2, x3) is the function to be computed. x2 Garbler 2 P2 x32 r P3 x3 Evaluator x31 P1 Garbler 1 x1 n=3, t=1

3PC with Fairness y = f(x1, x2, x3) is the function to be computed. P2 Use r to generate GC P2 Common Information in GC P3 x3 Verify correctness: By comparing common info in GC sent by both P1 ,P2 Common Information in GC P1 Use r to generate GC x1 , x31

3PC with Fairness Fairness Violation? Solution: y = f (x1, x2, x3) is the function to be computed. x2 P2 Y P3 x3 Evaluate the GC to obtain encoded output Y and decode Y to obtain y. Y P1 Fairness Violation? x1 Solution: Prevent P3 from decoding Y in advance, but commit to decoding info d in advance. Allow P1 , P2 to exchange Y.

Use decoding info d from P1 to compute y. 3PC with Fairness y = f(x1, x2, x3) is the function to be computed. x2 Y valid? P2 Y Yes! d P3 x3 Y Evaluate the EC to obtain only encoded output Y. Use decoding info d from P1 to compute y. Y’ P1 Y’ valid? x1 No! Fairness? How Far? Use Y from P1 to compute y. Almost there!

3PC with Fairness Correctness Violated! y = f(x1, x2, x3) is the function to be computed. x2 P2 P3 x3 Y Correctness Check Failed. Abort! Correctness Violated! P1 Y valid? Yes! Accept x1 Solution: Proof mechanism that Y originated from P3

3PC with Fairness Proof Mechanism y = f(x1, x2, x3) is the function to be computed. Sample s2, compute H(s2) x2 P2 H(s2), s2 H(s1) H(s1) P3 x3 H(s2) H(s1), s1 Verify Correctness H(s2) P1 Sample s1, compute H(s1) Proof Mechanism x1

3PC with Fairness Fairness Guaranteed! y = f(x1, x2, x3) is the function to be computed. x2 Y and proof valid? Yes! P2 Y , s1 Y , s1 Y , s2 P3 x3 On Evaluation Y , s2 P1 Y and proof valid? Yes! x1 Fairness Guaranteed!

3PC with fairness P2 P2 P3 P3 P1 P1 P2 P2 P3 P3 P1 P1 r x3 x1 d d H(s2), s2 GC Info , H(s1) H(s1) P3 r P3 x3 H(s2) Verify checks , H(s2) P1 H(s1), s1 P1 GC Info x1 P2 P2 d Y , s1 P3 Y , s1 P3 Y , s2 d Y , s2 P1 P1

Challenges in Achieving god Conflicting messages sent by parties: How to proceed? Local identification of a corrupt party. Input Consistency Issues for robustness. Three-Party Computation: Use broadcast to raise and resolve conflicts. Identify an honest party as TTP. Commitments ensure input consistency. Four-Party Computation: Use multiple evaluator approach to guarantee at least one honest evaluator. Raise Conflict and identify TTP. Commitments for input consistency.

Efficiency Overhead in Comparison to [MohasselRZ15]: Ref Computation (ms) LAN (ms) WAN (s) Communication (KB) 3PC Fair 0.11 0.42 0.36 8.18 4PC god 1.4 (g) 1.31 (g) 2.0 259.54(g) 3PC god 0.23 2.26 - 0.39 Ref Computation (ms) LAN (ms) WAN (s) Communication (KB) 3PC Fair 0.11 0.42 0.36 8.18 4PC god 1.4 (g) 1.31 (g) 2.0 259.54(g) Ref Computation (ms) LAN (ms) WAN (s) Communication (KB) 3PC Fair 0.11 0.42 0.36 8.18 Table indicates average values taken over #parties and the range is taken over the choice of circuits. (g) – gain per party.

Open Questions Minimizing the number of rounds of interaction while maintaining the similar efficiency as ours in achieving: Fairness and Guaranteed Output Delivery in 3PC. Guaranteed Output Delivery in 4PC.

Efficiency f3PC – 3PC fair, g4PC – 4PC god, g3PC – 3PC god Type of Circuit: 1 – AES 128, 3- MD5 , 5- SHA-256

3PC with Fairness Problems? y=f(x1, x2, x3) is the function to be computed. x2 P2 Y Decoding Info P3 x3 Y Y Y Decoding Info P1 Problems? x1 Solution: Commit on the decoding info and agree on the commitment in advance!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.