Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.

Published byJeffry Ryan Modified over 6 years ago

Similar presentations

Presentation on theme: "TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania."— Presentation transcript:

1 TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania Polychroniadou (Aarhus University, Denmark ) Muthuramakrishnan Venkitasubramaniam (University of Rochester, New York)

2 Introduction of Secure MPC
[Yao82,GMW87,BGW88, CCD88]

3 Secure Multi-Party Computation
UC f(x1, x2, x3, x4) = (y1, y2 ,y3 ,y4 ) x1 x1 x1 y4 y1 x4 Goal: Correctness: Everyone computes f(x1,…,x4) Security: Nothing else but the output is revealed Adversary PPT Malicious Static x2 y3 y2 x3

4 Bypass Impossibility for UC security
Possible: with “trusted help” E.g. Common Reference String (CRS) model [CLOS02] Motivation: Can we “eliminate” trust?

5 Quality of UC Composition Round Efficient Assumptions Usability Model
5 Usability Model 4 3 4 2 1

6 Tamper Proof Hardware Tokens
Quality of UC Composition Round Efficient Our result in a nutshell: 2-round 2PC using stateless tokens from OWFs with GUC-security UC Assumptions 2 rounds Semi-honest OT G (this work) Usability UC Model 2 rounds (this work) 5 Central Trust OWFs (this work) Common Reference String (CRS) 4 Decentralized “SGX”? 3 Tamper Proof Hardware Tokens 4 2 1

7 Hardware Token Model GOOD NOT SO GOOD Stateless Tokens Stateful Tokens
1 Stateless Tokens Stateful Tokens x c f b0,b1 f(x) bc GOOD NOT SO GOOD Requires non-volatile memory

8 Hardware Token Model Attacker capability x f(x) f Transfer Tokens
1 Attacker capability x f f(x) Transfer Tokens Inject malicious code

9 Prior Works G OWFs 2 YES MPC [K07] [CGS09] [GISVW10] This Work
3 [K07] [CGS09] [GISVW10] [CKSYZ14] This Work Model Stateful Stateless Stateful Stateless Stateless DDH ETDP CRHF OWFs Assumption Rounds O(1) O(n) O(dF) O(1) 2 G Composition UC UC UC UC UC MPC no no no no YES (ETDP & 3rnd)

10 Composibility in[Katz07] Framework
4 Does not provide adequate composability guarantees. Does not allow for transferability of tokens Does not implement multi-versions* of UC Do not achieve UC-MPC This Work: A new way to model Tamper-Proof Model as a Global Functionality Fglobal Prove security in the Global Universal Composability (GUC [CDPW07]) Framework Concurrent work [MMN16]: model token-based protocols in GUC.

11 UC GUC 𝝅 𝝅 𝝅 𝝅 Z TS Z P1 P2 P1 P2 A S P3 P4 P3 P4 F Z GS Z GS P1 P2 P1
REAL WORLD IDEAL WORLD Z GS Z GS P1 P2 P1 P2 GUC A S 𝝅 𝝅 P3 P4 P3 P4 F

12 Our Results Theorem 1 [2PC]
Assuming OWFs, realize any (well-formed) two-party f via two-rnd blackbox cons. with GUC-security f in the Fglobal-hybrid. Corollary 1 [Thm1+IPS08]: Assuming OWFs, realize any (well-formed) multiparty f via O(1)-round blackbox cons. with GUC-security f in the Fglobal-hybrid. Theorem 2 [MPC] Assuming OWFs and ETDPs, realize any (well-formed) multiparty f via three-rnd construction with GUC-security f in the Fglobal-hybrid.

13 Tamper Proof hardware as Global Functionality§
Fglobal functionality Transfer* Create Retrieve: Execute

14 Issue with Transfers Malleability Lose extractability
Transfer to honest parties Transfer to dishonest parties Malleability Honest party encodes sid into tokens Answer only if session id = sid Lose extractability Track illegitimate queries [CJS15]

15 Product Piece 1 – Do not delete this text box - used for hyperlinks
Tamper Proof hardware as Global Functionality Create: Every party can create a token and send to another party Encode sid and answer only if prefix of query = sid sid Execute: If a party owns a token it can execute it on any input. If an ``illegal query’’ is made then record in Qsid Transfer: Adversary can transfer token from one session to another Retrieve: Every legitimate query for the current session can be retrieved. Return Qsid

16 Extractable Commitment from Tokens [GoyalIshaiShaiVenkatesanWadia10]
P R Extract by observing query P P USE RETRIEVE !

17 UC Oblivious Transfer from Tokens
FB B A FA Vulnerable to input-dependent abort Token aborts based on b*

18 UC Oblivious Transfer from Tokens
FB B A FA Solve input-dependent abort: use verification checks to ensure that B’s inputs can be verified [ORS15].

19 MPC with tamper proof tokens
Two ingredients: Embed next message function in token [a la GGHR14] Design a commit-and-prove protocol using tokens Easy Issues: Commit and prove needs to be black-box in the commitment scheme Next-message token cannot issue token-based commitments (tokens cannot invoke tokens) Design special-purpose 3-round input-delayed black-box commit and prove protocol ([HV16] gave a 6-round protocol)

20 Summary Designed two party protocols with stateless tokens
OWFs (minimal [GISVW10]) Two rounds (minimal) Black-box GUC security Designed three-round MPC protocols with stateless tokens Used OWFs and ETDPs Better alternative to CRS based constructions (LWE/IO)? [HPV16]: Constant-round Adaptive GUC in the tamper-proof model from OWFs

21 Thank you!

Download ppt "TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania."

Similar presentations

Coin Tossing With A Man In The Middle Boaz Barak.

Coin Tossing With A Man In The Middle Boaz Barak.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.

Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
How to Use Bitcoin to Design Fair Protocols Iddo Bentov (Technion) Ranjit Kumaresan (Technion) ePrint 2014/129.

How to Use Bitcoin to Design Fair Protocols Iddo Bentov (Technion) Ranjit Kumaresan (Technion) ePrint 2014/129.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.

Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
Survey: Secure Composition of Multiparty Protocols Yehuda Lindell IBM T.J. Watson.

Survey: Secure Composition of Multiparty Protocols Yehuda Lindell IBM T.J. Watson.

Similar presentations

Ads by Google