Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Slides:



Advertisements
Similar presentations
Perfect Non-interactive Zero-Knowledge for NP
Advertisements

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Secure Evaluation of Multivariate Polynomials
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)
Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
1 Vipul Goyal Microsoft Research India Non-Black-Box Simulation in the Fully Concurrent Setting.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
On the Composition of Public- Coin Zero-Knowledge Protocols Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm (KTH) 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
1/48 Round-Optimal Secure Two-Party Computation Jonathan Katz U. Maryland Rafail Ostrovsky U.C.L.A.
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
1/48 Round-Optimal Secure Two-Party Computation Jonathan Katz U. Maryland Rafail Ostrovsky U.C.L.A.
Survey: Secure Composition of Multiparty Protocols Yehuda Lindell IBM T.J. Watson.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Rafael Pass Cornell University Constant-round Non-malleability From Any One-way Function Joint work with Huijia (Rachel) Lin.
Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
Practical Covert Authentication Stanislaw Jarecki University of California at Irvine Public Key Cryptography 2014.
Information-Theoretic Security and Security under Composition Eyal Kushilevitz (Technion) Yehuda Lindell (Bar-Ilan University) Tal Rabin (IBM T.J. Watson)
Adaptively Secure Broadcast, Revisited
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Insert presenter logo here on slide master. See hidden slide 4 for directions  Session ID: Session Classification: SEUNG GEOL CHOI UNIVERSITY OF MARYLAND.
A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Rate-Limited Secure Function Evaluation 21. Public Key Cryptography, March 1 st, 2013 Özgür.
Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
Secure Computation (Lecture 3 & 4) Arpita Patra. Recap >> Why secure computation? >> What is secure (multi-party) computation (MPC)? >> Secret Sharing.
Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.
Input-Indistinguishable Computation Silvio MicaliMIT Rafael PassCornell Alon RosenHarvard.
New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
Secure Multiparty Computation and its Applications
Universally Composable computation with any number of faults Ran Canetti IBM Research Joint works with Marc Fischlin, Yehuda Lindell, Rafi Ostrovsky, Tal.
Secure Computation Lecture Arpita Patra. Recap > Shamir Secret-sharing > BGW Protocol based on secret-sharing > Offline/Online phase > Creating.
Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang.
6.897: Selected Topics in Cryptography Lectures 11 and 12 Lecturers: Ran Canetti, Ron Rivest Scribes?
Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-106 Efficient Fully-Simulatable Oblivious Transfer.
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.
The Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation
Carmit Hazay (Bar-Ilan University, Israel)
Adaptively Secure Multi-Party Computation from LWE (via Equivocal FHE)
Foundations of Secure Computation
TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.
Committed MPC Multiparty Computation from Homomorphic Commitments
Four-Round Secure Computation without Setup
Unconditional One Time Programs and Beyond
Cryptography for Quantum Computers
Alessandra Scafuro Practical UC security Black-box protocols
Two-Round Adaptively Secure Protocols from Standard Assumptions
Impossibility of SNARGs
Presentation transcript:

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University), and Hoeteck Wee (Queens College, CUNY) Seung Geol Choi Columbia University

2 Outline Motivation Our Work Our Compiler –Comp

3 Outline Motivation Our Work Our Compiler –Comp

Criteria of adversarial corruption in Multi-party Computation (MPC) Semi-honest vs. Malicious –semi-honest: corrupted parties should behave honestly –malicious: they can behave arbitrarily How many parties can be corrupted? –Honest majority vs. honest minority. Static vs. Adaptive –static: adv corrupts parties at the outset –adaptive [CFGN96]: during the protocol adaptively

Adaptively Secure OT - Simulator (s 0, s 1 ) ReceiverSender m1m1 m2m2 m3m3 srsr Output r Corrupt Sender Bad Simulation Pick (s 0, s 1 ), r, rand for S & R randomly and execute the protocol honestly w/ these values. Given the actual input (s 0 ’, s 1 ’), Sim is unable to patch rand for S consistent w/ the transcript & the input No Corruption

MPC (malicious majority) and OT -- Roughly Non-black-box –Basically everything is known: use ZK, e.g., –Static: from semi-honest OT [GMW87] (stand-alone) –Adaptive: from semi-honest OT with F COM [CLOS02] (UC) Black-box –Static: from semi-honest OT [K88,IKLP06,H08] (stand-alone) –Adaptive: from malicious OT [IPS08] (UC) But, malicious OT [B98, CLOS02, KO04] has non-black-box access to the underlying primitive.

