Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.

Published byDarleen Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal."— Presentation transcript:

1 Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal Holloway)

2 Verifiable Computation Increasing dependence on the cloud –Individual devices getting smaller & smaller Resource constrained –Computation outsourced to the cloud “Trust, but verify” –Many incentives for a cloud to cheat Minimize resource usage Malicious server! Need to verify whether server performs correct computations –Verification must be cheaper than computation

3 Verifiable Computation Variety of solutions –Interactive proofs [GMR85,LFKN92,S92,GKR08] –MIPs & PCPs [BFL91,BFLS91,BCCT12] –Interactive arguments [BCC88,M94,K92,K95] –Non-Interactive Solutions [K95,M94,GKR08,CKV10,GGP10,AIK11,BHR12] –Public verifiability [PRV12] All of them deal with verifiably computing functions on a single client’s input

4 Multi-Client Verifiable Computation...

5 Motivation Resource constrained data gathering sensors located far apart want to compute over joint collected data Ask one sensor to collect all data & use single-client verifiable comp.? Requires client-client communication Mix-and-match attacks –No analogue in single-client setting No privacy Need a model for non-interactive verification of computations over joint inputs of multiple clients

6 Our Contributions Model, syntax, and definitions Generic constructions –Non-interactive solution –Privacy against colluding clients –Privacy against malicious server Initiate study of non- interactive multi-client verifiable computation in a setting with n semi-honest clients malicious server

7 Talk Outline Motivation & Introduction Model, Syntax, and Definitions Building Blocks Construction Conclusions

8 Model... n clients... Clients are semi-honest Want non-interactive solution –No interaction between clients

9 Model... n clients... Clients are semi-honest Want non-interactive solution –No interaction between clients

10 Model Clients are semi-honest Want non-interactive solution –No interaction between clients... n clients... How to prevent spoofing attacks? –Use PKI How to prevent mix-and-match attacks? –Use global clock Assumptions of this type are necessary

11 Model Clients are semi-honest Want non-interactive solution Assume PKI & global clock... n clients... Like [GGP10] use offline preprocessing model One-time (expensive) preprocessing –Must be non-interactive Allows for multiple (cheap) verification stages

12 Model Clients are semi-honest Want non-interactive solution Assume PKI & global clock One-time preprocessing... n clients... Only first client gets output Easily generalized to multiple clients obtaining outputs –Parallel executions

13 Model Clients are semi-honest Want non-interactive solution Assume PKI & global clock One-time preprocessing Only first client gets output... n clients...

14 Online –EncInp j –Compute –Verify Offline –EncFun Syntax x i,1 X i,1 x i,2 X i,2 pk 2 pk 1 F S TiTi Setup –KeyGen pk 2 pk 1 pk 2 pk 1 WiWi yiyi

15 Properties Soundness Given encoding of function, A gets to choose series of inputs & receive encodings of each input. Finally A outputs (i,W i ) If Verify(W i ) ≠ f(x i ) and Verify(W i ) ≠ λ, output 1, else 0 Scheme is sound if Experiment outputs 1 with negl. prob. Outsourcing T(encode input)+T(verify output)<T(compute function) Privacy Against server: Cannot distinguish between executions where clients hold input x 0 vs. another where client inputs are x 1 Against first client: Conditioned on its input being the same, cannot distinguish between executions having same output

16 Talk Outline Motivation & Introduction Model, Syntax, and Definitions Building Blocks Construction Conclusions

17 Building Blocks Projective Garbling Schemes [Y86,BHR12] Non-Interactive Proxy Oblivious Transfer [NPS99] Fully Homomorphic Encryption [G09,BV11] –Converts one-time scheme to a many-time scheme Our construction builds upon the single-client scheme of [GGP10]

18 Projective Garbling Schemes Garbling Schemes [Y86,BHR12] –“Projective” if individual input encodings can be generated independently Adaptive soundness –Same issue as in [GGP10] –Assume Yao GCs satisfy adap. soundness Reasonable in practice [BHR12]: Does not follow from CPA security of enc. GC …. Encoding of function Projective encoding of Individual input bits Possible output encodings

19 Proxy Oblivious Transfer [NPS99] Ideal Functionality b=0,1 Proxy OT Proxy OT Proxy OT x 0,x 1 xbxb Want a non interactive proxy OT protocol

