1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.

Slides:



Advertisements
Similar presentations
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Advertisements

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Secure Computation of Linear Algebraic Functions
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Secure Evaluation of Multivariate Polynomials
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Improved Efficiency for Private Stable Matching Matthew Franklin, Mark Gondree, and Payman Mohassel University of California, Davis 02/07/07 - Session.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)
New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Tree Homomorphic Encryption with Scalable Decryption Moti Yung Columbia University Joint work with Aggelos Kiayias University of Connecticut.
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee.
Simons Institute, Cryptography Boot Camp
Blind Vision Shai Avidan, Moshe Butman Yuval Schwartz.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.
Public-Key Encryption with Lazy Parties Kenji Yasunaga Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Japan Presented at SCN.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
Insert presenter logo here on slide master. See hidden slide 4 for directions  Session ID: Session Classification: SEUNG GEOL CHOI UNIVERSITY OF MARYLAND.
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
Click to edit Master title style Framework for Realizing Efficient Secure Computations An introduction to FRESCO Janus Dam Nielsen, ph.d Research and Innovation.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits (cont.), fully homomorphic encryption Eran Tromer.
Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.
Page 1 Efficient Two-Party Secure Computation on Committed Inputs Stanislaw Jarecki, UC Irvine Vitaly Shmatikov, UT Austin.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
Secure Computation Lecture Arpita Patra. Recap >> MPC with dishonest majority over Boolean circuit- [GMW87] > Oblivious Transfer (from CPA secure.
Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.
DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
Succinct Functional Encryption: d Reusable Garbled Circuits and Beyond
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.
FHE Introduction Nigel Smart Avoncrypt 2015.
Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.
Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto.
Secure Computation Lecture Arpita Patra. Recap > Shamir Secret-sharing > BGW Protocol based on secret-sharing > Offline/Online phase > Creating.
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.
Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.
Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University.
Fully Homomorphic Encryption (FHE) By: Matthew Eilertson.
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.
Carmit Hazay (Bar-Ilan University, Israel)
Foundations of Secure Computation
Committed MPC Multiparty Computation from Homomorphic Commitments
Course Business I am traveling April 25-May 3rd
Cryptography CS 555 Lecture 22
Verifiable Oblivious Storage
Maliciously Secure Two-Party Computation
Cryptography for Quantum Computers
Malicious-Secure Private Set Intersection via Dual Execution
Secret Sharing: Linear vs. Nonlinear Schemes (A Survey)
Presentation transcript:

1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia University) Moti Yung (Columbia University & Google)

2 Outline Motivation Our Results –First Protocol –Second Protocol Conclusion

3 Multi-party Computing with Encrypted Data (MPCED) P1P1 P2P2 PnPn … x y external parties Considered implicitly in [FH96,JJ00,CDN01] many computations on encrypted database dynamic data contribution from external parties

4 Round-complexity of protocols Critical measure on the efficiency There are constant-round MPC protocols, but the exact constant is big. Focus on online round-complexity –Possibly allow any poly-time preprocessing independent of the function of interest and input. –Minimization of turn-around time –Preprocessing can be handled separately, e.g., by cloud computing

5 Outline Motivation Our Results –First Protocol –Second Protocol Conclusion

6 Previous Work Adaptive/Static#rounds#corrupt [CLOS02]AdaptiveO(d)< n [DN03]Adaptive (Arithm.)O(d)<n [DI05]Adaptive2 const < n/5 < n/2 [DIK08+]Adaptiveconst< n/2 [IPS08]Adaptiveconst< n Yes, for static case Can we do it in one or two rounds for <n corruption?

7 Our Results Two protocols for MPCED with small online round complexity w/ preprocessing –one-round protocol P 1 –Two-round protocol P 2 (Depending on the case, P 2 has more efficient preprocessing than P 2 ). Static and <n corruption Uses ElGamal encryption –extendable to any threshold homomorphic encryption schemes.

8 Outline Motivation Our Results –First Protocol –Second Protocol Conclusion

9 First Protocol Takes one round General Idea: Modify Yao’s protocol –Garble a universal circuit instead of a given circuit –Replace OT w/ one-round equivalent step using homomorphism.

10 Preprocessing Generate a Garbled Circuit for a Universal Circuit [V76,KS08] Overall, follow Yao’s technique except input wire keys.