Goal Achieve MPC –adaptive, malicious majority –black-box (BB) access to lower primitives Of theoretical interest Arguably more efficient: avoid general NP reductions incurred by ZK proofs. –constant-round

8 Outline Motivation Our Work Our Compiler –Comp

Main Result UC, adaptive semi-honest bit OT UC, adaptive malicious string OT in F COM hybrid Compiler Black-box constant multiplicative blow-up in rounds Improvement over [IKLP06,H08] : UC and adaptive

BB Implications – UC & Adaptive constant-round semi-honest bit OT Trapdoor simulatable cryptosystem DDH RSA Factoring LWE [CDMW09, CLOS02] this work: in F COM hybrid - MPC allowing corruption of any number of parties - constant-round MPC allowing corruption of n-1 parties [IPS08] malicious string OT in F COM hybrid

Our MPC Construction F COM hybrid: Can be combined with existing results under various setup –e.g., [CLOS02, BCNP04, CDPW07, K07]. Usually start by how to UC realize F COM. [CLOS02][IPS08]ours #rounds for n, (n-1) corruptions O(depth) O(1) O(depth) O(1) hybridF COM F OT F COM BB/non-BBnon-BBBB

UC, adaptive in F COM hybrid - MPC allowing corruption of any number of parties - constant-round MPC allowing corruption of n-1 parties stand-alone, adaptive BB Implications - Stand-alone UC, adaptive, constant-round semi-honest bit OT Trapdoor simulatable cryptosystem DDH RSA Factoring LWE [CDMW09, CLOS02] this work: [IPS08] malicious string OT in F COM hybrid [PW09] - constant-round malicious string OT [PW09]

Our Work - Summary Adaptively secure MPC: UC in F COM hybrid / stand-alone - allowing corruption of any number of parties -allowing corruption of n-1 parties in constant-round UC, adaptive semi-honest bit OT UC, adaptive malicious string OT in F COM hybrid Compiler MPC stand-alone, adaptive constant-round malicious string OT String OT

14 Outline Motivation Our Work Our Compiler –Comp

Previous Work: Stand-alone & Static case semi-honest bit OT malicious OT Haitner [H08] defensible bit OT Ishai,Kushilevitz, Lindell, and Petrank [IKLP06] eTDP, homomorphic enc [K88] MPC

Our Compiler - 1 Basically, [H08]+[IKLP06]. Insight –View [H08] + [IKLP06] as GMW Compiler With ZK proof replaced with cut-and-choose technique. –Our presentation doesn’t need the notion of defensible OT.

Our Compiler - 2 Has two modules –Comp: boost receiver-side security (for string) –OT-Reversal [WW06]: reverse the role of sender and receiver (for bit) malicious Apply Comp semi-honestmaliciousApply OT-Reversal malicioussemi-honestApply Comp semi-honest Starting protocol receiver senderOur Compiler defensible [IKLP06] [H08] : Commit input & randomness at the outset semi-honest Parallel executions

18 Outline Motivation Our Work Our Compiler –Comp

I. Run con-tossing in the well using F COM to fix R’s input & rand for Phase II. II. Run 2n executions of ¦ in parallel w/ R using input & rand generated in Phase I. III. R opens commitments in Phase I for n random OT execs. IV. Apply combiner to the rest of n executions. Comp( ¦ ) [H08] [IKLP06] Cut & Choose

UC Security in Comp Straight-line simulation –Extract receiver’s input in a straight-line manner w/ info from Phase I.

Adaptively Secure OT - Simulator (s 0, s 1 ) ReceiverSender m1m1 m2m2 m3m3 srsr Output r Corrupt Sender Upon corruption, Sim has to patch rand for S consistent w/ the transcript & the given input No Corruption

Simulation in Comp – Achieving Adaptive Security 1.Extract R’s input & rand. in Phase I w/ F COM 2.For i-th OT execution ¦ i: Run simulator for ¦ i (SIMi) until the R behaves consistently w/ the commitments. Inconsistent R: “corrupt S” on SIMi (input & rand of S in ¦ i is fixed ). Follow spec. of ¦ w/ this fixed info. 3.Patching the S’s overall rand. If R behaved honestly in some ¦ j, can patch using SIMj : with high probability there is at least one such j. Use adaptive security of ¦: Guaranteed as long as R behaves honestly

Conclusion Adaptively secure MPC: UC in F COM hybrid / stand-alone - allowing corruption of any number of parties -allowing corruption of n-1 parties in constant-round UC, adaptive semi-honest bit OT UC, adaptive malicious string OT in F COM hybrid Compiler MPC stand-alone, adaptive constant-round malicious string OT String OT

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.