Download presentation

Presentation is loading. Please wait.

Published byBryan Howard Modified over 3 years ago

1
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University

2
Systemic Risk from Local Information

8
M.C.Escher, Belvedere

9
Who Puts Together the Big Picture?

10
The government?

11
Who Puts Together the Big Picture? The government?

12
Who Puts Together the Big Picture? An independent trustworthy party?

13
Who Puts Together the Big Picture? An independent trustworthy party?

14
Who Puts Together the Big Picture? The data owners (financial institutions) themselves?

15
Who Puts Together the Big Picture? The data owners (financial institutions) themselves?

16
Who Puts Together the Big Picture? Cryptography tells us: For any efficiently computable function F, there is an “efficient” interactive algorithm that n data owners, P 1 (x 1 ),…,P n (x n ), can run together such that: 1.They learn F(x 1,x 2,…,x n ) 2.Other than that, P i learns nothing about x j, j≠i [Yao, GMW, BGW, …]

17
Example: Set Intersection 12 18 5 6 31 42 5 24 12 3 Alice’s set Bob’s set 5 12 Intersection

18
How to compute the intersection w/o learning the rest of each other’s sets? [FMP04,…,BCCKLS09,…,KMRS14]

19
Step 1: Alice’s set becomes a polynomial 12 18 5 6 31 Alice’s set p(x) = (x-12)(x-18)(x-5)(x-6)(x-31) mod q = x 5 + c 4 x 4 + c 3 x 3 + c 2 x 2 + c 1 x + c 0 c4c4 c3c3 c2c2 c1c1 c0c0

20
Step 1: Alice’s set becomes a polynomial Alice’s polynomial p(x) c4c4 c3c3 c2c2 c1c1 c0c0

21
Step 2: Alice encrypts her polynomial Alice’s polynomial p(x) c4c4 c3c3 c2c2 c1c1 c0c0

22
Step 2: Alice encrypts her polynomial Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 )

23
Step 2: Alice encrypts her polynomial… Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) …using an “additive” encryption scheme E(x) * E(y) = E(x+y) [Paillier’99]

24
Step 2: Alice encrypts her polynomial… Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) …using an “additive” encryption scheme …for which she holds the decryption key

25
Step 3: Alice sends the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial to Bob

26
Step 4: Bob evaluates the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial on his set 42 5 24 12 3 Bob’s set p(42) = 42 5 + c 4 42 4 + c 3 42 3 +c 2 42 2 +c 1 42+c 0 mod q E(p(42)) = E(42 5 ) * E(c 4 )42 4 * E(c 3 )42 3 * E(c 2 )42 2 * E(c 1 )42 * E(c 0 )

27
Step 4: Bob evaluates the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial on his set 42 5 24 12 3 Bob’s set p(x) evaluated on Bob’s set E(p(42))E(p(5))E(p(24))E(p(12))E(p(3))

28
Step 4: Bob evaluates the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial on his set p(x) evaluated on Bob’s set E(p(42))E(0)E(p(24))E(0)E(p(3)) Note: p(y) = 0 iff y is in Alice’s set

29
Step 5: Bob randomizes the result E(p(42))R 1 E(0)R 2 E(p(24))R 3 E(0)R 4 E(p(3))R 5

30
Step 5: Bob randomizes the result E(u 1 )E(0)E(u 3 )E(0)E(u 5 )

31
Step 6: Bob sends the result to Alice E(u 1 )E(0)E(u 3 )E(0)E(u 5 )

32
Step 7: Alice decrypts it... E(u 1 )E(0)E(u 3 )E(0)E(u 5 ) u1u1 0u3u3 0u5u5

33
Step 7: Alice decrypts it... and sends the locations of 0’s to Bob u1u1 0u3u3 0u5u5

34
Step 7: Alice decrypts it... and sends the locations of 0’s to Bob ?0?0?

35
Step 8: Bob derives the intersection ?0?0? 42 5 24 12 3

36
Step 8: Bob derives the intersection and sends it to Alice 5 12

37
A More General Solution for Two Parties: Yao’s Encrypted Circuit Alice’s logical circuit C Bob’s input x 0 1 1 Encrypted circuit Oblivious transfer of keys

38
A More General Solution for N Parties: Secure Multi-Party Computation Split the computation into logical steps (ANDs, ORs, NOTs) or algebraic steps (ADD, MULT) Securely evaluate step by step [GMW, BGW, …]

39
Conclusion Tell me how you could detect systemic risk given complete information… …and I will tell you how to do it via a privacy- preserving protocol!

Similar presentations

OK

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

© 2019 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google