20 Non-Interactive Proxy OT (x c +r c, x 1+c +r 1+c ) (c+b, r c+b ) Use PKI and a non-interactive key exchange (NIKE) protocol to generate common randomness s unknown to server Use common randomness s to run PSM protocol [FKN94] for OT, with server as referee s = (r 0, r 1, c) b=0,1 x 0,x 1 pk 1 pk 2 pk 1 pk 2

21 Talk Outline Motivation & Introduction Model, Syntax, and Definitions Building Blocks Construction Conclusions

22 GC …. One-Time Multi-Client VC Preprocessing Using a garbling scheme, encode function & prepare state to encode inputs and to verify encoded outputs

23 GC …. Input Encoding Select own keys depending on input bits x i,1 x i,2 One-Time Multi-Client VC

24 GC …. One-Time Multi-Client VC Input Encoding x i,1 x i,2 Select keys for others using non- interactive proxy OT Keys obtained from Proxy OT GC

25 …. One-Time Multi-Client VC Compute x i,1 x i,2 GC …. Evaluate garbled circuit to obtain output encoding

26 GC …. One-Time Multi-Client VC Verify x i,1 x i,2 GC …. Check whether received key matches one of the 2 output keys

27 Multi-Client VC - Finis Soundness –Privacy of non-interactive proxy OT scheme –Authenticity of garbling scheme Privacy –Non-interactive nature of the scheme –Privacy of single-client [GGP10] scheme –Privacy of non-interactive proxy OT scheme Wrap one-time scheme with Fully Homomorphic Encryption –Converts one-time scheme to many-time –Semantic security preserves one-time soundness & privacy

28 Talk Outline Motivation & Introduction Model, Syntax, and Definitions Building Blocks Construction Conclusions

29 Conclusions & Summary Modeled non-interactive multi-client verifiable computation in a setting with –n semi-honest clients –Single malicious server Formal syntax and definitions Generic constructions of schemes based on –Projective Garbling Schemes –Non-Interactive Proxy Oblivious Transfer –Fully Homomorphic Encryption Future directions –Stronger models, e.g., malicious clients, etc. … …

30 Thank You!

31 Multi-Client VC Input Encoding GC …. x i,1 x i,2 Keys obtained from Proxy OT Select others’ keys using non-interactive proxy OT

32 GC …. GC …. Multi-Client VC Compute x i,1 x i,2 Evaluate garbled circuit to obtain output encoding

33 GC …. GC …. Multi-Client VC Compute x i,1 x i,2 Evaluate garbled circuit to obtain output encoding

34 GC …. Multi-Client VC Verify Check whether received key matches one of the 2 output keys x i,1 x i,2

35 Model Clients are semi-honest Want non-interactive solution –No interaction between clients... n clients... How to prevent mix-and-match attacks? Spoofing attacks –Use PKI Mixing inputs from different instances –Use global clock

36 Online –EncInp j –Compute –Verify Offline –KeyGen –EncFun Syntax x i,1 X i,1 x i,2 X i,2 pk 2 pk 1 F S TiTi pk 2 pk 1 pk 2 pk 1 WiWi yiyi

37 Properties Soundness Experiment Given encoding of function, A gets to choose series of inputs (for each client) & receive encodings of each input Finally, for some i, A outputs (i,W i ) If Verify(W i ) ≠ f(x i ) and Verify(W i ) ≠ λ, output 1, else 0 Scheme is sound if Experiment outputs 1 with negl. prob. T(encode input) + T(verify output) < T(compute function)

38 Properties Privacy Experiment (against malicious server) Given encoding of function, A chooses 2 inputs x 0, x 1 Choose random b and give A encoding of x b If A successfully guesses b, output 1, else 0 Scheme is private if A’s advantage is at most negl. Privacy Experiment (against first client) C chooses x 0 =(x i,1,x i,2,..) & x 1 =(x i,1,x i,2 ’,..) s.t. f(x 0 )= f(x 1 ) Choose random b and give C the output of Compute(X b ) If C successfully guesses b, output 1, else 0 Scheme is private if C’s advantage is at most negl.

