Joe Kilian NEC Laboratories, America Aladdin Workshop on Privacy in DATA March 27, 2003.

Slides:



Advertisements
Similar presentations
Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.
Advertisements

Dov Gordon & Jonathan Katz University of Maryland.
BALANCING LIFES ISSUES, INC. Managing Multiple Priorities at Work.
1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Parents Worry About You Today we are going to discuss the possible reasons why parents may be worried or concerned about you. We are also going to discuss.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Secure Computation Slides stolen from Joe Kilian & Vitali Shmatikov Boaz Barak.
Logical and Aptitude Test Questions
Wonders of the Digital Envelope
Nash Equilibrium: Illustrations
Secure Computation of Linear Algebraic Functions
Economics 100B u Instructor: Ted Bergstrom u T.A. Oddgeir Ottesen u Syllabus online at (Class pages) Or at
Convention. Recap What We’re Doing The relation between a word and its meaning is conventional. To understand this we want to know what a convention.
Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner WEIZMANN INSTITUTE.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
If someone is hurting me
ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
What children think about having a thyroid disorder: a small scale study By Shannon Davidson Age 10.
By Michael Parris March 1,  The endless war against the merciless Afghanistan must end.  Is our security good enough to keep America safe.  Should.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
COVERT MULTI-PARTY COMPUTATION YINMENG ZHANG ALADDIN REU 2005 LUIS VON AHN MANUEL BLUM.
COVERT TWO-PARTY COMPUTATION LUIS VON AHN CARNEGIE MELLON UNIVERSITY JOINT WORK WITH NICK HOPPER JOHN LANGFORD.
Oblivious Transfer based on the McEliece Assumptions
Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.
HOW TO PLAN A COUP D’ETAT COVERT MULTI-PARTY COMPUTATION YINMENG ZHANG ALADDIN REU 2005 LUIS VON AHN MANUEL BLUM.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
Aladdin Center, Carnegie Mellon University Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell)
Games Computers (and Computer Scientists) Play Avi Wigderson.
Adaptively Secure Broadcast, Revisited
10 Ways Success Live Your Life For.
How to play ANY mental game
CS573 Data Privacy and Security
Public-Key Encryption with Lazy Parties Kenji Yasunaga Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Japan Presented at SCN.
In order to do something meaningful in life, you need to be happy and pleased with where you are, and what you’re doing with yourself. No one ever did.
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
Here are the players that you will be helping out today. Good Luck!
Slide 1 Vitaly Shmatikov CS 380S Introduction to Secure Multi-Party Computation.
How Responsible and Respectful are you in the Computer Lab Created for the Students At Donaldson By Mrs. Jones.
Paradigms for Multiparty Computation Ivan Damgård BRICS, Århus University.
Must be something you can __________________________________. Cannot be an __________________ such as which flowers do you like better, roses or daises?
On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
It’s Your Life!!! Just Make Sure You’re Living it.
Secure Multiparty Computation and its Applications
The Red Scare A Choose Your Own Adventure Story This slide show is the story of what it was like to be suspected of being a communist during the Red Scare.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Second Price Auctions A Case Study of Secure Distributed Computing Bart De Decker Gregory Neven Frank Piessens Erik Van Hoeymissen.
Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.
课标人教实验版 高二 Module 6 Unit 3. Listening on workbook.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.
1 2 You might like… 3 4 It was late at night and Smartie the penguin was WIDE awake… He was too excited to sleep because tomorrow was his birthday.
The Adventures of Smartie the Penguin
L.O: To understand how to use the Internet and ICT equipment safely.
Security Is a Game Tiffany Bao
The first Few Slides stolen from Boaz Barak
Course Business I am traveling April 25-May 3rd
Helger Lipmaa University of Tartu, Estonia
SafeSurfing Module 5 September 2016.
WiseWords.
Interactive Proofs and Secure Multi-Party Computation
Presentation transcript:

Joe Kilian NEC Laboratories, America Aladdin Workshop on Privacy in DATA March 27, 2003

Cryptology – The First Few Millennia Goal of cryptology – protect messages from prying eyes. Lockboxes for data: data safe as long as it is locked up. Curses! I cannot read the message! Well Done! Thank you, Sir Cryptographer!

The Last Twenty Years Then: data protected, but not used. Now: Use data, but still protect it as much as possible. Secure Computation: Can we combine information while protecting it as much as possible?

The Love Game (AKA the AND game) Want to know if both parties are interested in each other. But… Do not want to reveal unrequited love. He loves me, he loves me not… She loves me, she loves me not… Input = 1 : I love you Input = 0: I love you Must compute F(X,Y)=X Æ Y, giving F(X,Y) to both players. Can we reveal the answer without revealing the inputs? … as a friend

The Spoiled Children Problem (AKA The Millionaires Problem [Yao]) The Spoiled Children Problem (AKA The Millionaires Problem [Yao]) Pearl wants to know whether she has more toys than Gersh, Doesnt want to tell Gersh anything. Gersh is willing for Pearl to find out who has more toys, Doesnt want Pearl to know how many toys he has. Who has more toys? Who Cares? Pearl wants to know whether she has more toys than Gersh, Doesnt want to tell Gersh anything. Gersh is willing for Pearl to find out who has more toys, Doesnt want Pearl to know how many toys he has. Can we give Pearl the information she wants, and nothing else, without giving Gersh any information at all?

