Download presentation

Presentation is loading. Please wait.

Published byTimothy Drake Modified over 3 years ago

1
**Mix and Match: A Simple Approach to General Secure Multiparty Computation**

+ Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories

2
**What is secure multiparty computation?**

3
The problem f(a,b) Alice Bob a b

4
The problem f(a,b) b a Alice Bob f Black Box a b

5
**Millionaires’ Problem**

Richie Rich is richer Who’s richer? > Scrooge McDuck Worth $a Worth $b

6
**Auctions Special Edition Furby Special Edition f Furby Bob $810 Alice**

Cate f Bob Edgar

7
What’s in the black box?

8
Trusted third party? Trusted Party We want to do without!

9
**Tamper-resistant hardware**

f(a,b) Alice Bob b a But we don’t want to rely on hardware!

10
**Secure multiparty computation**

f(a,b) Alice Bob b a Alice and Bob simulate circuit

11
**Other methods Simulate full field operations**

gate involves local computation gate requires rounds of verifiable secret sharing Complex Recently becoming somewhat practical

12
**Our method: Mix and match**

Conceptually simple Simulates only boolean gates directly Very efficient for bitwise operations, not so for others Some pre-computation possible

13
**Some previous work Yao Chaum, Damgård, van de Graaf**

Use of logical tables (two-player) Chaum, Damgård, van de Graaf Multi-party use of logical tables (for passive adversaries)

14
**Mix and Match (Non-private)**

15
**Non-private simulation: OR gate**

b 1

16
**Non-private simulation: OR gate**

Alice Bob a b a b a b 1 = ? 1 1 1 = ? 1 1 1 = ? 1 1 a b = 1 1 1 1 1

17
**Alice and Bob simulate circuit**

Mix and Match f(a,b) Alice Bob b a Alice and Bob simulate circuit

18
**Mix and Match (Private)**

19
**First tool: Mix network (MN)**

plaintext 1 plaintext 2 plaintext 3 plaintext 4 Randomly permutes and encrypts inputs

20
**Second tool: Matching or Plaintext equivalence decision (PED)**

= ? Ciphertext 1 Ciphertext 2 Reveals no information other than equality

21
Mix and Match Step 1: Key sharing between Alice and Bob -- public key y Step 2: Alice and Bob encrypt individual bits under y a Alice a Bob b b

22
**Step 3: Alice and Bob mix tables**

1 a b Mix network (MN) Permute and encrypt rows

23
**= = Step 4: Matching using PED, i.e., Table lookup b a b a**

? b a = ? b a a b = Find matching row

24
**Repeat matching on each table for entire circuit**

f(a,b) =

25
Decrypting f(a,b) Step 5: Decrypt f(a,b) Alice f(a,b) f(a,b) Bob

26
**Some extensions Easy to have multiple parties participate**

“Mixing” and “matching” can be performed by different coalitions We can get XOR for “free” using Franklin-Haber cryptosystem

27
**Privacy and Robustness**

As long as more than half of participants are honest… Computation will be performed correctly No information other than output is revealed Security in random oracle model reducible to Decision Diffie-Hellman problem

28
**Low cost Very low overall broadcast complexity: O(Nn) group elements**

N is number of gates n is number of players Equal to that of best competitive methods O(n+d) broadcast rounds d is circuit depth Computation: O(Nn) exponentiations for each player

29
Questions? + ?

Similar presentations

Presentation is loading. Please wait....

OK

Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on electromagnetism theory Ppt on non biodegradable waste View my ppt online templates Ppt on solid dielectrics industries Ppt on magic tee Can you run ppt on ipad Ppt on ozone depletion and global warming Ppt on facebook graph search Ppt on exploring fibonacci numbers Ppt on red and yellow soil