Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Published byKathleen Durden Modified over 9 years ago

Similar presentations

Presentation on theme: "Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),"— Presentation transcript:

1 Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University), and Hoeteck Wee (Queens College, CUNY) Seung Geol Choi Columbia University

2 2 Outline Motivation Our Work Our Compiler –Comp

3 3 Outline Motivation Our Work Our Compiler –Comp

4 Criteria of adversarial corruption in Multi-party Computation (MPC) Semi-honest vs. Malicious –semi-honest: corrupted parties should behave honestly –malicious: they can behave arbitrarily How many parties can be corrupted? –Honest majority vs. honest minority. Static vs. Adaptive –static: adv corrupts parties at the outset –adaptive [CFGN96]: during the protocol adaptively

5 Adaptively Secure OT - Simulator (s 0, s 1 ) ReceiverSender m1m1 m2m2 m3m3 srsr Output r Corrupt Sender Bad Simulation Pick (s 0, s 1 ), r, rand for S & R randomly and execute the protocol honestly w/ these values. Given the actual input (s 0 ’, s 1 ’), Sim is unable to patch rand for S consistent w/ the transcript & the input No Corruption

6 MPC (malicious majority) and OT -- Roughly Non-black-box –Basically everything is known: use ZK, e.g., –Static: from semi-honest OT [GMW87] (stand-alone) –Adaptive: from semi-honest OT with F COM [CLOS02] (UC) Black-box –Static: from semi-honest OT [K88,IKLP06,H08] (stand-alone) –Adaptive: from malicious OT [IPS08] (UC) But, malicious OT [B98, CLOS02, KO04] has non-black-box access to the underlying primitive.

7 Goal Achieve MPC –adaptive, malicious majority –black-box (BB) access to lower primitives Of theoretical interest Arguably more efficient: avoid general NP reductions incurred by ZK proofs. –constant-round

8 8 Outline Motivation Our Work Our Compiler –Comp

9 Main Result UC, adaptive semi-honest bit OT UC, adaptive malicious string OT in F COM hybrid Compiler Black-box constant multiplicative blow-up in rounds Improvement over [IKLP06,H08] : UC and adaptive

10 BB Implications – UC & Adaptive constant-round semi-honest bit OT Trapdoor simulatable cryptosystem DDH RSA Factoring LWE [CDMW09, CLOS02] this work: in F COM hybrid - MPC allowing corruption of any number of parties - constant-round MPC allowing corruption of n-1 parties [IPS08] malicious string OT in F COM hybrid

11 Our MPC Construction F COM hybrid: Can be combined with existing results under various setup –e.g., [CLOS02, BCNP04, CDPW07, K07]. Usually start by how to UC realize F COM. [CLOS02][IPS08]ours #rounds for n, (n-1) corruptions O(depth) O(1) O(depth) O(1) hybridF COM F OT F COM BB/non-BBnon-BBBB

12 UC, adaptive in F COM hybrid - MPC allowing corruption of any number of parties - constant-round MPC allowing corruption of n-1 parties stand-alone, adaptive BB Implications - Stand-alone UC, adaptive, constant-round semi-honest bit OT Trapdoor simulatable cryptosystem DDH RSA Factoring LWE [CDMW09, CLOS02] this work: [IPS08] malicious string OT in F COM hybrid [PW09] - constant-round malicious string OT [PW09]

13 Our Work - Summary Adaptively secure MPC: UC in F COM hybrid / stand-alone - allowing corruption of any number of parties -allowing corruption of n-1 parties in constant-round UC, adaptive semi-honest bit OT UC, adaptive malicious string OT in F COM hybrid Compiler MPC stand-alone, adaptive constant-round malicious string OT String OT

14 14 Outline Motivation Our Work Our Compiler –Comp

15 Previous Work: Stand-alone & Static case semi-honest bit OT malicious OT Haitner [H08] defensible bit OT Ishai,Kushilevitz, Lindell, and Petrank [IKLP06] eTDP, homomorphic enc [K88] MPC

16 Our Compiler - 1 Basically, [H08]+[IKLP06]. Insight –View [H08] + [IKLP06] as GMW Compiler With ZK proof replaced with cut-and-choose technique. –Our presentation doesn’t need the notion of defensible OT.

17 Our Compiler - 2 Has two modules –Comp: boost receiver-side security (for string) –OT-Reversal [WW06]: reverse the role of sender and receiver (for bit) malicious Apply Comp semi-honestmaliciousApply OT-Reversal malicioussemi-honestApply Comp semi-honest Starting protocol receiver senderOur Compiler defensible [IKLP06] [H08] : Commit input & randomness at the outset semi-honest Parallel executions

18 18 Outline Motivation Our Work Our Compiler –Comp

19 I. Run con-tossing in the well using F COM to fix R’s input & rand for Phase II. II. Run 2n executions of ¦ in parallel w/ R using input & rand generated in Phase I. III. R opens commitments in Phase I for n random OT execs. IV. Apply combiner to the rest of n executions. Comp( ¦ ) [H08] [IKLP06] Cut & Choose

20 UC Security in Comp Straight-line simulation –Extract receiver’s input in a straight-line manner w/ info from Phase I.

21 Adaptively Secure OT - Simulator (s 0, s 1 ) ReceiverSender m1m1 m2m2 m3m3 srsr Output r Corrupt Sender Upon corruption, Sim has to patch rand for S consistent w/ the transcript & the given input No Corruption

22 Simulation in Comp – Achieving Adaptive Security 1.Extract R’s input & rand. in Phase I w/ F COM 2.For i-th OT execution ¦ i: Run simulator for ¦ i (SIMi) until the R behaves consistently w/ the commitments. Inconsistent R: “corrupt S” on SIMi (input & rand of S in ¦ i is fixed ). Follow spec. of ¦ w/ this fixed info. 3.Patching the S’s overall rand. If R behaved honestly in some ¦ j, can patch using SIMj : with high probability there is at least one such j. Use adaptive security of ¦: Guaranteed as long as R behaves honestly

23 Conclusion Adaptively secure MPC: UC in F COM hybrid / stand-alone - allowing corruption of any number of parties -allowing corruption of n-1 parties in constant-round UC, adaptive semi-honest bit OT UC, adaptive malicious string OT in F COM hybrid Compiler MPC stand-alone, adaptive constant-round malicious string OT String OT

24 Thank you

Download ppt "Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),"

Similar presentations

Perfect Non-interactive Zero-Knowledge for NP

Perfect Non-interactive Zero-Knowledge for NP
On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)

BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)
Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.

Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
1 Vipul Goyal Microsoft Research India Non-Black-Box Simulation in the Fully Concurrent Setting.

1 Vipul Goyal Microsoft Research India Non-Black-Box Simulation in the Fully Concurrent Setting.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
On the Composition of Public- Coin Zero-Knowledge Protocols Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm (KTH) 1.

On the Composition of Public- Coin Zero-Knowledge Protocols Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm (KTH) 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.

New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

Similar presentations

Ads by Google