Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.

Slides:

Advertisements

Similar presentations

Secret Sharing Protocols [Sha79,Bla79]

Advertisements

Secure Computation Slides stolen from Joe Kilian & Vitali Shmatikov Boaz Barak.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Secure Evaluation of Multivariate Polynomials

Secure Multiparty Computations on Bitcoin

Cryptography for Unconditionally Secure Message Transmission in Networks Kaoru Kurosawa.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Achieving Byzantine Agreement and Broadcast against Rational Adversaries Adam Groce Aishwarya Thiruvengadam Ateeq Sharfuddin CMSC 858F: Algorithmic Game.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

Mehrdad Nojoumian David R. Cheriton School of Computer Science University of Waterloo, Canada CrySP Lab Supervisor: Professor Douglas R. Stinson PhD Thesis.

Short course on quantum computing Andris Ambainis University of Latvia.

Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

Randomized Algorithms for Reliable Broadcast (IBM T.J. Watson) Vinod Vaikuntanathan Michael Ben-OrShafi GoldwasserElan Pavlov.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

1 Fault-Tolerant Consensus. 2 Failures in Distributed Systems Link failure: A link fails and remains inactive; the network may get partitioned Crash:

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.

DANSS Colloquium By Prof. Danny Dolev Presented by Rica Gonen

K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)

Information-Theoretic Security and Security under Composition Eyal Kushilevitz (Technion) Yehuda Lindell (Bar-Ilan University) Tal Rabin (IBM T.J. Watson)

Adaptively Secure Broadcast, Revisited

How to play ANY mental game

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

Distributed Consensus Reaching agreement is a fundamental problem in distributed computing. Some examples are Leader election / Mutual Exclusion Commit.

Collusion-Free Multiparty Computation in the Mediated Model

Secure Multi-Party Quantum Computation Michael Ben-Or QCrypt 2013 Tutorial M. Ben-Or, C. Crépeau, D. Gottesman, A.Hassidim, A. Smith, arxiv.org/abs/

Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN

Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.

Secure Computation (Lecture 3 & 4) Arpita Patra. Recap >> Why secure computation? >> What is secure (multi-party) computation (MPC)? >> Secret Sharing.

Welcome to to Autumn School! Some practical issues.

Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.

On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase Ronald Cramer, Ivan Damgard, Serge Fehr.

Rational Cryptography Some Recent Results Jonathan Katz University of Maryland.

How to Use Bitcoin to Design Fair Protocols Ranjit Kumaresan (MIT) Joint work with Iddo Bentov (Technion), Tal Moran (IDC Herzliya)

Authenticated Key Exchange I. Definitions I. MAP I. matching conversations II. oracles II. (I)KA II. AKEP2 III. AKEP2 Security I. Session Keys II. Perfect.

10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.

Lecture 14 Multi-party Computation Protocols Stefan Dziembowski MIM UW ver 1.0.

Secure Computation Lecture Arpita Patra. Recap > Shamir Secret-sharing > BGW Protocol based on secret-sharing > Offline/Online phase > Creating.

Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang.

PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.

Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.

Secure Computation Lecture Arpita Patra. Recap >Three orthogonal problems- (n,t)-sharing, reconstruction, multiplication protocol > Verifiable Secret.

Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.

1 AGREEMENT PROTOCOLS. 2 Introduction Processes/Sites in distributed systems often compete as well as cooperate to achieve a common goal. Mutual Trust/agreement.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.

Topic 36: Zero-Knowledge Proofs

Advanced Protocols.

Secret Sharing (or, more accurately, “Secret Splitting”)

The Round Complexity of Verifiable Secret Sharing

Course Business I am traveling April 25-May 3rd

Cryptography CS 555 Lecture 22

On the Power of Hybrid Networks in Multi-Party Computation

Expected Constant-Round Protocols for Broadcast

Round-Optimal and Efficient Verifiable Secret Sharing

Cryptology Design Fundamentals

Cryptographic Protocols Secret Sharing, Threshold Security

Homework #3 Consider a verifyable secret sharing scheme (VSS) based on Shamir's polynomial secret sharing as follows. A dealer has a secret S, a public.