11 l0l0 l1l1 r0r0 r1r1 E l 0, r 0 (k 1 ) E l 1, r 0 (k 1 ) E l 0, r 1 (k 1 ) E l 1, r 1 (k 0 ) k0k0 k1k1 Yao’s Garbled Circuit NAND

12 l0l0 l1l1 r0r0 r1r1 E l 0, r 0 (k 1 ) E l 1, r 0 (k 1 ) E l 0, r 1 (k 1 ) E l 1, r 1 (k 0 ) k0k0 k1k1 l0l0 l1l1 r0r0 r1r1 E l 0, r 0 (k 1 ) E l 1, r 0 (k 1 ) E l 0, r 1 (k 1 ) E l 1, r 1 (k 0 ) k0k0 k1k1 l0l0 l1l1 r0r0 r1r1 E l 0, r 0 (k 1 ) E l 1, r 0 (k 1 ) E l 0, r 1 (k 1 ) E l 1, r 1 (k 0 ) k0k0 k1k1 Yao’s Garbled Circuit NAND Once keys of the input wires in the entire circuit are determined, can compute the circuit locally.

13 Preprocessing - 2 Input wires –Pick a random h for global use: hidden –Keys in each input wire j, say w j 0 and w j 1, should satisfy w j 1 = w j 0 * h –publish H = E y (h) –publish E y (w j 0 ) for each input wire j

14 Encrypted Input Data E y (h b ) for Boolean input b – If b = 0, publish E y (1) – If b = 1, re-randomize H

15 Online Stage Given –input wire: W 0 = E y (w 0 ) –Input data: C = E y (h b ) Decrypt W 0 * C –Note W 0 * C = E y (w 0 *h b ) = E y (w b ) Requires only a single round

16 First Protocol: Summary Use garbled universal circuit with augmented manipulation in the input wires Replace OT procedure in Yao with threshold decryption using homomorphism Needs a single online round

17 Outline Motivation Our Results –First Protocol –Second Protocol Conclusion

18 Second Protocol Takes two rounds. Natural extension of two-party case [CEJMY07] Idea –Preprocessing: garble individual gates Independent of a circuit or input –Online stage: construct wires between garbled gates and inputs

19 Preprocessing Garbled NAND gates Bunch of fresh ElGamal key pairs: (pk, E y (sk)) NAND 1yx x > y

20 Garbled NAND gates with fresh ElGamal key pairs Intermediate gates: NAND + keys top-level gates: IDENTITY + keys

21 Online stage Construct wires between garbled gates and inputs –How? Use CODE (explained next)

22 Conditional Oblivious Decryption Exposure (CODE) Functionality –Assumes parties share the private key for y –Input: three ciphertexts C in, C out, C key, a key z –Output: E z (M key ) if M in  M out, E z (random) otherwise E y (g) E y (1)E y (100) C out C in C key Output: E z (random) E y (1) E y (100) C out C in C key Output: E z (100) Can be implemented w/ homomorphic enc in 2 rounds.

23 Online Stage – Run CODEs Run CODE in parallel for each C in, C out, C key tuple. NAND x encrypted under z = pkL * pkR: E z (skL)... Not encrypted z =1: skR Then, locally computes the circuit using CODE outputs inductively.

24 Online Stage – After Running CODE... E z (skL) skR E pkL*pkR (sk) Decrypt Final column Using sk

25 Summary : Second Protocol Preprocessing –Garbled NAND gates, fresh ElGamal keys Online Stage –Run 2-round CODE protocols in parallel

26 Summary Second Protocol –online #round: two –No blow-up of gates –2n-round explicit preprocessing: efficient when n is very small (when n is big, use generic protocols) First Protocol –online #rounds: one –Logarithmic blow-up of gates –No explicit preprocessing: should use generic protocols such as [IPS08].

27 Outline Motivation Our Results –First Protocol –Second Protocol Conclusion

28 Multi-party Computing with Encrypted Data (MPCED) P1P1 P2P2 PnPn … x y external parties Considered implicitly in [FH96,JJ00,CDN01] many computations on encrypted database dynamic data contribution from external parties

29 Our Results Two protocols for MPCED with small online round complexity w/ preprocessing –one-round protocol P 1 –Two-round protocol P 2 (Depending on the case, P 2 has more efficient preprocessing than P 2 ). Static and <n corruption

30 Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.