On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign.

Slides:

Advertisements

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Advertisements

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Dov Gordon & Jonathan Katz University of Maryland.

Fair Computation with Rational Players Adam Groce and Jonathan Katz University of Maryland.

Efficient Multiparty Protocols via Log-Depth Threshold Formulae Ron Rothblum Weizmann Institute Joint work with Gil Cohen, Ivan Damgard, Yuval Ishai, Jonas.

EXPLICIT NON-MALLEABLE CODES RESISTANT TO PERMUTATIONS Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Short course on quantum computing Andris Ambainis University of Latvia.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

Oblivious Transfer based on the McEliece Assumptions

1 Security analysis of an enhanced authentication key exchange protocol Authors ： H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date ： 2005/5/20.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)

Secure Message Transmission In Asynchronous Directed Networks Kannan Srinathan, Center for Security, Theory and Algorithmic Research, IIIT-Hyderabad. In.

Information-Theoretic Security and Security under Composition Eyal Kushilevitz (Technion) Yehuda Lindell (Bar-Ilan University) Tal Rabin (IBM T.J. Watson)

Adaptively Secure Broadcast, Revisited

Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/09/08 CRYP-202 Legally-Enforceable Fairness in Secure Two-Party Computation.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

Secure Computation of the k’th Ranked Element Gagan Aggarwal Stanford University Joint work with Nina Mishra and Benny Pinkas, HP Labs.

How to Use Bitcoin to Enhance Secure Computation Ranjit Kumaresan (MIT) Based on joint works with Iddo Bentov (Technion), Tal Moran (IDC), Guy Zyskind.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Secure Multi-Party Computation.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.

Secure Computation (Lecture 3 & 4) Arpita Patra. Recap >> Why secure computation? >> What is secure (multi-party) computation (MPC)? >> Secret Sharing.

Device-independent security in quantum key distribution Lluis Masanes ICFO-The Institute of Photonic Sciences arXiv:

1 Privacy Preserving Data Mining Haiqin Yang Extracted from a ppt “Secure Multiparty Computation and Privacy” Added “Privacy Preserving SVM”

Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

Rational Cryptography Some Recent Results Jonathan Katz University of Maryland.

University of Massachusetts Amherst · Department of Computer Science Square Root Law for Communication with Low Probability of Detection on AWGN Channels.

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

Game-based composition for key exchange Cristina Brzuska, Marc Fischlin (University of Darmstadt) Nigel Smart, Bogdan Warinschi, Steve Williams (University.

How to Use Bitcoin to Design Fair Protocols Ranjit Kumaresan (MIT) Joint work with Iddo Bentov (Technion), Tal Moran (IDC Herzliya)

Umans Complexity Theory Lectures Lecture 7b: Randomization in Communication Complexity.

Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang.

NTRU Key Exchange based on a posting of Lars Luthman on the Cryptography mailinglist on 05/17/2014 The search for a Post-Quantum Diffie-Hellman replacement.

Key Management Network Systems Security Mort Anvari.

Quantum Cryptography Antonio Acín

Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.

Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Topic 36: Zero-Knowledge Proofs

The Exact Round Complexity of Secure Computation

Foundations of Secure Computation

The first Few Slides stolen from Boaz Barak

Course Business I am traveling April 25-May 3rd

Diffie-Hellman Secure Key Exchange 1976.

Cryptography for Quantum Computers

Computational Two Party Correlation

Richard Cleve DC 2117 Introduction to Quantum Information Processing CS 667 / PH 767 / CO 681 / AM 871 Lecture 24 (2009) Richard.

Fast Secure Computation for Small Population over the Internet

Example: multi-party coin toss

A Light-weight Oblivious Transfer Protocol Based on Channel Noise

Presentation transcript:

On Fair Exchange, Fair Coins and Fair Sampling Shashank Agrawal, Manoj Prabhakaran University of Illinois at Urbana-Champaign

Fairness A secure multi-party protocol has properties like correctness, privacy of inputs. Fairness: An intuitive property desirable of secure protocols. Adversary cannot prevent honest parties from obtaining the output of computation, if he also obtains it. Ideal world: Functionality gives output to all the parties (or none of them). Finite two party functionalities. Input, output size does not depend on the security parameter.

Motivation Wide interest in the problem of fairness. Understanding of fundamental primitives lacking. In this work, we study the relationship between Fair Exchange, Fair Coin-flipping, Fair Random-OT. Given access to a fair primitive, can we realize another fair primitive.

AB EXCH xy yx With input Functionalities

Sampling functionalities A B COIN b b AB R-OT Input-less AB

Functionalities with Fair protocols COIN EXCH R-OT Any non-trivial joint distribution Cleve 1986 Zero common information X X X Our Results

Related Work Cleve 1986: No efficient protocol for fair coin- flipping. A simple fail-stop attack. Even under computational assumptions. Any functionality of interest likely not realizable. Gordon et al. showed AND, OR, Yao’s millionaire problem have fair protocol [GHKL08] Led to a flurry of results [MNS09, BOO10, GIMOS10, GK10, BLOO11, ALR13] Landscape more complicated than unfair computation E.g. no finite complete function [GIMOS10]

Functionalities with Fair protocols COIN EXCH R-OT X X X XOR Cleve 1986 Our Results

COIN functionality AB COIN b b Agreement: Alice and Bob output the same bit (if nobody corrupt). Entropy: Honest party outputs a random bit.

Alice Bob

XOR from COIN Assume: Alice and Bob choose inputs randomly Invalid input is substituted by a default one. Agreement: Alice and Bob output the same bit. Entropy: Honest party outputs a random bit. AB XOR Theorem: Even with access to COIN, XOR can’t be realized.

Alice Bob COIN bb

Functionalities with Fair protocols COIN EXCH R-OT X X X Zero common information Our Results

Common Information AB XY Q Q

Characteristic bipartite graph COIN R-OT Zero CI1-bit CI

COIN from R-OT

Graph Products R-OT 1- sample 0…0 R-OT n-samples 0… …

COIN from R-OT Lower-bounding the second eigenvalue of the Laplacian associated with the graph product. No matter how many samples from R-OT, the weight on edges going across is a constant.

Functionalities with Fair protocols COIN EXCH R-OT X X X Conclusion

Thank you. Questions?