39 Model... Clients are semi-honest Want non-interactive solution Allow a preprocessing phase Amortized complexity n clients Also want privacy –Against colluding clients –Against malicious server

40 Projective Garbling Schemes Garbling Schemes [BHR12] –“Projective” if individual input encodings can be generated independently Adaptive soundness requires garbling scheme to satisfy aut! security GC …. Encoding of function (indep. of inputs) Encoding of inputs Encoding of outputs (one of which is obtained after evaluating GC)

41 Multi-Client VC Preprocessing GC …. Encode function, inputs & outputs using a garbling scheme

42 Multi-Client VC Input Encoding GC …. x = (x 1,…,x p ) Select own keys depending on input bits Keys obtained from Proxy OT

43 GC …. Multi-Client VC Preprocessing Using a garbling scheme, encode function & prepare state to encode inputs and to verify encoded outputs

44 GC …. Multi-Client VC Input Encoding x i,1 Select own keys depending on input bits x i,2

45 Multi-Client VC Input Encoding GC …. x i,1 Select own keys depending on input bits x i,2

46 Online –EncInp j –Compute –Verify Offline –EncFun Soundness x i,1 X i,1 x i,2 X i,2 pk 2 pk 1 F S TiTi pk 2 pk 1 pk 2 pk 1 WiWi yiyi

47 Soundness Experiment For j=1 to n: (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) For i = 1 to L: –x i ← Adv(F, {pk j }, Z) /* Z initially empty*/ –(X i,1,T i ) ← EncInp 1 (i,{pk j },S,sk 1,x i,1 ) –For j=1 to n: X i,j ← EncInp j (i,{pk j },sk j,x i,j ) –Z = Z ∪ { (x i,{X i,j }) } (i,W i )← Adv(F,{pk j }, (x 1,{X 1,j },…,x L,{X L,j })) y i ← Verify(i,S,T i,W i ) If y i ≠ f(x i ) and y i ≠ λ, output 1, else 0 Scheme is sound if Exp. outputs 1 with negl. prob.

48 Non-Interactive Proxy OT Assume clients share common random bits r 0,r 1, and a permutation bit c unknown to the server (x c +r c, x 1+c +r 1+c ) (c+b, r c+b ) Shared secret randomness can be generated via non- interactive key exchange (using PKI) (r 0, r 1, c) b=0,1 x 0,x 1

49 Our Contributions.... Need a model for verifying computations over joint inputs of multiple clients Resource constrained data- gathering sensors located far apart Want to perform computation over collected data Propose a model for non- interactive multi-client verifiable computation n semi-honest clients malicious server Definitions Constructions

50 Our Contributions.... Propose a model for non- interactive multi-client verifiable computation n semi-honest clients malicious server Definitions Constructions Need a model for non-interactive verification of computations over joint inputs of multiple clients

51 Multi-Client VC Input Encoding GC …. x = (x 1,…,x p ) Select own keys depending on input bits Keys obtained from Proxy OT

52 Multi-Client VC Input Encoding GC …. x = (x 1,…,x p ) Select keys depending on input bits

53 Online –EncInp j –Compute –Verify Offline –EncFun Syntax x i,1...... X i,1 x i,2...... X i,2 pk 2 pk 1 F S TiTi Setup –KeyGen pk 2 pk 1

54 Online –EncInp j –Compute –Verify Offline –EncFun Syntax x i,1 X i,1 x i,2 X i,2 pk 2 pk 1 F S TiTi Setup –KeyGen pk 2 pk 1 pk 2 pk 1 WiWi yiyi

55 Syntax (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1,T i ) ← EncInp 1 (i,{pk j },S,sk 1,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Online algorithms executed in the i th time period X i,1 X i,2

56 Properties Soundness Experiment Given encoding of function, A gets to choose series of inputs (for each client) & receive encodings of each input Finally, for some i, A outputs (i,W i ) If Verify(W i ) ≠ f(x i ) and Verify(W i ) ≠ λ, output 1, else 0 Scheme is sound if Experiment outputs 1 with negl. prob. Time taken to encode input and verify output must be smaller than the time taken to compute the function from scratch

57 Soundness & Privacy Soundness Experiment Given encoding of function, A gets to choose series of inputs (for each client) & receive encodings of each input Finally, for some i, A outputs W i If Verify(W i ) ≠ f(x i ) and Verify(W i ) ≠ λ, output 1, else 0 Scheme is sound if Experiment outputs 1 with negl. prob. Privacy Experiment Given encoding of function, A chooses 2 inputs x 0, x 1 Choose random b and give A encoding of x b If A successfully guesses b, output 1, else 0 Scheme is private if Experiment outputs 1 with negl. prob.

