Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.

Published byKevin Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven."— Presentation transcript:

1 On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven Celestijnenlaan 200A, B-3001 Heverlee, Belgium

2 2 Secure Distributed Computing Given –n different participants P 1 …P n –each participant P i has a secret input x i –some function f How to –compute y = f(x 1,…, x n ) –without P i being able to learn anything more about x j (i  j) than what is implied by the function result itself Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

3 3 Secure Distributed Computing (cont) Practical applications –Second price auctions –Voting –Privacy for mobile code –Secret Query Database Query a database while preserving privacy of query Example Alice sells records from database of CV’s Bob doesn’t want just any CV doesn’t want to reveal his selection criteria Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

4 4 Overview Secure Distributed Computing –Trivial solution –Protocol (by Abadi & Feigenbaum) –Other protocols Case study: Secret Query Database –Implementation –Assessment Conclusion

5 5 Trivial Solution Using a Trusted Third Party (TTP) x1x1 x2x2 xnxn y y y y = f(x 1,…,x n ) Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

6 6 Outline of the Protocol Two participants –Alice knows secret data x = x 1 x 2 … –Bob knows secret function f (as a boolean circuit) –Compute y = f(x) without compromising their secrets Outline Alice Bob x = x 1 x 2 … E n (y 1 ), E n (y 2 ), … f y y Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

7 7 Encryption Scheme Probabilistic encryption –one plaintext  many possible ciphertexts –secure for small message spaces –disadvantage: huge data blowup – Homomorphic encryption scheme –E(x) op E(y) = E(x op’ y) –Properties: Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

8 8 Evaluation of the Circuit NOT-gate XOR-gate AND-gate ? No interaction with Alice! Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

9 9 Evaluation of the Circuit (cont) AliceBob ? Choose random c 1, c 2 Decryption  d 1, d 2 !  communication overhead  Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

10 10 Other SDC Protocols Goldreich, Micali and Wigderson (1987) –Two-party –Based on symmetric encryption and oblivious transfer Sander and Tschudin (1998) –Two-party –Autonomous protocol –Based on dual-homomorphic encryption schemes –Polynomial evaluation only Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

11 11 Chaum, Damgard and van de Graaf (1988) –Multi-party –Based on blindable bit commitments Franklin and Haber (1996) –Multi-party –Based on group-oriented cryptography Other SDC Protocols (cont) Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

12 12 Secret Query Database Problem statement –Query DB while preserving privacy of query Example –Alice sells records from database of CV’s = secret data x –Bob doesn’t want just any CV doesn’t want to reveal his selection criteria = secret function Q( ) Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

13 13 Implementation AliceBob n = pq record x n, E n (x 1 ), E n (x 2 ),… query Q evaluation E n (Q(x)) Decrypt  Q(x) Q(x) = 1 ? x Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

14 14 Security Trade-Off Security parameter: |n| –Each record different n  512 bits Huge data blowup! –1 plaintext bit  512 encrypted bits Encrypted records reusable –p and q are never revealed –Same encryption used for multiple session  Edited on CD-ROM Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

15 15 Assessment Typical values –|record x| = 500 bytes –|database| = 1000 records –|query Q| = 1000 gates –|n| = 512 bits (security parameter) Communication complexity Per recordTotal On CD-ROM250 KB244 MB Over network94 KB92 MB Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

16 16 Conclusion High overhead, but –increasing bandwidth of the Internet –trade-off communication  security –trade-off communication  query complexity –mobile agent technology SDC is ready for practical applications Introduction Secure Distributed Computing Case Study: Secret Query Database Conclusion

17 17 Quadratic Residuosity Suppose –p and q primes congruent to 3 mod 4 –n = pq – a is a quadratic residue (QR) mod n iff Quadratic Residuosity Assumption (QRA): Is a a QR mod n or not? –easy if p and q are known –hard if p and q are unknown

18 18 Some Properties Inversion If a is a QR mod n, then is a QNR mod n (and vice versa) Multiplication mod n ab a  b mod n QR QNR QRQNR QR ab 000 011 101 110 a  b

19 19 Efficiency Improvement AliceBob ? Choose random c 1, c 2 Decryption  d 1, d 2 !  If c 2 = 0  b 1  c 2 = 0  E n (b 1  c 2 ) = E n (0) If c 2 = 1  b 1  c 2 = b 1  E n (b 1  c 2 ) = E n (b 1 )

Download ppt "On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven."

Similar presentations

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY AND VERIFICATION Lecture 1: Why to prove cryptography? The origins of provable cryptography Tamara Rezk INDES TEAM, INRIA January 3 rd, 2012.

SECURITY AND VERIFICATION Lecture 1: Why to prove cryptography? The origins of provable cryptography Tamara Rezk INDES TEAM, INRIA January 3 rd, 2012.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
7. Asymmetric encryption-

7. Asymmetric encryption-
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference.

Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu ICC IEEE International Conference.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

Similar presentations

Ads by Google