Download presentation

Presentation is loading. Please wait.

Published byTimothy Drake Modified over 3 years ago

1
**Mix and Match: A Simple Approach to General Secure Multiparty Computation**

+ Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories

2
**What is secure multiparty computation?**

3
The problem f(a,b) Alice Bob a b

4
The problem f(a,b) b a Alice Bob f Black Box a b

5
**Millionaires’ Problem**

Richie Rich is richer Who’s richer? > Scrooge McDuck Worth $a Worth $b

6
**Auctions Special Edition Furby Special Edition f Furby Bob $810 Alice**

Cate f Bob Edgar

7
What’s in the black box?

8
Trusted third party? Trusted Party We want to do without!

9
**Tamper-resistant hardware**

f(a,b) Alice Bob b a But we don’t want to rely on hardware!

10
**Secure multiparty computation**

f(a,b) Alice Bob b a Alice and Bob simulate circuit

11
**Other methods Simulate full field operations**

gate involves local computation gate requires rounds of verifiable secret sharing Complex Recently becoming somewhat practical

12
**Our method: Mix and match**

Conceptually simple Simulates only boolean gates directly Very efficient for bitwise operations, not so for others Some pre-computation possible

13
**Some previous work Yao Chaum, Damgård, van de Graaf**

Use of logical tables (two-player) Chaum, Damgård, van de Graaf Multi-party use of logical tables (for passive adversaries)

14
**Mix and Match (Non-private)**

15
**Non-private simulation: OR gate**

b 1

16
**Non-private simulation: OR gate**

Alice Bob a b a b a b 1 = ? 1 1 1 = ? 1 1 1 = ? 1 1 a b = 1 1 1 1 1

17
**Alice and Bob simulate circuit**

Mix and Match f(a,b) Alice Bob b a Alice and Bob simulate circuit

18
**Mix and Match (Private)**

19
**First tool: Mix network (MN)**

plaintext 1 plaintext 2 plaintext 3 plaintext 4 Randomly permutes and encrypts inputs

20
**Second tool: Matching or Plaintext equivalence decision (PED)**

= ? Ciphertext 1 Ciphertext 2 Reveals no information other than equality

21
Mix and Match Step 1: Key sharing between Alice and Bob -- public key y Step 2: Alice and Bob encrypt individual bits under y a Alice a Bob b b

22
**Step 3: Alice and Bob mix tables**

1 a b Mix network (MN) Permute and encrypt rows

23
**= = Step 4: Matching using PED, i.e., Table lookup b a b a**

? b a = ? b a a b = Find matching row

24
**Repeat matching on each table for entire circuit**

f(a,b) =

25
Decrypting f(a,b) Step 5: Decrypt f(a,b) Alice f(a,b) f(a,b) Bob

26
**Some extensions Easy to have multiple parties participate**

“Mixing” and “matching” can be performed by different coalitions We can get XOR for “free” using Franklin-Haber cryptosystem

27
**Privacy and Robustness**

As long as more than half of participants are honest… Computation will be performed correctly No information other than output is revealed Security in random oracle model reducible to Decision Diffie-Hellman problem

28
**Low cost Very low overall broadcast complexity: O(Nn) group elements**

N is number of gates n is number of players Equal to that of best competitive methods O(n+d) broadcast rounds d is circuit depth Computation: O(Nn) exponentiations for each player

29
Questions? + ?

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google