Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas."— Presentation transcript:

1 Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas

2 Secure Multi-party Computations (MPC) The problem: There is given a set of parties (players, computers, authorites...) who want to do a joint computation but may not trust eachother!!! Example (The millionair ‘s problem): There are 2 millionairs who want to find out how is richer (without of course revealing eachother the exact ammount of money they own).

3 Secure Multi-party Computations (MPC) Obvious solution: Existence of a fully Trusted Party(TP) All players send their values to the TP The TP does the computation and sends each player what he is supposed to know Goal of MPC Simulate the TP (when such dosn‘t exist) via a protocol among the parties. 1

4 Secure Multi-party Computations (MPC) 1

5 Special case of MPC: Secure function evaluation(SFE): n players want to compute a function of their inputs whithout giving them away (actualy the function can output n values of which only the i-th should be known to the i-th player). e.g. a.e-voting (f=sum of votes) b.f:N n ! N n where p n learns only f n (x 1, ,x n )

6 Secure Multi-party Computations (MPC)

7

8 Difficulty??? Dishonest players (adversary)!!! Adversary types: 1.Pasive: All the corrupted players follow the protocol but the aversary can see averything they see. 2.Fail: The corrupted player might stop sending messages at some point of the execution. 3.Active: (Most general) The adversary can see what the corrupted players see, and he can force them to misbehave arbitrarily.

9 Secure Multi-party Computations (MPC)

10 Categories (according to the communication channels and the resources of the adversary) 1.Secure Channels Model: The parties communicate via secure authenticated channels Perfect (information-theoretic) security. Unconditional security (small error-probability) 1.Cryptographic model

11 Secure Multi-party Computations (MPC)

12 Not good when p 1 is corrupted

13 Secure Multi-party Computations (MPC)

14

15

16

17

18

19 Broadcast (definition): input: x 1, outputs: y 1, ,y n 1.(consistency): All honest players have the same output y. sender is honest all the honest players 2.(validity): If the sender is honest then all the honest players output x 1. 3.(termination): Every player ends with an output.

20 Secure Multi-party Computations (MPC) Consensus (Agreement) (definition): input: x 1, ,x n, outputs: y 1, ,y n 1.(consistency): All honest players have the same output y. all honest players have input x all the honest players 2.(validity): If the all honest players have input x then all the honest players output y=x. 3.(termination): Every player ends with an output.

21 Secure Multi-party Computations (MPC)

22 Secret sharing (thresshold case): Player p wants to share a secret s to players p 1, , p n in a way that the shares of any t players (put alltogether) give no information about s, the shares of t+1 players uniquely define s

23 Secure Multi-party Computations (MPC) Shamir ‘s secret sharing: Vector (a 1, ,a n ) is publicly known. Sharing phase: p chooses a random polynomial q( ¢ ) of degree t where the constant term is s (i.e. q(0)=s). p sends q(a i ) to player p i. Reconstruction phase: In order for p i to learn the secret s all player send him their shares and he applies Lagrange’s interpolation:

24 Secure Multi-party Computations (MPC)

25

26 MPC (secure channels - passive case) INVARIANT: The inputs and the results of the computations remain shared to the players throughout the protocol. 1. Inputs Sharing: Every player p i shares his input (Shamir’s SS Scheme) using a random polynomial q i ( ¢ ). 2. Computation: i.Addition: Can be done without interaction locally. ii.Multiplication: (BOARD) 3. Reconstruction (towards p j ) All players send their shares of the output to p j and he does the reconstruction

27 Secure Multi-party Computations (MPC) When active adversaries are considered SS is not enough (why?) we need Verifiable SS!!! Difference: The dealer is committed to the value he shares (therefore verifiable) All players are committed to the values they ‘ve recieved

28 Secure Multi-party Computations (MPC) Mixed (Active+Passive+Fail) Model: There is an MPC protocol for any spacification iff 3t a +2t p +t f <n

29 Secure Multi-party Computations (MPC) General Adversaries: Adversary structure Z={(A i,P i,F i )} A i ={set of players that can be actively corrupted by adversary Z i } P i, F i similar defined Z is a monotone set Z can be characterized by the class of maximal sets (Base of Z ( )). We will consider on Active + Passive corruption for the general adversaries

30 Secure Multi-party Computations (MPC)

31 Results for General Adversaries: (secure channels model) MPC (Perfect security)Q (3,2) MPC (Unconditional security) BC is given Q (2,2) MPC (Unconditional security) Q (2,2) Æ Q (3,0)

Download ppt "Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas."

Similar presentations

Secret Sharing Protocols [Sha79,Bla79]

Secret Sharing Protocols [Sha79,Bla79]
Secure Computation Slides stolen from Joe Kilian & Vitali Shmatikov Boaz Barak.

Secure Computation Slides stolen from Joe Kilian & Vitali Shmatikov Boaz Barak.
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Cryptography for Unconditionally Secure Message Transmission in Networks Kaoru Kurosawa.

Cryptography for Unconditionally Secure Message Transmission in Networks Kaoru Kurosawa.
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Achieving Byzantine Agreement and Broadcast against Rational Adversaries Adam Groce Aishwarya Thiruvengadam Ateeq Sharfuddin CMSC 858F: Algorithmic Game.

Achieving Byzantine Agreement and Broadcast against Rational Adversaries Adam Groce Aishwarya Thiruvengadam Ateeq Sharfuddin CMSC 858F: Algorithmic Game.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.

Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Mehrdad Nojoumian David R. Cheriton School of Computer Science University of Waterloo, Canada CrySP Lab Supervisor: Professor Douglas R. Stinson PhD Thesis.

Mehrdad Nojoumian David R. Cheriton School of Computer Science University of Waterloo, Canada CrySP Lab Supervisor: Professor Douglas R. Stinson PhD Thesis.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.

Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

Similar presentations

Ads by Google