Download presentation

Presentation is loading. Please wait.

Published byBryan Howard Modified over 3 years ago

1
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University

2
Systemic Risk from Local Information

8
M.C.Escher, Belvedere

9
Who Puts Together the Big Picture?

10
The government?

11
Who Puts Together the Big Picture? The government?

12
Who Puts Together the Big Picture? An independent trustworthy party?

13
Who Puts Together the Big Picture? An independent trustworthy party?

14
Who Puts Together the Big Picture? The data owners (financial institutions) themselves?

15
Who Puts Together the Big Picture? The data owners (financial institutions) themselves?

16
Who Puts Together the Big Picture? Cryptography tells us: For any efficiently computable function F, there is an “efficient” interactive algorithm that n data owners, P 1 (x 1 ),…,P n (x n ), can run together such that: 1.They learn F(x 1,x 2,…,x n ) 2.Other than that, P i learns nothing about x j, j≠i [Yao, GMW, BGW, …]

17
Example: Set Intersection 12 18 5 6 31 42 5 24 12 3 Alice’s set Bob’s set 5 12 Intersection

18
How to compute the intersection w/o learning the rest of each other’s sets? [FMP04,…,BCCKLS09,…,KMRS14]

19
Step 1: Alice’s set becomes a polynomial 12 18 5 6 31 Alice’s set p(x) = (x-12)(x-18)(x-5)(x-6)(x-31) mod q = x 5 + c 4 x 4 + c 3 x 3 + c 2 x 2 + c 1 x + c 0 c4c4 c3c3 c2c2 c1c1 c0c0

20
Step 1: Alice’s set becomes a polynomial Alice’s polynomial p(x) c4c4 c3c3 c2c2 c1c1 c0c0

21
Step 2: Alice encrypts her polynomial Alice’s polynomial p(x) c4c4 c3c3 c2c2 c1c1 c0c0

22
Step 2: Alice encrypts her polynomial Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 )

23
Step 2: Alice encrypts her polynomial… Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) …using an “additive” encryption scheme E(x) * E(y) = E(x+y) [Paillier’99]

24
Step 2: Alice encrypts her polynomial… Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) …using an “additive” encryption scheme …for which she holds the decryption key

25
Step 3: Alice sends the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial to Bob

26
Step 4: Bob evaluates the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial on his set 42 5 24 12 3 Bob’s set p(42) = 42 5 + c 4 42 4 + c 3 42 3 +c 2 42 2 +c 1 42+c 0 mod q E(p(42)) = E(42 5 ) * E(c 4 )42 4 * E(c 3 )42 3 * E(c 2 )42 2 * E(c 1 )42 * E(c 0 )

27
Step 4: Bob evaluates the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial on his set 42 5 24 12 3 Bob’s set p(x) evaluated on Bob’s set E(p(42))E(p(5))E(p(24))E(p(12))E(p(3))

28
Step 4: Bob evaluates the encrypted Alice’s encrypted polynomial p(x) E(c 4 )E(c 3 )E(c 2 )E(c 1 )E(c 0 ) polynomial on his set p(x) evaluated on Bob’s set E(p(42))E(0)E(p(24))E(0)E(p(3)) Note: p(y) = 0 iff y is in Alice’s set

29
Step 5: Bob randomizes the result E(p(42))R 1 E(0)R 2 E(p(24))R 3 E(0)R 4 E(p(3))R 5

30
Step 5: Bob randomizes the result E(u 1 )E(0)E(u 3 )E(0)E(u 5 )

31
Step 6: Bob sends the result to Alice E(u 1 )E(0)E(u 3 )E(0)E(u 5 )

32
Step 7: Alice decrypts it... E(u 1 )E(0)E(u 3 )E(0)E(u 5 ) u1u1 0u3u3 0u5u5

33
Step 7: Alice decrypts it... and sends the locations of 0’s to Bob u1u1 0u3u3 0u5u5

34
Step 7: Alice decrypts it... and sends the locations of 0’s to Bob ?0?0?

35
Step 8: Bob derives the intersection ?0?0? 42 5 24 12 3

36
Step 8: Bob derives the intersection and sends it to Alice 5 12

37
A More General Solution for Two Parties: Yao’s Encrypted Circuit Alice’s logical circuit C Bob’s input x 0 1 1 Encrypted circuit Oblivious transfer of keys

38
A More General Solution for N Parties: Secure Multi-Party Computation Split the computation into logical steps (ANDs, ORs, NOTs) or algebraic steps (ADD, MULT) Securely evaluate step by step [GMW, BGW, …]

39
Conclusion Tell me how you could detect systemic risk given complete information… …and I will tell you how to do it via a privacy- preserving protocol!

Similar presentations

Presentation is loading. Please wait....

OK

Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions

© 2018 SlidePlayer.com Inc.

All rights reserved.

To ensure the functioning of the site, we use **cookies**. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy & Terms.
Your consent to our cookies if you continue to use this website.

Ads by Google

Animated ppt on chemical bonding Ppt on pre-ignition definition Ppt on email etiquettes presentation rubric Ppt on db2 mainframes learning Ppt on space complexity Ppt on road accidents pictures Ppt on seasons in hindi Download free ppt on solar system Download ppt on mind controlled robotic arms for education Ppt on nursing leadership and management