Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gate Evaluation Secret Sharing and Secure Two-Party Computation

Published byJustin Carson Modified over 6 years ago

Similar presentations

Presentation on theme: "Gate Evaluation Secret Sharing and Secure Two-Party Computation"— Presentation transcript:

1 Gate Evaluation Secret Sharing and Secure Two-Party Computation
Vladimir Kolesnikov University of Toronto

2 Secure Function Evaluation
One-Round f: D1 £ D2  D3 Input: y 2 D2 Input: x 2 D1 f(x,y) f(x,y) ?

3 SFE Models Semi-honest Malicious Both players follow the protocol
Observe communication, try to learn additional info Malicious Players can freely cheat Solutions can be obtained by “compilation” of a semi-honest protocol

4 Approaches to SFE SFE for specific functions
Greater Than, Auctions, Voting SFE for arbitrary functions Functions given as a circuit, branching program, etc. This work: SFE of any boolean formula

5 Oblivious Transfer (OT)
Input: secrets s0, s1 Input: b sb Learn: Learn: nothing

6 Reduction of SFE to OT OT is a fundamental primitive
Rabin ’81, Kilian ‘88 Unconditional reductions are possible OT is implementable under a variety of computational and physical assumptions

7 Previous Work Yao’s Garbled circuit Sander, Young and Yung ’99
Kilian ’88 + Cleve ’90 (also CFIK ’03) Based on Permutation Branching Programs Ishai and Kushilevitz ’00, ’02 Based on Branching Programs

8 Secure Gate Evaluation
x 2 {0,1} y 2 {0,1} G(x,y) ? s0’,s0’’  G(0,0) s0’,s1’’  G(0,1) s1’,s0’’  G(1,0) s1’,s1’’  G(1,1) sy’’ OT (x, (s0’,s1’)) sx’,sy’’ G(x,y) ?

9 Composition Gate Evaluation Secret Sharing (GESS) s00 s01 s10 s11
x 2 {0,1} y 2 {0,1} s03,s04  s’G1(0,0) s00 s03,s14  s’G1(0,1) s01 s13,s04  s’G1(1,0) s10 s13,s14  s’G1(1,1) s11 I s00 s01 s10 s11 Gate Evaluation Secret Sharing (GESS)

10 GESS for Gates with Binary Inputs
Wire 1 Wire 2 Output wire s00 b R0 R0 © s00 R1 © s10 s01 s10 1 R1 R0 © s01 R1 © s11 :b s11 Permute if b=1 b 2R {0,1} Reconstruction: (c r, r0 r1)  r © rc Exponential growth with depth  For OR and AND gates either left or right columns of wire 2 are equal!

11 GESS for AND/OR gates Key: view secrets as being equal, except for one column of blocks. share column-wise. (1) (2) (4) (1) (3) (4) n blocks of size k example: n = 3  2R ( {1..n+1}  {1..n+1}) Shares have the same block equality properties

12 GESS Performance Given a boolean formula F Previous best
Cost ¼  di2 ( di – depth of leaf i) F is balanced  quazilinear in |F| Rebalance F to log depth (Bonet-Buss, Spira) Previous best exponential in depth directly for circuits quadratic in |F| via Branching Programs

13 GESS Performance Cost of SFE of boolean NC1 circuit of depth d
This work O(2d d2) Previous best (2d 2d1/2) (Kilian-Cleve, Cramer-Fehr-Ishai-Kushilevitz ‘03)

14 Other results Lower Bounds New Efficient Protocol for GT
Generalization of Yao’s Garbled Circuit

15 Lower Bounds When secrets are independent H(Ai) + H(Bj) ¸ 3 H(S)
Wire 1 Wire 2 Output wire S00 A0 B0 S01 1 S10 A1 B1 S11 When secrets are independent H(Ai) + H(Bj) ¸ 3 H(S)

Download ppt "Gate Evaluation Secret Sharing and Secure Two-Party Computation"

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner www.wisdom.weizmann.ac.il/~iftachh WEIZMANN INSTITUTE.

Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner WEIZMANN INSTITUTE.
Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.

Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.

ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Similar presentations

Ads by Google