Auction with private bids: Bids are made to the system, but kept private Only the winning bid, bidders are revealed. Can we have private bids where no one, not even the auctioneer, knows the losing bids? Normal auction: Players reveal bids – high bid is identified along with high bidders. Drawback: Revealing the losing bids gives away strategic information that bidders and auctioneers might exploit in later auctions. Auctions with Private Bids $2 $7 $3 $5 $4

Final Tally: War: 2 Peace: 2 Nader: 1 The winner is: War Electronic Voting War Peace War Peace Nader

Secure Computation (Yao, Goldreich-Micali-Wigderson) Secure Computation (Yao, Goldreich-Micali-Wigderson) X1X1 X2X2 X3X3 X4X4 X5X5 F 2 (X 1,…,X 5 )F 3 (X 1,…,X 5 )F 4 (X 1,…,X 5 )F 5 (X 1,…,X 5 ) F 1 (X 1,…,X 5 ) Players: 1,…,N Inputs: X 1,…,X N Outputs: F 1 (X 1,…,X N ),…,F N (X 1,…,X N ) Players should learn correct outputs and nothing else.

A Snuff Protocol Dont worry, Ill carry your secrets to the grave! The answer is… Ill Help! (for a rea- sonable con- sulting fee…) An Ideal Protocol 16 Tons X1X1 X2X2 F 1 (X 1,X 2 )F 2 (X 1,X 2 ) Goal: Implement something that looks like ideal protocol.

1 The Nature of the Enemy Corrupting a player lets adversary: Learn its input/output See everything it knew, saw, later sees. Control its behavior (e.g., messages sent) That 80s CIA training sure came in handy… = input = output = changed

The winner still is: War Final Tally: Red-Blooded-American Patriots: Terrorist-Sympathizing Liberals: What can go wrong? War Peace Privacy: Inputs should not be revealed. Correctness: Answer should correspond to inputs. Guantanamo The winner is: War

What We Can/Cant Hope For Corrupted players have no privacy on inputs/outputs. Outputs may reveal inputs: If candidate received 100% of the votes, we know how you voted. Cannot complain about adversary learning what it can by (independently) selecting its inputs and looking at its outputs. Cannot complain about adversary altering outcome solely by (independently) altering its inputs. Goal is to not allow the adversary to do anything else. Definitions very subtle: Beaver, Micali-Rogaway, Canetti…

Can We Do It? Yao (GMW,GV,K,…): Yes (for two party case)! * Cryptographic solutions require reasonable assumptions e.g., hardness of factoring * Slight issues about both players getting answer at same time. As long as functions are computable in polynomial time, solutions require polynomial computation, communication. Goldreich-Micali-Wigderson (BGW,CCD,RB,Bea,…): Yes, if number of parties corrupted is less than some constant fraction of the total number of players (e.g., <n/2, <n/3). No hardness assumptions necessary.

Can We Really Do It? Step 1: Break computations to be performed into itsy-bitsy steps. (additions, multiplications, bitwise operations) Is there any hope? Step 3: Despair at how many itsy-bitsy steps your computation takes. General solutions as impractical as they are beautiful. Step 2: For each operation...

Signs of Hope Naor-Pinkas-Sumner Functions computed when running auctions are simple. Can exploit algebraic structure to minimize work. Rabin: Can compute sums very efficiently Testing if two strings are equal is very practical. Sometimes, dont need too many itsy-bitsy operations. Highly optimize Yao-like constructions.

Electronic Voting Protocols are now very practical. Many interesting issues, both human and technical: What should our definitions be? Several commercial efforts Chaum, Neff, NEC,… Most extensively researched subarea of secure computation. 100,000 voters a piece of cake, 1,000,000 voters doable.

Killed in freak weight-falling accident. Distributed Cryptographic Entities Secret Key: S Public Key: P Trusted public servant cheerfully encrypts, decrypts, signs messages, when appropriate. S1S1 S2S2 S3S3 Blakley,Shamir,Desmedt-Frankel…: Can break secret key up among several entities, Can still encrypt, decrypt, sign, Remains secure even if a few parties are corrupted.

Cooking with Ricin Rabid Liberalism for Dummies Cooking with Ricin Applied Cryptology Flaming 101 How I Stole the Election The Empire Strikes And Sometimes Theres Magic Chor-Goldreich-Kushilevitz-Sudan,…,Kushilevitz-Ostrovsky,… Private information retrieval: Rabid Liberalism for Dummies Applied Cryptology Flaming 101 How I Stole the Election The Empire Strikes Data Repository Can you download a data entry from a repository without letting the repository know what youre interested in? Solution 1: Download everything.Much more efficient solutions possible! Applied Cryptology

Conclusions Secure computation is an extremely powerful framework. Very rich general theory. A few applications now ready for prime time. Keep watching this space!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.