58 Syntax (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1,T i ) ← EncInp 1 (i,{pk j },S,sk 1,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Online algorithms executed in the i th time period WiWi

59 Multi-Client VC Input Encoding GC …. x = (x 1,…,x p ) Select keys depending on input bits

60 Multi-Client VC Input Encoding GC …. x = (x 1,…,x p ) Select own keys depending on input bits Keys obtained from Proxy OT

61 Non-Interactive Proxy OT Assume clients share common random bits r 0,r 1, and a permutation bit c unknown to the server (x c +r c, x 1+c +r 1+c ) (c+b, r c+b ) Shared secret randomness can be generate via non- interactive key exchange (using public keys) (x 0, x 1 ) b (r 0, r 1, c)

62 Model... Clients are semi-honest Want non-interactive solution Definitions Constructions n clients

63 Motivation... Propose a model for non- interactive multi-client verifiable computation n semi-honest clients malicious server Need a model for verifying computations over joint inputs of multiple clients Definitions Constructions

64 Syntax (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1,T i ) ← EncInp 1 (i,{pk j },S,sk 1,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Online algorithms executed for each time period i X i,j encodes inputs x i,j y i is the real output W i encodes y i

65 Syntax (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Projective Garbling Schemes [BHR12] Proxy Oblivious Transfer [NPS99] Fully Homomorphic Encryption [G09,BV11] Our construction builds upon the single-client scheme of [GGP10]

66 Syntax (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Projective Garbling Schemes [BHR12] Proxy Oblivious Transfer [NPS99] Fully Homomorphic Encryption [G09,BV11] Our construction builds upon the single-client scheme of [GGP10]

67 Model... n clients Clients are semi-honest Want non-interactive solution –No interaction between clients

68 Model... n clients Also want privacy –Against colluding clients –Against malicious server Clients are semi-honest Want non-interactive solution –No interaction between clients

69 Assumptions Distinguish multiple computations using time periods (denoted by i) –Necessary to prevent server from using inp. from a different time period Each client has a public-key secret-key pair –(pk j,sk j ) ← KeyGen(1 k,j) –Necessary to prevent spoofing attacks by malicious server Offline preprocessing phase –Only parties receiving output execute offline phase –(F, S) ← EncFun(1 k,f) –Computationally expensive but will be amortized over many executions

70 (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Syntax Each party has public key, secret key pair Necessary in our setting to prevent spoofing attacks by malicious server

71 (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Syntax Each party has public keys Necessary in our setting to prevent spoofing attacks by malicious server

72 (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Syntax Each party has public keys Necessary in our setting to prevent spoofing attacks by malicious server

73 Assumptions Distinguish multiple computations using time periods (denoted by i) –Necessary to prevent server from using inp. from a different time period –Denote joint input to the i th computation by x i Client j’s input in time period i denoted by x i,j Each client has a public-key secret-key pair –(pk j,sk j ) ← KeyGen(1 k,j) –Necessary to prevent spoofing attacks by malicious server Offline preprocessing phase executed by first client (w.l.o.g) –More generally, only parties receiving output execute offline phase –(F, S) ← EncFun(1 k,f) –Computationally expensive but will be amortized over many executions

74 Multi-Client VC Input Encoding GC ….

75 (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Syntax Each party has public keys Necessary in our setting to prevent spoofing attacks by malicious server

76 (pk j,sk j ) ← KeyGen(1 k,j) (F, S) ← EncFun(1 k,f) (X i,1, T i ) ← EncInp 1 (i,{pk j },sk 1,S,x i,1 ) X i,j ← EncInp j (i,{pk j },sk j,x i,j ) W i ← Compute(i,{pk j },F,{X i,j }) y i ∪ {λ} ← Verify(i,S,T i,W i ) Syntax Each party has public keys Necessary in our setting to prevent spoofing attacks by malicious server

