Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Slides:



Advertisements
Similar presentations
Polylogarithmic Private Approximations and Efficient Matching
Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
ADDER, HALF ADDER & FULL ADDER
Secure Computation of Linear Algebraic Functions
Secure Evaluation of Multivariate Polynomials
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
Reusable Anonymous Return Channels
Modern Cryptography.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Oblivious Transfer based on the McEliece Assumptions
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
UMBC Protocol Meeting 10/01/03 Universal Re-encryption: For Mix-Nets and Other Applications (to appear CT-RSA ’04) Paul Syverson NRL Markus Jakobsson Ari.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
The Digital Encryption Standard CSCI 5857: Encoding and Encryption.
Chapter 12 Cryptography (slides edited by Erin Chambers)
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
Optimistic Mixing for Exit-Polls Philippe Golle, Stanford Sheng Zhong, Yale Dan Boneh, Stanford Markus Jakobsson, RSA Labs Ari Juels, RSA Labs.
Private Key Algorithms RSA SSL
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.
Chapter 20 Symmetric Encryption and Message Confidentiality.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
AES Advanced Encryption Standard. Requirements for AES AES had to be a private key algorithm. It had to use a shared secret key. It had to support the.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
A Brief Introduction to Mix Networks Ari Juels RSA Laboratories © 2001, RSA Security Inc.
Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.
1 / 23 Efficient Garbling from A Fixed-key Blockcipher Applied MPC workshop February 20, 2014 Mihir Bellare UC San Diego Viet Tung Hoang UC San Diego Phillip.
Second Price Auctions A Case Study of Secure Distributed Computing Bart De Decker Gregory Neven Frank Piessens Erik Van Hoeymissen.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Public Key Cryptosystem In Symmetric or Private Key cryptosystems the encryption and decryption keys are either the same or can be easily found from each.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
A Fixed-key Blockcipher
Group theory exercise.
Basic Network Encryption
Private Key Algorithms Key Exchange Protocols SSL
The first Few Slides stolen from Boaz Barak
Course Business I am traveling April 25-May 3rd
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Malicious-Secure Private Set Intersection via Dual Execution
Computer Security IT423 Semester II
Basic Network Encryption
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Modern Cryptography.
Security: Public Key Cryptography
SOHAIL SHAHUL HAMEED Dr. BHARGAVI GOSWAMI
Florida State University
Advanced Encryption Standard
Cryptography Lecture 8 Arpita Patra © Arpita Patra.
Presentation transcript:

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories

What is secure multiparty computation?

The problem f(a,b) Alice Bob a b

The problem f(a,b) b a Alice Bob f Black Box a b

Millionaires’ Problem Richie Rich is richer Who’s richer? > Scrooge McDuck Worth $a Worth $b

Auctions Special Edition Furby Special Edition f Furby Bob $810 Alice Cate f Bob Edgar

What’s in the black box?

Trusted third party? Trusted Party We want to do without!

Tamper-resistant hardware f(a,b) Alice Bob b a But we don’t want to rely on hardware!

Secure multiparty computation f(a,b) Alice Bob b a Alice and Bob simulate circuit

Other methods Simulate full field operations gate involves local computation gate requires rounds of verifiable secret sharing Complex Recently becoming somewhat practical

Our method: Mix and match Conceptually simple Simulates only boolean gates directly Very efficient for bitwise operations, not so for others Some pre-computation possible

Some previous work Yao Chaum, Damgård, van de Graaf Use of logical tables (two-player) Chaum, Damgård, van de Graaf Multi-party use of logical tables (for passive adversaries)

Mix and Match (Non-private)

Non-private simulation: OR gate b 1

Non-private simulation: OR gate Alice Bob a b a b a b 1 = ? 1 1 1 = ? 1 1 1 = ? 1 1 a b = 1 1 1 1 1

Alice and Bob simulate circuit Mix and Match f(a,b) Alice Bob b a Alice and Bob simulate circuit

Mix and Match (Private)

First tool: Mix network (MN) plaintext 1 plaintext 2 plaintext 3 plaintext 4 Randomly permutes and encrypts inputs

Second tool: Matching or Plaintext equivalence decision (PED) = ? Ciphertext 1 Ciphertext 2 Reveals no information other than equality

Mix and Match Step 1: Key sharing between Alice and Bob -- public key y Step 2: Alice and Bob encrypt individual bits under y a Alice a Bob b b

Step 3: Alice and Bob mix tables 1 a b Mix network (MN) Permute and encrypt rows

= = Step 4: Matching using PED, i.e., Table lookup b a b a ? b a = ? b a a b = Find matching row

Repeat matching on each table for entire circuit f(a,b) =

Decrypting f(a,b) Step 5: Decrypt f(a,b) Alice f(a,b) f(a,b) Bob

Some extensions Easy to have multiple parties participate “Mixing” and “matching” can be performed by different coalitions We can get XOR for “free” using Franklin-Haber cryptosystem

Privacy and Robustness As long as more than half of participants are honest… Computation will be performed correctly No information other than output is revealed Security in random oracle model reducible to Decision Diffie-Hellman problem

Low cost Very low overall broadcast complexity: O(Nn) group elements N is number of gates n is number of players Equal to that of best competitive methods O(n+d) broadcast rounds d is circuit depth Computation: O(Nn) exponentiations for each player

Questions? + ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.