Download presentation

Presentation is loading. Please wait.

Published byTimothy Drake Modified over 2 years ago

1
Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories Mix and Match: A Simple Approach to General Secure Multiparty Computation +

2
What is secure multiparty computation?

3
The problem Alice Bob a b f(a,b)

4
The problem f Black Box Alice Bob a b a b

5
Richie Rich is richer Whos richer? Millionaires Problem > Worth $a Worth $b

6
Auctions Bob $810 f Alice Bob Edgar Cate

7
What s in the black box?

8
Trusted third party? Trusted Party We want to do without!

9
Tamper-resistant hardware Alice Bob a b f(a,b) But we don t want to rely on hardware!

10
Secure multiparty computation Alice Bob a b Alice and Bob simulate circuit f(a,b)

11
Other methods u Complex u Recently becoming somewhat practical u Simulate full field operations u gate involves local computation u gate requires rounds of verifiable secret sharing

12
Our method: Mix and match u Conceptually simple u Simulates only boolean gates directly u Very efficient for bitwise operations, not so for others u Some pre-computation possible

13
Some previous work u Yao –Use of logical tables (two-player) u Chaum, Damgård, van de Graaf –Multi-party use of logical tables (for passive adversaries)

14
Mix and Match (Non-private)

15
Non-private simulation: OR gate ab a b

16
10 Bob Alice a b a b a b = ? = ? = ? 10 a b = 11

17
Mix and Match Alice Bob a b Alice and Bob simulate circuit f(a,b)

18
Mix and Match (Private)

19
First tool: Mix network (MN) plaintext 1 plaintext 2 plaintext 3 plaintext 4 Randomly permutes and encrypts inputs Mix network (MN)

20
Second tool: Matching or Plaintext equivalence decision (PED) Ciphertext 1 Ciphertext 2 = ? Reveals no information other than equality

21
Mix and Match u Step 1: Key sharing between Alice and Bob -- public key y u Step 2: Alice and Bob encrypt individual bits under y Alice Bob a b a b

22
u Step 3: Alice and Bob mix tables ab a b ab a b Mix network (MN) Permute and encrypt rows

23
u Step 4: Matching using PED, i.e., Table lookup Find matching row ba = ? ba = ? ab a b a b =

24
u Repeat matching on each table for entire circuit f(a,b) =

25
f(a,b) Decrypting f(a,b) u Step 5: Decrypt f(a,b) f(a,b) Alice Bob

26
Some extensions u Easy to have multiple parties participate uMixing and matching can be performed by different coalitions u We can get XOR for free using Franklin-Haber cryptosystem

27
Privacy and Robustness As long as more than half of participants are honest… u Computation will be performed correctly u No information other than output is revealed u Security in random oracle model reducible to Decision Diffie-Hellman problem

28
Low cost u Very low overall broadcast complexity: O(Nn) group elements –N is number of gates –n is number of players –Equal to that of best competitive methods u O(n+d) broadcast rounds –d is circuit depth u Computation: O(Nn) exponentiations for each player

29
Questions? + ?

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google