Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University.

Published byMonica Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University."— Presentation transcript:

1 Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University

2 Outline → → Problem Formulation OT → DOT → VDOT VDOT Design –Secret Sharing + One-round OT –Cheater Identification Application in Mobile-agent Security

3 Problem Formulation Oblivious Transfer (OT) Distributed Oblivious Transfer (DOT): Extension of OT with Distributed Proxy Verifiable Distributed Oblivious Transfer (VDOT): Extension of DOT with Verifiability

4

5

6 Why VDOT? What if a proxy server cheats (deviates from the protocol) ? –Receiver gets wrong shares; cannot recover chosen item correctly. →DOT only works in semi-honest model. → Needs Verifiable DOT = VDOT –Receiver can verify consistency of shares before recovery (i.e., can detect cheating)

7 Additional Requirement Now Receiver can detect cheating. Then what to do if cheating is detected? –Receiver should identify who has cheated –Receiver should accuse cheater(s) –Public should verify the accusation

8 Summary of VDOT Security Sender’s privacy: Receiver colluding with τ 1 proxy servers knows nothing about the item not chosen Receiver’s privacy: Sender colluding with τ 2 proxy servers knows nothing about which item is chosen Verifiability of share consistency Verifiability of accusation if cheating is detected

9 Progress of Talk Problem FormulationProblem Formulation OT → DOT → VDOT → →VDOT Design –Secret Sharing + One-round OT –Cheater Identification Application in Mobile-agent Security

10 VDOT Design Basic Idea: One-round OT + Secret Sharing –Bellare-Micali OT + Feldman VSS Major difficulty: Allow verification of consistency of both items (but only one item will finally be decrypted) → Need to verify on encrypted shares

11 Secret Sharing Feldman’s Verifiable Secret Sharing (VSS) –Secret: s –Share: P j =P(j), where P is a poly. with s as the constant term –Commitment to share: P’ j = λ Pj, where λ is a primitive root

12

13

14

15

16 Potential Problem in Cheater Identification Receiver only needs τ shares to recover an item. Therefore… –If he can see more shares, maybe these are the shares of the other item → he derives the other item with the help of cheating servers Need to limit the number of shares the receiver sees! –But (uncarefully designed) cheater identification procedure may allow receiver / cheating servers to see more shares

17 Solution to Potential Problem Re-randomize all shares using randomness whose discrete log is unknown Identify cheaters on these re-randomized shares Use ZK proofs to force honest behavior in re-randomizations See paper for details

18 Progress of Talk Problem FormulationProblem Formulation OT → DOT → VDOT VDOT Design –Secret Sharing + One-round OT –Cheater Identification → → Application in Mobile-agent Security

19 Mobile Agent Computation: Architecture (threshold extension of [ACCK2001])

20 Mobile Agent Computation: Basic Idea [ACCK2001]: apply Yao’s garbled circuits, which needs OT between trusted proxy and receiver. Our proposal: threshold extension. –Replace trusted proxy with group of servers –Needs threshold extension of OT with verifiability. →Use VDOT

21 Performance: Overhead of Garbled Circuits

22 Performance: Overhead of VDOT

23 THANK YOU!

Download ppt "Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University."

Similar presentations

Private Inference Control

Private Inference Control
Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.

Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Oblivious Branching Program Evaluation

Oblivious Branching Program Evaluation
Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner www.wisdom.weizmann.ac.il/~iftachh WEIZMANN INSTITUTE.

Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner WEIZMANN INSTITUTE.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.

Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Twin Clouds: An Architecture for Secure Cloud Computing Term Paper Presented by: Komala Priya Chitturi.

Twin Clouds: An Architecture for Secure Cloud Computing Term Paper Presented by: Komala Priya Chitturi.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.

Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Similar presentations

Ads by Google