GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University.

Slides:

Advertisements

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Advertisements

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Secure Linear Algebra against Covert or Unbounded Adversaries Payman Mohassel and Enav Weinreb UC Davis CWI.

Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter.

Secure Computation of Linear Algebraic Functions

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Secure Evaluation of Multivariate Polynomials

Oblivious Branching Program Evaluation

Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Vladimir Kolesnikov (Bell Labs) Tal Malkin (Columbia U), Payman Mohassel (U Calgary), Mike Rosulek (Oregon State), Yehuda Lindell (Bar-Ilan U) Kedar Namjoshi,

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Oblivious Transfer based on the McEliece Assumptions

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

SPAR-MPC Day 2 Breakout Sessions Mayank Varia 29 May 2014.

Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.

How to play ANY mental game

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

How to Use Bitcoin to Enhance Secure Computation Ranjit Kumaresan (MIT) Based on joint works with Iddo Bentov (Technion), Tal Moran (IDC), Guy Zyskind.

Insert presenter logo here on slide master. See hidden slide 4 for directions  Session ID: Session Classification: SEUNG GEOL CHOI UNIVERSITY OF MARYLAND.

Scaling Secure Computation Using the Cloud

13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Rate-Limited Secure Function Evaluation 21. Public Key Cryptography, March 1 st, 2013 Özgür.

Overview of Workshop Goals and RFI Responses Emily Shen SPAR-MPC Workshop 28 May 2014.

Page 1 Efficient Two-Party Secure Computation on Committed Inputs Stanislaw Jarecki, UC Irvine Vitaly Shmatikov, UT Austin.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

TOWARDS PRACTICAL (GENERIC) ZERO-KNOWLEDGE Claudio Orlandi – Aarhus University.

Secure Computation (Lecture 3 & 4) Arpita Patra. Recap >> Why secure computation? >> What is secure (multi-party) computation (MPC)? >> Secret Sharing.

Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.

Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.

Secure Computation Lecture Arpita Patra. Recap > Shamir Secret-sharing > BGW Protocol based on secret-sharing > Offline/Online phase > Creating.

Vladimir Kolesnikov (Bell Labs) Steven M. Bellovin, Seung Geol Choi, Ben Fisch, Wesley George, Angelos Keromytis, Fernando Krell, Abishek Kumarasubramanian,

Efficient Private Matching and Set Intersection Mike Freedman, NYU Kobbi Nissim, MSR Benny Pinkas, HP Labs EUROCRYPT 2004.

Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.

Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.

Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.

Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University.

Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Topic 36: Zero-Knowledge Proofs

The Exact Round Complexity of Secure Computation

Foundations of Secure Computation

MPC and Verifiable Computation on Committed Data

Foundations of Secure Computation

Committed MPC Multiparty Computation from Homomorphic Commitments

Laconic Oblivious Transfer and its Applications

The first Few Slides stolen from Boaz Barak

Course Business I am traveling April 25-May 3rd

Gate Evaluation Secret Sharing and Secure Two-Party Computation

Verifiable Oblivious Storage

Maliciously Secure Two-Party Computation

Secure Multiparty RAM Computation in Constant Rounds

مفاهیم بهره وري.

Multi-Party Computation: Second year

Malicious-Secure Private Set Intersection via Dual Execution

MPC Scenario 1. “Privacy-protected contingency tables”

Fast Secure Computation for Small Population over the Internet

Two-Round Adaptively Secure Protocols from Standard Assumptions

CRYP-F02 Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection Peter Scholl (University of Bristol) Michele Orrù (ENS Paris)

Presentation transcript:

GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University

Secure Two-Party Computation Privacy: Only learn the output Correctness: Learn the intended function

Contributions 2PC with low overhead Input–consistency check Two-output functions New Definition Strengthen covert adversaries Better efficiency/security trade-off for practice Protocols meeting the definition

Garbled Circuit seed Eval() 4

Useful Properties 5

Malicious 2PC Cut-and-Choose Open Evaluate Majority Are all inputs the same? Is the output correct? Question

1) Is the output correct? Open Evaluate Majority Send GOs as proof

2) Is the output correct? Open Evaluate Majority Use same output labels in all circuits

3) Is the output correct? Open Evaluate Majority

Extensions

Covert 2PC What about cost/pay for honest party? Question cost/pay for malicious party

All-or-Nothing Security

A Stronger Definition Increase the pay-off (of learning correct output) Orthogonal to MPC Reduce the cost of being cheated on! By strengthening the security definition

CovIDA Security

Dual-Ex 2PC Yes/no o Correctness prob. = 1-neg(k) o Leakage prob. = 1 o Bad circuit o Different inputs

Dual-Ex + Covert 2PC Yes/no o Correctness prob. = 1-neg(k) o Leakage prob. = 1 o Bad circuit o Different inputs

Dual-Ex + Covert 2PC

Are inputs the Same? Malicious 2PC Use same OT for x Linear in s symmetric-key Ops for input-consistency (using OT extension)

QUESTIONS?