Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Protocols.

Published byBarry York Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Protocols."— Presentation transcript:

1 Advanced Protocols

2 Things we don’t know The millionaires problem
Secretly computing the average salary of n users Online gambling 1-on-1 poker is difficult enough Even agreeing on a common random bit is not easy Electronic elections

3 Computing the average Example How do we do t-private?
Honest but curious, 1-private, single user output Honest but curious, fully private, single user output How do we do t-private?

4 Secret sharing Motivation “Definition” Access structure Dealer Secret
Shares of secret Sets that can reconstruct secret Sets that have no information Access structure General structure Threshold structure

5 Threshold secret sharing
Access structure includes all subsets with at least t+1 participants Example I n-1 threshold over a finite group Impossibility of secret sharing over an infinite domain Example II Threshold of 1

6 Polynomial interpolation
F is a finite field and p(x) is a polynomial over F Theorem: If |F|≥t+1 then any t+1 pairs (xi,p(xi)) uniquely determine a degree t polynomial that passes through these points Lagrange interpolation t monomials of the type [(x-x1)*…*(x-xt+1)]/[(xi-x1)*…*(xi-xt+1)]*p(xi) t+1 points uniquely determine p(0) t points give no information on p(0) No information Pr[secret=s|t shares]=Pr[secret=s]

7 Shamir secret sharing A threshold secret sharing scheme for a parameter t Let the secret s be an element in a finite field F, |F|>n. The i-the participant is associated with a unique element xiF, all participants know x1,…,xn The dealer chooses a polynomial p(x) of degree t over F such that P(0)=s (this is also the free coefficient) The other coefficients of p(x) are random elements in F The i-th share is p(xi)

8 Shamir secret sharing (cont.)
Reconstruction Sets of at least t+1 can perform Lagrange interpolation on pairs (xi,p(xi)) Secrecy A set of at most t parties learns nothing because any secret is still possible Can the dealer lie? Yes, but we’re not dealing with it right now (semi-honest assumption)

9 Examples What can be computed locally
Shamir secret sharing of s in F, compute locally secret sharing of a*s for public value aF Shamir secret sharing of s1, s2 in F, compute locally secret sharing of s1+s2 in F Example - Computing the average with a threshold of t Example - Proactive secret sharing Periodically adding a zero

10 Linear functions on secrets
Model n parties The i-th party has secret si in field F, S=(s1,…,sn) All parties know a fixed nXn matrix A={ai,j} Compute Y=AS Required threshold t Solution The i-th party is a dealer in a Shamir secret sharing for secret si using polynomial pi(x) (i.e. pi(0)=si ) If Y={yj} then yj=iaji*si, which is the free coefficient of qj(x)= iaji*pi(x) Each party uses its shares of p1(x),…,pn(x) to locally compute q1(x),…,qn(x)

Download ppt "Advanced Protocols."

Similar presentations

Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
296.3Page1 296.3:Algorithms in the Real World Error Correcting Codes II – Cyclic Codes – Reed-Solomon Codes.

296.3Page :Algorithms in the Real World Error Correcting Codes II – Cyclic Codes – Reed-Solomon Codes.
Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.

Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.

Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.

Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
Secret Sharing Algorithms

Secret Sharing Algorithms
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
DANSS Colloquium By Prof. Danny Dolev Presented by Rica Gonen

DANSS Colloquium By Prof. Danny Dolev Presented by Rica Gonen
ON MULTIVARIATE POLYNOMIAL INTERPOLATION

ON MULTIVARIATE POLYNOMIAL INTERPOLATION
Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.

Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Chapter 2: Vector spaces

Chapter 2: Vector spaces
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN 317 12-03-2003.

Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.

Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
Introduction to Numerical Analysis I MATH/CMPSC 455 Interpolation.

Introduction to Numerical Analysis I MATH/CMPSC 455 Interpolation.
Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.

Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.
DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.

DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.

Similar presentations

Ads by Google