Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.

Slides:



Advertisements
Similar presentations
Polylogarithmic Private Approximations and Efficient Matching
Advertisements

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Yan Huang, David Evans, Jonathan Katz
Secure Evaluation of Multivariate Polynomials
Oblivious Branching Program Evaluation
Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Oblivious Transfer based on the McEliece Assumptions
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Extending Oblivious Transfers Efficiently Yuval Ishai Technion Joe Kilian Kobbi Nissim Erez Petrank NEC Microsoft Technion.
Blind Vision Shai Avidan, Moshe Butman Yuval Schwartz.
Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties.
David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University.
Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
TOWARDS PRACTICAL (GENERIC) ZERO-KNOWLEDGE Claudio Orlandi – Aarhus University.
Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
SSL with New Client Authentication Takuya Yahagi, S University of Aizu Performance Evaluation Lab.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.
Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.
Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto.
Slide 1 Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. Introduction to Secure Multi-Party Computation.
Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-106 Efficient Fully-Simulatable Oblivious Transfer.
Improved OT Extension for Transferring Short Secrets Vladimir Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion)
Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.
Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University.
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
1© Nokia 2016 Overlaying Circuit Clauses for Secure Computation Sean Kennedy Vladimir Kolesnikov Gordon Wilfong Bell Labs.
Secure Computation Basics Yan Huang Indiana University May 9, 2016.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Garbling Techniques David Evans
TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.
The first Few Slides stolen from Boaz Barak
Course Business I am traveling April 25-May 3rd
Cryptography CS 555 Lecture 22
Gate Evaluation Secret Sharing and Secure Two-Party Computation
Maliciously Secure Two-Party Computation
Privacy Preserving analytics Private Set Intersection(PSI)
Oblivious Transfer.
ITIS 6200/8200 Chap 5 Dr. Weichao Wang.
Presentation transcript:

Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov

Proprietary © Alcatel-Lucent Secure Function Evaluation y x Learn: F(x,y) Variety of known techniques Garbled Circuit (aided computation under encryption) Alice encrypts wire signals and truth tables Given active wire key, Bob decrypts part of truth table and obtains next wire key

Proprietary © Alcatel-Lucent Input: b Input: secrets s 0, s 1 Learn: Learn: nothing Oblivious Transfer (OT) sbsb  Basic primitive for Secure Function Evaluation

Proprietary © Alcatel-Lucent Model  Alice sends a tamper-resistant token T to Bob  Alice and Bob want to compute securely  In this work:  T is stateless k k

Proprietary © Alcatel-Lucent Simple OT b counter ++ F k (counter,b) s 0 © F k (counter,0), s 1 © F k (counter,1) A few of efficient techniques exist; all require keeping state on T A few techniques for SFE with stateless tokens, but inefficient sbsb k

Proprietary © Alcatel-Lucent Our idea b,x v =F k b (x) k 0,k 1 1. Bob can obtain at most one preimage (under k 0 or k 1 ) for any v 2. x is random ) v is random v does not leak which of k 0, k 1 was used Use Strong (invertible) PRPG F

Proprietary © Alcatel-Lucent Protocol for semi-honest T b,x v =F k b (x) k 0,k 1 e 0 = F -1 k 0 (v) e 1 = F -1 k 1 (v) E e 0 (s 0 ), E e 1 (s 1 ) v Not every encryption E will do OTP does not work: guess s 0, get e 0, check F k 0 (e 0 ) = v Theorem: Secure with malicious A, B and semi-honest T if E is CPA. x 2 R D b

Proprietary © Alcatel-Lucent Protocol for covert A,T and malicious B Need to hide B’s input from T Easy: Ask T for both b, 1-b Need to prevent side channels from T to A (via v) Randomly test T’s responses (aka Cut-and-Choose) By asking A to reveal keys k 0,k 1 used by T (before A saw v) Theorem: Secure with Covert A,T and Malicious B. k 0, k 1 cannot be used for “live” OT T derives k 0 =F kinit0 (y), k 1 =F kinit1 (y) from y given by Bob y 2 D T is for testingwill not be executed by A y : 2 D T is for “live”will not be opened by A D T unpredictable to T b,x v =F k b (x) k 0,k 1 x 2 R D

Proprietary © Alcatel-Lucent Summary  Efficient protocols for OT with stateless tokens  6 SPRPG calls with semi-honest T  27 SPRPG calls with covert T   with semi-honest T is concurrently composable   with covert T is sequentially composable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.