ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

Slides:



Advertisements
Similar presentations
Secure Multiparty Computations on Bitcoin
Advertisements

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Oblivious Branching Program Evaluation
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.
Digital Signatures and Hash Functions. Digital Signatures.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Short course on quantum computing Andris Ambainis University of Latvia.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Oblivious Transfer based on the McEliece Assumptions
Privacy Preserving K-means Clustering on Vertically Partitioned Data Presented by: Jaideep Vaidya Joint work: Prof. Chris Clifton.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Authentication System
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
CS573 Data Privacy and Security
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Chapter 4: Intermediate Protocols
Secure Cloud Database using Multiparty Computation.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Lecture 11: Strong Passwords
Public-Key Cryptography CS110 Fall Conventional Encryption.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Tools for Privacy Preserving Distributed Data Mining
Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Background on security
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Network Security – Special Topic on Skype Security.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 15: From Here to Oblivion.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Cryptography CS 555 Lecture 22
A model for data revelation
Interactive Proofs and Secure Multi-Party Computation
ITIS 6200/8200 Chap 5 Dr. Weichao Wang.
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Presentation transcript:

ITIS 6200/8200

2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do our best to reduce the amount of information about x or y that is disclosed

3 Secure multiparty computation – An example, calculate the average salary of multiple users Alice sends E_ B (Salary_ A + random) Bob decrypts the value, adds his salary, sends to C: E_ C (Salary_ A + random + Salary_ B ) C and D do the same, until the value returns to Alice Alice removes the random value and calculates the average salary

4 Problems of the salary calculation protocol – If two malicious nodes can sandwich a good node, they can figure out his salary – A malicious node can lie about his salary but figure out the real average value – Alice knows the result before others and she can lie. (we cannot ask everybody to reveal keys since the secret will be disclosed) – Example of privacy preservation in database queries

5 A more complicated example of secure multiparty computation – Yao’s millionaire problem – Two parties want to determine whose number is larger, but they do not want to share the numbers – Protocol details – Can be used on: on-line auction

6 A more complicated example of secure multiparty computation – Yao’s millionaire problem – Can Bob cheat? Bob does not know which random number is real x – Can Alice cheat? Alice does not know the private key. – Alice knows the results before Bob – Nothing prevent them from sending the fake numbers, but the results will be meaningless. (You will not send meaningless number in the auction since you will lose the auction or pay the money that you do not want to pay)

7 Interest matching and other SMC problems – Both sides have some “not-so-common” interests but none want to disclose. – Hashing the interest multiple times and create a yahoo address, leave the way to contact – Other problems: Database query and data mining, Geometric computation, statistical analysis

8 A more complicated example: – Alice has a vector (x1, x2, ---, xn), Bob has a vector (y1, y2, - --, yn), Alice wants to know XY = x1*y1 + x2*y xn * yn. Bob wants to help Alice as long as he does not disclose his vector. Alice too. – A simple solution using oblivious transfer Alice generates (t-1) fake vectors, she sends X and the fake ones to Bob. Bob calculates the dot product of every vector with Y Alice and Bob use Oblivious Transfer to send the result back to Alice. Bob does not know which value Alice picks.

9 The problem of the simple protocol – Bob has a 1/t chance to guess the vector of Alice – Bob need to be careful about the fake vectors – In real life, it could be very difficult to find t-1 fake vectors that look meaningful and are not too similar to X. – We need a better protocol.

10 A better protocol to calculate dot product of vectors – Details – The vectors that are similar to z1 to zm will be easier to find – Now Bob has a chance of 1/ t^m to guess the vector X

11 A even better protocol to calculate dot product of vectors – We know that there exist algorithms satisfy E(x) * E(y) = E(x+y) – If P represents a permutation function, X Y = P(X) P(Y), where X and Y are two vectors. – A m-round protocol – Alice’s vector is protected by the encryption – Can Alice figure out Bob’s vector? She knows the sum of all elements, but that is it.

12 Dining cryptographers and anonymous message broadcast – Dining cryptographer problem: Flip a coin between every two neighboring parties, every one states whether the two coins that he can see is the same or not If a party pays the bill, he lie about the result. If nobody pays the bill, we have even number of “different”, otherwise, we have odd.

13 Application of dining cryptographer problem: anonymous message broadcasting – All entities forms a circle and flip coins at constant interval – If an entity wants to send out “0”, it states the truth, otherwise, it lies. – The “0”s and “1”s will form the message. – If the message is encrypted by one node’s public key, then both the sender and the receiver will be anonymous – During conflict, the nodes will back off. – Problem: a malicious node will always saying something to disturb the channel.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.