Presentation on theme: "1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation."— Presentation transcript:
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation
2 Covert Computation Strengthening of the notion of secure computation, introduced by Ahn-Hopper-Langford’05 Talk about privacy of not just input but also whether a party participated in the protocol or not Covert computation has similar relation to secure computation as stenographic communication has to encrypted communication
3 Example: Secret Handshake Two (secret) hackers on the internet I suspect he is a member of the hacker group as well. Secure 2pc?
4 Example: Secret Handshake Lets run 2pc to see if we are both hackers he is a hacker!!
5 Secret Handshake contd.. If only there was a better protocol
6 Ideally Internet is such a great resource, I learn so much Completely agree, helps me get good grades in college We are both hackers !!
7 Covert Computation Parties talk as usual and hide protocol messages in the normal “innocent looking” conversation In the end, if: –everyone participated –output favorable (certificates matched) output and participation revealed to everyone Else, nobody knows who participated (parties just see normal messages)
8 More technically The protocol messages “hidden” in the innocent conversation need to look random (otherwise participation revealed) [vAHL05] Thus: design an MPC protocol w/ messages indistinguishable from random (except when everyone participating and function output favorable, final messages will not look random) Various standard tools like ZK break down
9 Covert Computation Ahn-Hopper-Langford’05: two party Chandran-Goyal-Ostrovsky-Sahai’07: multi-party assuming a broadcast channel Polynomial number of rounds (in s.p., depth of circuit) This work: focus on round complexity, feasibility for point to point channels
10 Covert MPC w/ point to point channels Point to point channel: communication using, e.g., individual s (as opposed to a mailing list) –Standard techniques for MPC w/ point to point channels inherently break down Internet is such a great resource, I learn so much he said the same thing!!
11 Our Results We first consider the round complexity of covert computation: –w/ black-box simulation: constant round covert two-party computation impossible –non black-box simulation: constant round covert multi- party computation. Techniques: two slot simulation technique [Pass’04, Barak’01] crypto in NC0 [Applebaum-Ishai-Kushilevitz’04] We observe that our constant round MPC protocol inherits bounded concurrency from Pass’04 –use this to show feasibility for covert MPC w/ point to point channels for a constant number of parties
12 Covert MPC w/ Point to Point Channels Recall: we need protocol to run w/o more than 2 parties agreeing on a message x1x1 x2x2 x3x3 (x 1, x 2 )
13 High level idea contd.. S 2-bounded 4-bounded (x 1, …, x 4 ) (x 5, …, x 8 ) A C B D