Presentation is loading. Please wait.

Presentation is loading. Please wait.

Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories Mix and Match: A Simple Approach to General Secure Multiparty Computation +

Similar presentations


Presentation on theme: "Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories Mix and Match: A Simple Approach to General Secure Multiparty Computation +"— Presentation transcript:

1 Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories Mix and Match: A Simple Approach to General Secure Multiparty Computation +

2 What is secure multiparty computation?

3 The problem Alice Bob a b f(a,b)

4 The problem f Black Box Alice Bob a b a b

5 Richie Rich is richer Whos richer? Millionaires Problem > Worth $a Worth $b

6 Auctions Bob $810 f Alice Bob Edgar Cate

7 What s in the black box?

8 Trusted third party? Trusted Party We want to do without!

9 Tamper-resistant hardware Alice Bob a b f(a,b) But we don t want to rely on hardware!

10 Secure multiparty computation Alice Bob a b Alice and Bob simulate circuit f(a,b)

11 Other methods u Complex u Recently becoming somewhat practical u Simulate full field operations u gate involves local computation u gate requires rounds of verifiable secret sharing

12 Our method: Mix and match u Conceptually simple u Simulates only boolean gates directly u Very efficient for bitwise operations, not so for others u Some pre-computation possible

13 Some previous work u Yao –Use of logical tables (two-player) u Chaum, Damgård, van de Graaf –Multi-party use of logical tables (for passive adversaries)

14 Mix and Match (Non-private)

15 Non-private simulation: OR gate ab a b

16 10 Bob Alice a b a b a b = ? = ? = ? 10 a b = 11

17 Mix and Match Alice Bob a b Alice and Bob simulate circuit f(a,b)

18 Mix and Match (Private)

19 First tool: Mix network (MN) plaintext 1 plaintext 2 plaintext 3 plaintext 4 Randomly permutes and encrypts inputs Mix network (MN)

20 Second tool: Matching or Plaintext equivalence decision (PED) Ciphertext 1 Ciphertext 2 = ? Reveals no information other than equality

21 Mix and Match u Step 1: Key sharing between Alice and Bob -- public key y u Step 2: Alice and Bob encrypt individual bits under y Alice Bob a b a b

22 u Step 3: Alice and Bob mix tables ab a b ab a b Mix network (MN) Permute and encrypt rows

23 u Step 4: Matching using PED, i.e., Table lookup Find matching row ba = ? ba = ? ab a b a b =

24 u Repeat matching on each table for entire circuit f(a,b) =

25 f(a,b) Decrypting f(a,b) u Step 5: Decrypt f(a,b) f(a,b) Alice Bob

26 Some extensions u Easy to have multiple parties participate uMixing and matching can be performed by different coalitions u We can get XOR for free using Franklin-Haber cryptosystem

27 Privacy and Robustness As long as more than half of participants are honest… u Computation will be performed correctly u No information other than output is revealed u Security in random oracle model reducible to Decision Diffie-Hellman problem

28 Low cost u Very low overall broadcast complexity: O(Nn) group elements –N is number of gates –n is number of players –Equal to that of best competitive methods u O(n+d) broadcast rounds –d is circuit depth u Computation: O(Nn) exponentiations for each player

29 Questions? + ?


Download ppt "Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories Mix and Match: A Simple Approach to General Secure Multiparty Computation +"

Similar presentations


Ads by Google