Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Slides:

Advertisements

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Advertisements

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Public Key Cryptosystem

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Yan Huang, David Evans, Jonathan Katz

Secure Multiparty Computations on Bitcoin

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign.

Digital Signatures and Hash Functions. Digital Signatures.

Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Oblivious Transfer based on the McEliece Assumptions

How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Tutorial on Secure Multi-Party Computation

Privacy Preserving Data Mining Yehuda Lindell & Benny Pinkas.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Privacy Preserving Learning of Decision Trees Benny Pinkas HP Labs Joint work with Yehuda Lindell (done while at the Weizmann Institute)

Introduction to Public Key Cryptography

Adaptively Secure Broadcast, Revisited

How to play ANY mental game

CS573 Data Privacy and Security

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

Secure Computation of the k’th Ranked Element Gagan Aggarwal Stanford University Joint work with Nina Mishra and Benny Pinkas, HP Labs.

Public-Key Cryptography CS110 Fall Conventional Encryption.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Secure Multi-Party Computation.

Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.

Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.

Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.

Cryptography In the Bounded Quantum-Storage Model Christian Schaffner, BRICS University of Århus, Denmark ECRYPT Autumn School, Bertinoro Wednesday, October.

Cryptography In the Bounded Quantum-Storage Model Christian Schaffner, BRICS University of Århus, Denmark 9 th workshop on QIP 2006, Paris Tuesday, January.

Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Introduction to Quantum Key Distribution

CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.

Rational Cryptography Some Recent Results Jonathan Katz University of Maryland.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.

On the Cryptographic Complexity of the Worst Functions Amos Beimel (BGU) Yuval Ishai (Technion) Ranjit Kumaresan (Technion) Eyal Kushilevitz (Technion)

Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.

Slide 1 Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. Introduction to Secure Multi-Party Computation.

Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.

Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-106 Efficient Fully-Simulatable Oblivious Transfer.

A Game-Theoretic Perspective on Oblivious Transfer Kenji Yasunaga (ISIT) Joint work with Haruna Higo, Akihiro Yamada, Keisuke Tanaka (Tokyo Inst. of Tech.)

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.

Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

The first Few Slides stolen from Boaz Barak

Course Business I am traveling April 25-May 3rd

Cryptography CS 555 Lecture 22

Gate Evaluation Secret Sharing and Secure Two-Party Computation

Malicious-Secure Private Set Intersection via Dual Execution

A Light-weight Oblivious Transfer Protocol Based on Channel Noise

Presentation transcript:

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN

What we learnt One cannot use Game Theory as a tool! It is not easy to assign utilities to players and have an interpretation for these utilities.

Outline What is oblivious transfer? A 1 out of 2 oblivious transfer protocol Applications and motivation Define rational oblivious transfer using ideal world/real world paradigm Bayesian Game for efficient 1 out of 2 Oblivious Transfer

Oblivious transfer Private database (m 0, m 1 … m n-1 ) Organization Info related to wearable computing Sell this information to a third party Indices σ 1 … σ k (m σ1,…,m σk )

Oblivious transfer (x 0, x 1 )σ = 0 or 1 xσxσ Bob does not know σ Alice does not know x 1-σ Protocol π

Fully honest sender/receiver Bob receives σ, sends x σ and then forgets σ Bob sends all its messages to Alice and Alice just picks the value she wants

A 1 out of 2 Oblivious transfer protocol m 0, m 1 dN, e σ r 0, r 1 k v = (r σ + k e ) mod N v k 0 = (v – r 0 ) d mod N k 1 = (v – r 1 ) d mod N m' 0 = m 0 + k 0 m' 1 = m 1 + k 1 m' 0 m' 1 m σ = m' σ - k Input messages RSA key pair Choice bit σ, random k Random strings Sender (Bob) Receiver (Alice) Involves exponentiations!

History of oblivious transfer How to exchange secrets – Rabin [81] A randomized protocol for signing contracts – Even et. al. [85] Simulatable Adaptive Oblivious Transfer – Camenisch et. al. [08] Efficient Fully-Simulatable Oblivious Transfer – Lindell et. al. [08]

Generalizations 1 out of n OT: The sender can have n messages instead of 2 messages (Brassard et. al. [87]) k out of n OT: The receiver can select k out of n messages (Ishai et. al. [03])

Applications in secure computation What is Secure Computation? A set of parties with private inputs wish to compute some joint function of their inputs. Parties wish to preserve some security properties. e.g., privacy and correctness. Yao’s Garbled circuit - Yao [86] Receiver uses 1 out of 2 OT to obliviously obtain keys corresponding to his inputs GMW protocol – Goldreich et.al. [87] To evaluate AND gate outputs (intermediate outputs of circuits)

Rational cryptography Cryptographic definitions allowed arbitrary deviations for adversaries Rational Cryptography considers incentives while defining adversaries’ actions The protocols under this model tend to be more efficient Helps to circumvent some lower bounds (Rational Fairness - Groce et. al.)

Bayesian games Information about characteristics of the other players is incomplete Players cannot compute their own payoffs and play based on “belief” about other players G = i ϵ N > N: set of players T i : type of the player i A i : available actions for player i u i : payoff function of player i (depends on A i and T i ) p i : view of the distribution over types of the other players Each player plays action A i conditioned on his belief about the type of other players

Thank You!