77 Proxy OT Ideal Functionality b=0,1 Proxy OT Proxy OT Proxy OT x 0,x 1 xbxb  Originally defined in [NPS99] as a 3- party functionality  Here we need generalization to n parties

78 Our Contributions Several solutions –Interactive proofs [GMR85,LFKN92,S92,GKR08] –MIPs & PCPs [BFL91,BFLS91,BCCT12] –Interactive arguments [BCC88,M94,K92,K95] –Non-Interactive Solutions [K95,M94,GKR08,CKV10,GGP10,AIK11,BHR12] All of them are in the single client setting

79 Single-Client VC [GGP10] KeyGen ProbGen Compute Verify

80 Single-Client VC [GGP10] GC ….

81 Single-Client VC [GGP10] GC …....... Preprocessing Stage

82 Single-Client VC [GGP10] GC …....... Preprocessing Stage GC …. Private State

83 Single-Client VC [GGP10]...... GC …. Private State Input Encoding x = (x 1,…,x p )

84 Single-Client VC [GGP10]...... GC …. Private State Input Encoding x = (x 1,…,x p )......

85 Single-Client VC [GGP10]...... Input Encoding GC …. Private State x = (x 1,…,x p )

86 Multi-Client VC GC …. Private State Input Encoding x = (x 1,…,x p )............ y = (y 1,…,y p )

87 x = (x 1,…,x p )...... y = (y 1,…,y p ) Multi-Client VC GC …. Private State Input Encoding

88 x = (x 1,…,x p ) y = (y 1,…,y p )...... Multi-Client VC GC …. Private State Input Encoding

89 b=0,1 Proxy OT Ideal Functionality Proxy OT Proxy OT Proxy OT x 0,x 1 xbxb

90 Proxy OT Ideal Functionality b=0,1 Proxy OT Proxy OT Proxy OT x 0,x 1 xbxb

91 Proxy OT Ideal Functionality b=0,1 Proxy OT Proxy OT Proxy OT x 0,x 1 xbxb

92 Proxy OT Ideal Functionality b=0,1 Proxy OT Proxy OT Proxy OT x 0,x 1 xbxb  Originally defined in [NPS99] as a 3- party functionality  Here we need generalization to n parties

93 Single-Client VC Preprocessing GC ….......  Uses any projective garbling scheme [BHR12]  For adaptive security, garbling scheme needs to satisfy aut!

94 Single-Client VC Preprocessing GC ….......  Uses any projective garbling scheme [BHR12]  For adaptive security, garbling scheme needs to satisfy aut!

95 Single-Client VC [GGP10] Preprocessing GC ….  Uses projective garbling scheme [BHR12]  For adaptive security, garbling scheme needs to satisfy aut! [BHR12]

96 Single-Client VC [GGP10] Preprocessing GC ….  Uses projective garbling scheme [BHR12]  For adaptive security, garbling scheme needs to satisfy aut! [BHR12]

97 Single-Client VC [GGP10] Preprocessing GC ….  Uses projective garbling scheme [BHR12]  For adaptive security, garbling scheme needs to satisfy aut! [BHR12]

98 Single-Client VC [GGP10] Input Encoding GC …. x = (x 1,…,x p ) Select keys depending on input bits

99 Single-Client VC [GGP10] Output Computation x = (x 1,…,x p ) Select keys depending on input bits GC ….

100 Single-Client VC [GGP10] Output Computation GC …. x = (x 1,…,x p ) Select keys depending on input bits GC ….

101 Single-Client VC [GGP10] Verification GC …. Check whether received key matches one of the 2 output keys GC ….

102 Single-Client VC [GGP10] Output Computation GC …. Select keys depending on input bits x = (x 1,…,x p )

103 Single-Client VC Preprocessing  Originally defined in [NPS99] as a 3- party functionality  Here we need generalization to n parties GC ….......

104 b=0,1 Proxy OT Private State Input Encoding

105 Yao Garbled Circuits ab c AND a a b b a b b a ab

106 Oblivious Transfer xbxb Alice (input x 0,x 1 ) x 1-b hidden Does not learn b Bob (input b) OT

Download ppt "Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal."

Similar presentations

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Private Inference Control

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz.

How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)

On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.

New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Similar presentations

Ads by Google