Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Slides:



Advertisements
Similar presentations
Polylogarithmic Private Approximations and Efficient Matching
Advertisements

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.
Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Secure Computation of Linear Algebraic Functions
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Yan Huang, David Evans, Jonathan Katz
Secure Evaluation of Multivariate Polynomials
Oblivious Branching Program Evaluation
Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner WEIZMANN INSTITUTE.
Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Completeness in Two-Party Secure Computation – A Computational View
Oblivious Transfer based on the McEliece Assumptions
Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
Exponential Functions Intro. to Logarithms Properties.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Privacy Preserving Learning of Decision Trees Benny Pinkas HP Labs Joint work with Yehuda Lindell (done while at the Weizmann Institute)
Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties.
How to play ANY mental game
Secure Computation of the k’th Ranked Element Gagan Aggarwal Stanford University Joint work with Nina Mishra and Benny Pinkas, HP Labs.
A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.
GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University.
Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.
Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
On the Cryptographic Complexity of the Worst Functions Amos Beimel (BGU) Yuval Ishai (Technion) Ranjit Kumaresan (Technion) Eyal Kushilevitz (Technion)
Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto.
LIMITATIONS OF ALGORITHM POWER
Efficient Private Matching and Set Intersection Mike Freedman, NYU Kobbi Nissim, MSR Benny Pinkas, HP Labs EUROCRYPT 2004.
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.
Improved OT Extension for Transferring Short Secrets Vladimir Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion)
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
1© Nokia 2016 Overlaying Circuit Clauses for Secure Computation Sean Kennedy Vladimir Kolesnikov Gordon Wilfong Bell Labs.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.
Garbling Techniques David Evans
Laconic Oblivious Transfer and its Applications
Oblivious Transfer and GMW MPC
The first Few Slides stolen from Boaz Barak
Course Business I am traveling April 25-May 3rd
Cryptography CS 555 Lecture 22
Gate Evaluation Secret Sharing and Secure Two-Party Computation
Maliciously Secure Two-Party Computation
Multi-Party Computation: Second year
Cryptography CS 555 Digital Signatures Continued
Malicious-Secure Private Set Intersection via Dual Execution
Secret Sharing: Linear vs. Nonlinear Schemes (A Survey)
Fast Secure Computation for Small Population over the Internet
Two-Round Adaptively Secure Protocols from Standard Assumptions
Cryptography Lecture 8 Arpita Patra © Arpita Patra.
Presentation transcript:

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Input: x 2 D 1 Input: y 2 D 2 Secure Function Evaluation f: D 1 £ D 2  D 3 f(x,y) f(x,y) One-Round … ?

SFE Models Semi-honest  Both players follow the protocol  Observe communication, try to learn additional info Malicious  Players can freely cheat  Solutions can be obtained by “compilation” of a semi- honest protocol

Approaches to SFE SFE for specific functions  Greater Than, Auctions, Voting SFE for arbitrary functions  Functions given as a circuit, branching program, etc. This work: SFE of any boolean formula

Input: b Input: secrets s 0, s 1 Learn: Learn: nothing Oblivious Transfer (OT) sbsb

Reduction of SFE to OT OT is a fundamental primitive  Rabin ’81, Kilian ‘88 Unconditional reductions are possible OT is implementable under a variety of computational and physical assumptions

Previous Work Yao’s Garbled circuit Sander, Young and Yung ’99 Kilian ’88 + Cleve ’90 (also CFIK ’03)  Based on Permutation Branching Programs Ishai and Kushilevitz ’00, ’02  Based on Branching Programs

Secure Gate Evaluation x 2 {0,1}y 2 {0,1} G(x,y)? G:{0,1} 2  {0,1} s 0 ’,s 0 ’’  G(0,0) s 0 ’,s 1 ’’  G(0,1) s 1 ’,s 0 ’’  G(1,0) s 1 ’,s 1 ’’  G(1,1) s y ’’ OT (x, (s 0 ’,s 1 ’)) G(x,y) s x ’,s y ’’ ?

Composition x 2 {0,1}y 2 {0,1} …… … s 0 3,s 0 4  s’ G 1 (0,0) s 00 s 0 3,s 1 4  s’ G 1 (0,1) s 01 s 1 3,s 0 4  s’ G 1 (1,0) s 10 s 1 3,s 1 4  s’ G 1 (1,1) s 11 Gate Evaluation Secret Sharing (GESS ) s 00 s 01 s 10 s 11 I

GESS for Gates with Binary Inputs s 00 s 01 s 10 s 11 R0R0 R1R1 R 0 © s 00 R 0 © s 01 R 1 © s 10 R 1 © s 11 Wire 1Wire 2Output wire b b 2 R {0,1} :b:b Permute if b=1 Reconstruction: (c r, r 0 r 1 )  r © r c For OR and AND gates either left or right columns of wire 2 are equal! Exponential growth with depth  0 1

GESS for AND/OR gates Key: view secrets as being equal, except for one column of blocks. share column-wise.  2 R ( {1..n+1}  {1..n+1})   1)  2)  3)  4) n blocks of size k example: n = 3 Shares have the same block equality properties

GESS Performance Given a boolean formula F  Cost ¼  d i 2 ( d i – depth of leaf i)  F is balanced  quazilinear in |F|  Rebalance F to log depth (Bonet-Buss, Spira) Previous best  exponential in depth directly for circuits  quadratic in |F| via Branching Programs

GESS Performance Cost of SFE of boolean NC 1 circuit of depth d  This workO(2 d d 2 )  Previous best  (2 d 2 d 1/2 ) (Kilian-Cleve, Cramer-Fehr-Ishai-Kushilevitz ‘03)

Other results Lower Bounds New Efficient Protocol for GT Generalization of Yao’s Garbled Circuit

Lower Bounds S 00 S 01 S 10 S 11 Wire 1Wire 2Output wire 0 1 A0A0 A1A1 B0B0 B1B1 When secrets are independent H(A i ) + H(B j ) ¸ 3 H(S)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.