Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Computation on Mobile Devices Peter Chapman CS 1120 December 2, 2011.

Published byKaleb Storm Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Computation on Mobile Devices Peter Chapman CS 1120 December 2, 2011."— Presentation transcript:

1 Secure Computation on Mobile Devices Peter Chapman http://www.cs.virginia.edu/~pmc8p CS 1120 December 2, 2011

2 Microsoft Research (Summer 2011) Web Side-Channel Leaks (2010-2011) Secure Computation on Mobile Devices (2011-Present)

3 Mutual Contact Discovery Alice Bob Sharing contact list with a stranger is unacceptable Discover! Someone nearby also knows Alice and 8 other contacts of yours!

4 Trust someone else? Alice Bob

5 The Dilemma Can we interact with others and control our data?

6 Secure Two-Party Computation Private Data: a Private Data: b Bob Alice Garbled Circuit Protocol Andrew Yao, 1982/1986

7 Yao’s Garbled Circuits InputsOutput abx 000 010 100 111 AND a b x

8 Computing with Meaningless Values? InputsOutput abx a0a0 b0b0 x0x0 a0a0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1 AND a 0 or a 1 b 0 or b 1 x 0 or x 1 a i, b i, x i are random values, chosen by the circuit generator but meaningless to the circuit evaluator.

9 Computing with Garbled Tables InputsOutput abx a0a0 b0b0 Enc a 0,b 0 (x 0 ) a0a0 b1b1 Enc a 0,b 1 (x 0 ) a1a1 b0b0 Enc a 1,b 0 (x 0 ) a1a1 b1b1 Enc a 1,b 1 (x 1 ) AND a 0 or a 1 b 0 or b 1 x 0 or x 1 a i, b i, x i are random values, chosen by the circuit generator but meaningless to the circuit evaluator. Bob can only decrypt one of these! Garbled And Gate Enc a 0, b 1 (x 0 ) Enc a 1,b 1 (x 1 ) Enc a 1,b 0 (x 0 ) Enc a 0,b 0 (x 0 )

10 Chaining Garbled Circuits AND a0a0 b0b0 x0x0 a1 b1b1 x1x1 OR x2x2 And Gate 1 Enc a1 0, b 1 1 (x1 0 ) Enc a1 1,b1 1 (x1 1 ) Enc a1 1,b1 0 (x1 0 ) Enc a1 0,b1 0 (x1 0 ) Or Gate 2 Enc x0 0, x 1 1 (x2 1 ) Enc x0 1,x1 1 (x2 1 ) Enc x0 1,x1 0 (x2 1 ) Enc x0 0,x1 0 (x2 0 ) … We can do any computation privately this way!

11

12 Yao’s Garbled Circuits InputsOutput abx 000 010 100 111 AND a b x

13 Computing with Meaningless Values? InputsOutput abx a0a0 b0b0 x0x0 a0a0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1 a i, b i, x i are random values, chosen by the circuit generator but meaningless to the circuit evaluator.

14 We use 80-Bit Random Numbers 11111111111111111111111111111111111111111110100001000000010001000011011000001000 1,208,925,819,614,527,173,703,176 1 septillion, 208 sextillion, 925 quintillion, 819 quadrillion, 614 trillion, 527 billion, 173 million, 703 thousand, and 176

15 Computing with Meaningless Values? InputsOutput abx a0a0 b0b0 x0x0 a0a0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1

16 Computing with Meaningless Values? InputsOutput abx 193b0b0 x0x0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1 Really 80-Bit Numbers

17 Computing with Meaningless Values? InputsOutput abx 193b0b0 x0x0 b1b1 x0x0 465b0b0 x0x0 b1b1 x1x1 Really 80-Bit Numbers

18 Computing with Meaningless Values? InputsOutput abx 193657x0x0 193b1b1 x0x0 465657x0x0 465b1b1 x1x1 Really 80-Bit Numbers

19 Computing with Meaningless Values? InputsOutput abx 193657x0x0 193255x0x0 465657x0x0 465255x1x1 Really 80-Bit Numbers

20 Computing with Meaningless Values? InputsOutput abx 193657844 193255844 465657844 465255x1x1 Really 80-Bit Numbers

21 Computing with Meaningless Values? InputsOutput abx 193657844 193255844 465657844 465255123 Really 80-Bit Numbers

22 Computing with Garbled Tables InputsOutput abx 193657Enc 193;657 (844) 193255Enc 193;255 (844) 465657Enc 465;657 (844) 465255Enc 465;255 (123) Bob can only decrypt one of these! Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) Really 80-Bit Numbers

23 Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) AliceBob Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) a0a0 193

24 Oblivious Transfer AliceBob b0b0 657 b1b1 255 657 Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) 193 844 0

25 Potential Applications Common Contacts Favorite Movies Hyper-Targeted Advertising Voting, Auctions & more! Collaborative Scheduling

26 http://MightBeEvil.com/mobile/

27 Research Advice Don’t be afraid.

28

29 Attributions “iPhone” symbol from thenounproject.com collection. "Lock" symbol from thenounproject.com collection.

Download ppt "Secure Computation on Mobile Devices Peter Chapman CS 1120 December 2, 2011."

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Faster Secure Two-Party Computation Using Garbled Circuits

Faster Secure Two-Party Computation Using Garbled Circuits
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.

Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.

ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.

New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

Similar presentations

Ads by Google