Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto.

Published byHollie Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto."— Presentation transcript:

1 Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto

2 Motivation for the Greater Than Predicate A: I would like to buy tickets to Cheju Island. B: My prices are so low, I cannot tell them! Tell me how much money you have (x), and if it’s more than my price (y), I’d sell it to you for y. A: We better securely evaluate Greater Than (GT). HAHA!! I’ll set y := x – 0.01 GT Uses: Auction systems Secure database mining Computational Geometry

3 Previous work on GT Yao’s Two Millionaires Yao’s Garbled Circuit Rogaway, 1991 Naor, Pinkas, Sumner, 1999 Lindell, Pinkas, 2004 Sander, Young, Yung, 1999 Fischlin, 2001 Many others

4 Our Model B: Let’s be Semi-Honest. That means we will not deviate from our protocol. We can, however, try to learn things we aren’t supposed to by observing our communication. A: Also, I will have unlimited computation power. B: That sounds complicated. Most efficient solutions won’t work (e.g. garbled circuit). A: Let’s do it in one round – I hate waiting!

5 Tools – Homomorphic Encryption Encryption scheme, such that: Given E(m 1 ), E(m 2 ) and public key, allows to compute E(m 1 ­ m 2 ) Additively homomorphic ( ­ = +) schemes Large plaintext group We will need: The Paillier scheme satisfies our requirements

6 Oblivious Transfer (OT) Input: bit b Input: secrets s 0, s 1 Learn: s b Learn: nothing

7 Input: x Input: y, secrets s 0, s 1 Learn: Learn: nothing Strong Conditional OT (SCOT) Predicate Q(x,y) s Q(x,y)

8 Q-SCOT COT of Di Crescenzo, Ostrovsky, Rajagopalan, 1999 OT Secure evaluation of Q(x,y) Is a generalization of:

9 The GT-SCOT Protocol x 1, …, x n s 0, s 1, y 1, …, y n pub, pri x 1, …, x n pub x 1 -y 1, …, x n -y n x 1 © y 1, …, x n © y n x © y = (x-y) 2 =x-2xy+y d = f =   0 = 0,  i = 2  i-1 +f i f = 0 0 1 0 0 1 1 0 …  = 0 0 0 1 2 4 9 19 38 …   i = d i + r i (  i -1)  = -1-1 0 1 3 8 18 37 … r  = r 1 r 2 0 r 3 r 4 r 5 r 6 r 7 … d+r  = t 1 t 2 d i t 3 t 4 t 5 t 6 t 7 …  i = ½ ((s 1 -s 0 )  i +s 1 +s 0 )  ) sjsj

10 Interval-SCOT x x 1, x 2, s 0, s 1 2 D S a 1 2 R D S s 0 = a 1 +b 1 = a 2 +b 2 s 1 = a 2 +b 1 GT-SCOT(a 1 |a 2 ? x<x 1 ) GT-SCOT(b 1 |b 2 ? x<x 2 ) a i +b j

11 Union of Intervals-SCOT x I 1,…, I k, s 0, s 1 2 D S I-SCOT(s 11 |s 10 ? x 2 I 1 )  i s i? s 1 =  i s i1 s 1 -s 0 = s i1 -s i0 I-SCOT(s k1 |s k0 ? x 2 I k )

12 Conclusions General and composable definition of SCOT SCOT solutions (GT, I, UI)  Simple and composable  Orders of magnitude improvement in communication (loss in computational efficiency in some cases)  Especially efficient for transferring larger secrets ( e.g. ¼ 1000 bits )

13 Resource Comparison

Download ppt "Strong Conditional Oblivious Transfer and Computing on Intervals Vladimir Kolesnikov Joint work with Ian F. Blake University of Toronto."

Similar presentations

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.
A Two-Server Auction Scheme Ari Juels and Mike Szydlo Financial Cryptography 02 12 March 2002.

A Two-Server Auction Scheme Ari Juels and Mike Szydlo Financial Cryptography March 2002.
1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.

1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Oblivious Branching Program Evaluation

Oblivious Branching Program Evaluation
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Garbled RAM, Revisited Daniel Wichs (Northeastern University) Joint work with: Craig Gentry, Shai Halevi, Seteve Lu, Rafail Ostrovsky, Mariana Raykova.

Garbled RAM, Revisited Daniel Wichs (Northeastern University) Joint work with: Craig Gentry, Shai Halevi, Seteve Lu, Rafail Ostrovsky, Mariana Raykova.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.

Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Similar presentations

Ads by Google