Secure Computation on Mobile Devices Peter Chapman CS 1120 December 2, 2011.

Slides:

Advertisements

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Advertisements

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Faster Secure Two-Party Computation Using Garbled Circuits

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Yan Huang, David Evans, Jonathan Katz

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

New Advances in Garbling Circuits Based on joint works with Yuval Ishai Eyal Kushilevitz Brent Waters University of TexasTechnion Benny Applebaum Tel Aviv.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

A 1 A 2 A 3 A 4 B B B

Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

Blind Vision Shai Avidan, Moshe Butman Yuval Schwartz.

Computer Science Public Key Management Lecture 5.

Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.

On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits (cont.), fully homomorphic encryption Eran Tromer.

Slide 1 Vitaly Shmatikov CS 380S Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Slide 1 Yao’s Protocol. slide Yao’s Protocol uCompute any function securely … in the semi-honest model uFirst, convert the function into a boolean.

Privacy-Preserving Trust Negotiations* Mikhail Atallah CERIAS and Department of Computer Sciences Purdue University * Joint work with Keith Frikken and.

CSC 386 – Computer Security Scott Heggen. Agenda Exploring that locked box thing from Friday?

How far removed are you? Scalable Privacy-Preserving Estimation of Social Path Length with Social PaL Marcin Nagy joint work with Thanh Bui, Emiliano De.

Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.

Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.

Slide 1 Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. Introduction to Secure Multi-Party Computation.

Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---

BlindBox: Deep Packet Inspection Over Encrypted Traffic

Units Chapter 0.

Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.

Second Price Auctions A Case Study of Secure Distributed Computing Bart De Decker Gregory Neven Frank Piessens Erik Van Hoeymissen.

The Point of Today 1. What is a “mole” 2. Conversions using moles.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 15: From Here to Oblivion.

Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University.

Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.

Practical and Deployable Secure Multi-Party Computation Debayan Gupta Yale University May 11, 2016 Jai Dadabhai.

1© Nokia 2016 Overlaying Circuit Clauses for Secure Computation Sean Kennedy Vladimir Kolesnikov Gordon Wilfong Bell Labs.

MULTIPLICATION AND DIVISION BY 10, 100, 1000

Secure Computation Basics Yan Huang Indiana University May 9, 2016.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Cryptography Lecture 13 Arpita Patra

مهارت اول: مفاهیم پایه فناوری اطلاعات و ارتباطات فصل اول: سخت‌افزار

Topic 1: Data, information, knowledge and processing

The first Few Slides stolen from Boaz Barak

Course Business I am traveling April 25-May 3rd

Cryptography CS 555 Lecture 22

Maliciously Secure Two-Party Computation

Fastest 2PC in all the land

Cryptography CS 555 Digital Signatures Continued

PLACE VALUE TRILLIONS BILLIONS MILLIONS THOUSANDS ONES PERIODS.

A STAAR REVIEW CIRCUIT A # 1-16 M. N. O. P..

Cryptography Lecture 8 Arpita Patra © Arpita Patra.

Presentation transcript:

Secure Computation on Mobile Devices Peter Chapman CS 1120 December 2, 2011

Microsoft Research (Summer 2011) Web Side-Channel Leaks ( ) Secure Computation on Mobile Devices (2011-Present)

Mutual Contact Discovery Alice Bob Sharing contact list with a stranger is unacceptable Discover! Someone nearby also knows Alice and 8 other contacts of yours!

Trust someone else? Alice Bob

The Dilemma Can we interact with others and control our data?

Secure Two-Party Computation Private Data: a Private Data: b Bob Alice Garbled Circuit Protocol Andrew Yao, 1982/1986

Yao’s Garbled Circuits InputsOutput abx AND a b x

Computing with Meaningless Values? InputsOutput abx a0a0 b0b0 x0x0 a0a0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1 AND a 0 or a 1 b 0 or b 1 x 0 or x 1 a i, b i, x i are random values, chosen by the circuit generator but meaningless to the circuit evaluator.

Computing with Garbled Tables InputsOutput abx a0a0 b0b0 Enc a 0,b 0 (x 0 ) a0a0 b1b1 Enc a 0,b 1 (x 0 ) a1a1 b0b0 Enc a 1,b 0 (x 0 ) a1a1 b1b1 Enc a 1,b 1 (x 1 ) AND a 0 or a 1 b 0 or b 1 x 0 or x 1 a i, b i, x i are random values, chosen by the circuit generator but meaningless to the circuit evaluator. Bob can only decrypt one of these! Garbled And Gate Enc a 0, b 1 (x 0 ) Enc a 1,b 1 (x 1 ) Enc a 1,b 0 (x 0 ) Enc a 0,b 0 (x 0 )

Chaining Garbled Circuits AND a0a0 b0b0 x0x0 a1 b1b1 x1x1 OR x2x2 And Gate 1 Enc a1 0, b 1 1 (x1 0 ) Enc a1 1,b1 1 (x1 1 ) Enc a1 1,b1 0 (x1 0 ) Enc a1 0,b1 0 (x1 0 ) Or Gate 2 Enc x0 0, x 1 1 (x2 1 ) Enc x0 1,x1 1 (x2 1 ) Enc x0 1,x1 0 (x2 1 ) Enc x0 0,x1 0 (x2 0 ) … We can do any computation privately this way!

Yao’s Garbled Circuits InputsOutput abx AND a b x

Computing with Meaningless Values? InputsOutput abx a0a0 b0b0 x0x0 a0a0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1 a i, b i, x i are random values, chosen by the circuit generator but meaningless to the circuit evaluator.

We use 80-Bit Random Numbers ,208,925,819,614,527,173,703,176 1 septillion, 208 sextillion, 925 quintillion, 819 quadrillion, 614 trillion, 527 billion, 173 million, 703 thousand, and 176

Computing with Meaningless Values? InputsOutput abx a0a0 b0b0 x0x0 a0a0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1

Computing with Meaningless Values? InputsOutput abx 193b0b0 x0x0 b1b1 x0x0 a1a1 b0b0 x0x0 a1a1 b1b1 x1x1 Really 80-Bit Numbers

Computing with Meaningless Values? InputsOutput abx 193b0b0 x0x0 b1b1 x0x0 465b0b0 x0x0 b1b1 x1x1 Really 80-Bit Numbers

Computing with Meaningless Values? InputsOutput abx x0x0 193b1b1 x0x x0x0 465b1b1 x1x1 Really 80-Bit Numbers

Computing with Meaningless Values? InputsOutput abx x0x x0x x0x x1x1 Really 80-Bit Numbers

Computing with Meaningless Values? InputsOutput abx x1x1 Really 80-Bit Numbers

Computing with Meaningless Values? InputsOutput abx Really 80-Bit Numbers

Computing with Garbled Tables InputsOutput abx Enc 193;657 (844) Enc 193;255 (844) Enc 465;657 (844) Enc 465;255 (123) Bob can only decrypt one of these! Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) Really 80-Bit Numbers

Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) AliceBob Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844) a0a0 193

Oblivious Transfer AliceBob b0b0 657 b1b Garbled And Gate Enc 193;255 (844) Enc 465;657 (123) Enc 465;657 (844) Enc 193;657 (844)

Potential Applications Common Contacts Favorite Movies Hyper-Targeted Advertising Voting, Auctions & more! Collaborative Scheduling

Research Advice Don’t be afraid.

Attributions “iPhone” symbol from thenounproject.com collection. "Lock" symbol from thenounproject.com collection.