Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter.

Slides:

Advertisements

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Advertisements

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Functional Encryption & Property Preserving Encryption

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

The user accountability/traitor tracing in attribute based encryption

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Yan Huang, David Evans, Jonathan Katz

Secure Evaluation of Multivariate Polynomials

Secure Multiparty Computations on Bitcoin

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Oblivious Transfer based on the McEliece Assumptions

Privacy-Preserving Cross-Domain Network Reachability Quantification

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)

Adaptively Secure Broadcast, Revisited

How to play ANY mental game

Public-Key Encryption with Lazy Parties Kenji Yasunaga Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Japan Presented at SCN.

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

Technology Panel What technical tools are in our disposal for achieving privacy Privacy: Technology + Policy –Technology can Implement Policy –Without.

Technology Panel What technical tools are in our disposal for achieving privacy and security Privacy: Technology + Policy –Without Policy, technology will.

Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.

Secure Incremental Maintenance of Distributed Association Rules.

13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Rate-Limited Secure Function Evaluation 21. Public Key Cryptography, March 1 st, 2013 Özgür.

GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University.

Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.

Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.

Succinct Functional Encryption: d Reusable Garbled Circuits and Beyond

Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.

Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.

Efficient Private Matching and Set Intersection Mike Freedman, NYU Kobbi Nissim, MSR Benny Pinkas, HP Labs EUROCRYPT 2004.

Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.

Privacy Preserving Outlier Detection using Locality Sensitive Hashing

Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.

Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

1 Secret Handshakes or Privacy-Preserving Interactive Authentication Gene Tsudik University of California, Irvine joint work with: Claude Castelluccia,

LCA1 Erman Ayday, Jean Louis Raisaro and Jean-Pierre Hubaux Privacy-Enhancing Technologies for Medical Tests and Personalized Medicine Laboratory for Computer.

Topic 36: Zero-Knowledge Proofs

Privacy Preserving Similarity Evaluation of Time Series Data

The first Few Slides stolen from Boaz Barak

Course Business I am traveling April 25-May 3rd

Verifiable Oblivious Storage

MPC Scenario 1. “Privacy-protected contingency tables”

Oblivious Transfer.

Presentation transcript:

Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter

Overview  Describe the problem we want to solve.  Why existing tools like SMPC and FE are not quite right.  Define Controlled Functional Encryption (CFE).  Discuss applications and constructions.

Goal To come up with a new model of Functional Encryption which is simple, realistic, and allows the design of very efficient protocols.

Motivation Havasupai tribe and the lawsuit settlement aftermath In 1989, researchers from ASU partnered with the Havasupai Tribe, a community with high rates of Type II Diabetes, to study links between genes and diabetes risk. When the researchers were not successful in finding a genetic link, they used the DNA from blood samples for other unrelated studies such as schizophrenia, migration, and inbreeding, all of which are taboo topics for the Havasupai. Source:

Volunteer  Contribute to scientific research by providing my genomic data.  Doesn’t trust anyone with my entire data.  Enforce policies like:  Only certain kinds of experiments can be run.  My data should be available only for an year.  Any researcher is allowed to run only 5 experiments.

Scientist  I would like to conduct experiments, but with appropriate consent.  I do not want to reveal the design of my experiments.  Could be malicious!

Two-party Computation  When a scientist wants to conduct an experiment, he contacts the volunteer, and they engage in 2-party secure computation.  Good  Does handle privacy concerns of both volunteers and scientists.  Efficient methods now known (using Garbled circuits, for e.g.)  Bad  Many scientists in the world, conduct experiments at different times.  Inconvenient for scientists if a small time-frame is provided.

Functional Encryption MSK, MPK Alice MPK ENC (m) Bob Trusted Authority

Functional Encryption  How it would work?  Authority generates (MPK, MSK).  Volunteer encrypts her data under MPK, provides it to a scientist.  Authority issues keys corresponding to the function scientist would like to evaluate.  Good  Scientists can only evaluate the function for which a key is given.  Volunteer’s burden reduced substantially.  Bad  No efficient schemes for computing functions of interest (e.g. actual value of inner product).  Enforcing policies like bounded usage.

Controlled Functional Encryption

Controlled Functional Encryption

Security  Malicious scientist, semi-honest central authority.  Assumption: Scientists and authority don’t collude.  Ideal-real world simulation based security definition.  Function hiding and function revealing.

Applications

Actual value of Inner-product  Think of a genome as a huge vector of small numbers X.  Let V be another vector of the same length.  Computing allows us to check for disease susceptibility, patient similarity, etc.

Protocol MPK, MSK X+R, Enc (R, Pol, MPK) V, Enc (R, Pol, MPK) - X V

General Construction  Input of scientist: f – any function  Input of volunteer: x  Output: F (f, x) = f (x)  Two party computation using Garbled circuits:  Authority has input MSK  Client has input f, y = Enc(x)  Compute F ( f, Dec (y) ) – circuit becomes big  A new method that avoids decryption.  Authority and client together compute F ( f, x ) only

Thank you.