Presentation transcript:

Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas

Secure Multi-party Computations (MPC) The problem: There is given a set of parties (players, computers, authorites...) who want to do a joint computation but may not trust eachother!!! Example (The millionair ‘s problem): There are 2 millionairs who want to find out how is richer (without of course revealing eachother the exact ammount of money they own).

Secure Multi-party Computations (MPC) Obvious solution: Existence of a fully Trusted Party(TP) All players send their values to the TP The TP does the computation and sends each player what he is supposed to know Goal of MPC Simulate the TP (when such dosn‘t exist) via a protocol among the parties. 1

Secure Multi-party Computations (MPC) 1

Special case of MPC: Secure function evaluation(SFE): n players want to compute a function of their inputs whithout giving them away (actualy the function can output n values of which only the i-th should be known to the i-th player). e.g. a.e-voting (f=sum of votes) b.f:N n ! N n where p n learns only f n (x 1, ,x n )

Secure Multi-party Computations (MPC)

Difficulty??? Dishonest players (adversary)!!! Adversary types: 1.Pasive: All the corrupted players follow the protocol but the aversary can see averything they see. 2.Fail: The corrupted player might stop sending messages at some point of the execution. 3.Active: (Most general) The adversary can see what the corrupted players see, and he can force them to misbehave arbitrarily.

Secure Multi-party Computations (MPC)

Categories (according to the communication channels and the resources of the adversary) 1.Secure Channels Model: The parties communicate via secure authenticated channels Perfect (information-theoretic) security. Unconditional security (small error-probability) 1.Cryptographic model

Secure Multi-party Computations (MPC)

Not good when p 1 is corrupted

Secure Multi-party Computations (MPC)

Broadcast (definition): input: x 1, outputs: y 1, ,y n 1.(consistency): All honest players have the same output y. sender is honest all the honest players 2.(validity): If the sender is honest then all the honest players output x 1. 3.(termination): Every player ends with an output.

Secure Multi-party Computations (MPC) Consensus (Agreement) (definition): input: x 1, ,x n, outputs: y 1, ,y n 1.(consistency): All honest players have the same output y. all honest players have input x all the honest players 2.(validity): If the all honest players have input x then all the honest players output y=x. 3.(termination): Every player ends with an output.

Secure Multi-party Computations (MPC)

Secret sharing (thresshold case): Player p wants to share a secret s to players p 1, , p n in a way that the shares of any t players (put alltogether) give no information about s, the shares of t+1 players uniquely define s

Secure Multi-party Computations (MPC) Shamir ‘s secret sharing: Vector (a 1, ,a n ) is publicly known. Sharing phase: p chooses a random polynomial q( ¢ ) of degree t where the constant term is s (i.e. q(0)=s). p sends q(a i ) to player p i. Reconstruction phase: In order for p i to learn the secret s all player send him their shares and he applies Lagrange’s interpolation:

Secure Multi-party Computations (MPC)

MPC (secure channels - passive case) INVARIANT: The inputs and the results of the computations remain shared to the players throughout the protocol. 1. Inputs Sharing: Every player p i shares his input (Shamir’s SS Scheme) using a random polynomial q i ( ¢ ). 2. Computation: i.Addition: Can be done without interaction locally. ii.Multiplication: (BOARD) 3. Reconstruction (towards p j ) All players send their shares of the output to p j and he does the reconstruction

Secure Multi-party Computations (MPC) When active adversaries are considered SS is not enough (why?) we need Verifiable SS!!! Difference: The dealer is committed to the value he shares (therefore verifiable) All players are committed to the values they ‘ve recieved

Secure Multi-party Computations (MPC) Mixed (Active+Passive+Fail) Model: There is an MPC protocol for any spacification iff 3t a +2t p +t f <n

Secure Multi-party Computations (MPC) General Adversaries: Adversary structure Z={(A i,P i,F i )} A i ={set of players that can be actively corrupted by adversary Z i } P i, F i similar defined Z is a monotone set Z can be characterized by the class of maximal sets (Base of Z ( )). We will consider on Active + Passive corruption for the general adversaries

Secure Multi-party Computations (MPC)

Results for General Adversaries: (secure channels model) MPC (Perfect security)Q (3,2) MPC (Unconditional security) BC is given Q (2,2) MPC (Unconditional security) Q (2,2) Æ Q (3,0)