Presentation is loading. Please wait.

Presentation is loading. Please wait.

Swarming Secrets Shlomi Dolev (BGU), Juan Garay (AT&T Labs), Niv Gilboa (BGU) Vladimir Kolesnikov (Bell Labs) Allerton 2009.

Published byMarvin Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "Swarming Secrets Shlomi Dolev (BGU), Juan Garay (AT&T Labs), Niv Gilboa (BGU) Vladimir Kolesnikov (Bell Labs) Allerton 2009."— Presentation transcript:

1 Swarming Secrets Shlomi Dolev (BGU), Juan Garay (AT&T Labs), Niv Gilboa (BGU) Vladimir Kolesnikov (Bell Labs) Allerton 2009

2 Talk Outline Objectives Adversary Secret sharing Membership and thresholds Private computation in swarms –Perfectly oblivious TM –Computing transitions

3 Objectives Why swarms Why secrets in a swarm Dynamic membership in swarms Computation in a swarm

4 Adversary Honest but curious Adaptive Controls swarm members –Up to a threshold of t members What about eavesdropping? –We assume that can eavesdrop on the links (incoming and outgoing) of up to t members

5 Secret sharing X Y i j P(i,j) Bivariate Polynomial P(x,y) i Share of Player i P(i,y) P(x,i)

6 Join Hey Guys, can I play with you? I’m J! J B D C A Sure! P A (J,y), P A (x,J) P B (J,y), P B (x,J) P C (J,y), P C (x,J) P A (J,y), P A (x,J)

7 Leave Problem: –Member retains share after leaving –Adversary could corrupt leaving member and t current members Refreshing (Proactive Secret Sharing) –Each member shares random polynomial with free coefficient 0

8 Additional Operations Merge Split Clone

9 Increase Threshold Why do it? How – simple, add random polynomials of higher degree with P(0,0)=0

10 Decrease Threshold- t to t* J B D C A Choose random, Degree t* Q A (x,y) Share of Q A (x,y) Share of Q A (x,y) Share of Q A (x,y) Share of Q A (x,y) B, C, D, … also share random polynomials

11 Decrease Threshold- t to t* J B D C A Add local shares Add local shares Add local shares Add local shares Add local shares Interpolate P(x,y) + Q A (x,y) + Q B (x,y) +… Remove high degree terms R(x,y)

12 Decrease Threshold- t to t* J B D C A High mon. Of P High mon. Of P High mon. Of P High mon. Of P Compute reduced P Compute reduced P Compute reduced P Compute reduced P Compute reduced P

13 Computation in a Swarm A distributed system –Computational model –Communication between members –Input – we can consider global and non- global input –Changes to “software” –“Output” of computation when computation time is unbounded

14 What is Hidden Current state Input Software Time What is not Hidden? Space

15 How is it Hidden? Secret sharing –Input –State Universal TM –Software Perfectly oblivious universal TM –Time

16 Architecture of a Swarm TM

17 Perfectly Oblivious TM  Perfectly Oblivious TM Tape head Oblivious TM – Head moves as function of number of steps Perfectly Oblivious TM – Head moves as function of current position

18 NNYN Perfectly Oblivious TM Perfectly Oblivious TM  Tape Orig. Tape Head Transition: ( st,  )  (st2, ,right)  Transition: ( st,  )  (st1, ,left)  Tape shifts right, copy  that was in previous cell Tape shifts right, head shifts left, Y stays in place, copy  Insert result of “real” transition,  Transition: ( st,  )  (st3, ,left)  

19 TM Transitions    … Tape Tape head st1 st2 … st … States Transition Table st1 … … 1 …… ns,  st   ns …

20 Encoding States & Cells    … Tape st1 st2 … st … States 10…0 01…0 0…010…0 index st 0…010…0 index 

21 Computing a Transition Goal, Compute transition privately in one communication round Method, Construct new state/symbol unit vector, ns/n , from Current state - st Current symbol -  ns[k]=  st[i]  [j], for all i, j such that a transition of (i, j) gives state k Construct new symbol vector in analogous way n  [k]=  st[i]  [j], for all i, j such that a transition of (i, j) gives symbol k

22 Encoding State Transitions Transition Table st1 … st2  …  ns,  st1,  St1,  St2,  ns,  St2,  st2,  ns,  st  Current Transition 0 … 0 0 … 0 0*0 0* 1 0*0 1 *0 0*0 0* 1 0*0 1*11 1 ns,  ns,  ns,  ns,  1 *0 1*1 0*0 st1,  St1,  0* 1 0*0 St2,  st2,  St2,  0* 1 0*0 1 *0 0*0+0* 1 =0 … 1 *0+0* 1 +0*0=00*0+0*0+ 1*1 + 1 *0 =1 0…010…0New state is ns

23 Encoding Symbol Transitions Transition Table st1 … st2  …  ns,  st1,  St1,  St2,  ns,  St2,  st2,  ns,  st  Current Transition 0 … 0 0 … 0 0*0 0* 1 0*0 1 *0 0*0 0* 1 0*0 1*1 1 1 st1,  ns,  st2,  0* 1 1*1 0*0 St1,  ns,  St2,  ns,  0*0 1 *0 0*0 ns,  St2,  0*0 0* 1 0*0+0* 1 =0 … 1 *0+0*0+0*0+ 1 *0=00* 1 + 1*1 +0*0 =1 0…01 New symbol is 

24 What about Privacy? Goal: compute transitions privately Method –Compute new shares using the  st[i]  [j], –Reduce polynomial degree

25 Sharing States & Symbols Initially Encode 1 by P(x,y), P(0,0)=1 Encode 0 by Q(x,y), Q(0,0)=0 Share bivariate polynomials for state and symbol Step Compute 0*0+ 1*0+ 1*1… by –Multiplying and summing local shares –Running “Decrease” degree protocol

26 Thank You!!!

Download ppt "Swarming Secrets Shlomi Dolev (BGU), Juan Garay (AT&T Labs), Niv Gilboa (BGU) Vladimir Kolesnikov (Bell Labs) Allerton 2009."

Similar presentations

Secret Sharing Protocols [Sha79,Bla79]

Secret Sharing Protocols [Sha79,Bla79]
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Multi-Party Computation Forever for Cloud Computing and Beyond Shlomi Dolev Joint works with Limor Lahiani, Moti Yung, Juan Garay, Niv Gilboa and Vladimir.

Multi-Party Computation Forever for Cloud Computing and Beyond Shlomi Dolev Joint works with Limor Lahiani, Moti Yung, Juan Garay, Niv Gilboa and Vladimir.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University,

Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University,
Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.

Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] 1706 2538344113296634 ? 1706 2 bad.

How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Secret Sharing Algorithms

Secret Sharing Algorithms
1 Lecture 13 Turing machine model of computation –Sequential access memory (tape) –Limited data types and instructions –Graphical representation –Formal.

1 Lecture 13 Turing machine model of computation –Sequential access memory (tape) –Limited data types and instructions –Graphical representation –Formal.
Adaptively Secure Broadcast, Revisited

Adaptively Secure Broadcast, Revisited
Section 11.4 Language Classes Based On Randomization

Section 11.4 Language Classes Based On Randomization
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Randomized Turing Machines

Randomized Turing Machines
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.
Theory of Computing Lecture 17 MAS 714 Hartmut Klauck.

Theory of Computing Lecture 17 MAS 714 Hartmut Klauck.
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.

Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.

Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.

Similar presentations

Ads by Google