Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carmit Hazay (Bar-Ilan University, Israel)

Published byCamron Booker Modified over 6 years ago

Similar presentations

Presentation on theme: "Carmit Hazay (Bar-Ilan University, Israel)"— Presentation transcript:

1 Constant-Round Adaptively Secure Protocols in the Tamper-Proof Hardware Model
Carmit Hazay (Bar-Ilan University, Israel) Antigoni Ourania Polychroniadou (Cornell University, New York) Muthuramakrishnan Venkitasubramaniam (University of Rochester, New York)

2 Secure Communications over the Internet

3 Secure Communications over the Internet

4 Introduction of Secure Multi-Party Computation
[Yao82,GMW87,BGW88, CCD88…]

5 Secure Multi-Party Computation
UC f(x1, x2, x3, x4) = (y1, y2 ,y3 ,y4 ) x1 x1 x1 y4 y1 x4 Goal: Correctness: Everyone computes f(x1,…,x4) Security: Nothing else but the output is revealed Adversary PPT Malicious Adaptive x2 y3 y2 x3

6 … … … … Static Corruption Adaptive Corruption
Corrupt only on the onset of π Adaptive Corruption Corrupt adaptively during the execution of π

7 Adaptive Corruption of all parties
Crucial in the composition of protocols. Consider an n-party protocol πouter which invokes an m-party protocol πinner where n>m. Consider an adversary that may corrupt all m parties in πinner . Then security of πouter should still hold. n-party protocol πouter m-party protocol πinner

8 State-of-the-art for MPC protocols
STATIC Two-party computation Multiparty computation Malicious 5 rounds [KO04] O(1) rounds [LP11,G11] ADAPTIVE Two-party computation Multiparty computation Malicious O(d) rounds [GMW86] O(d) rounds [CLOS02] O(1) O(d) * d is depth of circuit implementing f Does the round complexity for adaptive security need to depend on depth?

9 Open Problem: What is the round complexity of adaptive MPC based on standard assumptions?
using setup?

10 Partial Solutions for constant round protocols
Open Problem: What is the round complexity of adaptive MPC based on standard assumptions? using setup? Partial Solutions for constant round protocols Using Indist. Obf., in Common Ref. String [GP15,DKR15,CGP15,CPV17a]

11 Open Problem: What is the round complexity of adaptive MPC based on standard assumptions?
using setup? Main Theorem (this work): Assuming OWFs, O(1)-round adaptively secure 2PC in the Tamper Proof Hardware Model Black-box in OWFs Fully composable: Security in the GUC Framework [HPV16] Decentralized trust Previous works require stateful tokens and O(d) rounds [GISVW10,DMRV13]

12 Hardware Tamper-Proof Token Model
Decentralized Trust I.e. Intel’s “SGX” Stateless Tokens Stateful Tokens x c f b0,b1 f(x) bc GOOD NOT SO GOOD Requires non-volatile memory

13 Hardware Tamper-Proof Token Model
Attacker capability x f f(x) Transfer Tokens Inject malicious code

14 Hardware Tamper-Proof Token Model
Adaptive Attacker capability Corrupt Post Execution Π P Global UC Functionality Fglobal of [HPV16] is sufficient P

15 Our Results Theorem (Informal)
Assuming OWFs, realize any (well-formed) two-party functionality via O(1)-round construction with GUC-security in the Fglobal-hybrid against malicious & adaptive adversaries Follow Yao-based approach to secure 2-party computation: Adaptive GUC-Oblivious Transfer protocol in the Fglobal-hybrid Adaptive GUC-Commitment Scheme in the the Fglobal-hybrid Equivocating Yao’s GCs in the Fglobal-hybrid This Talk

16 Garble Circuit Construction [Yao80]
Boolean Circuit C Garbled Circuit GC GC L1,0, L1,1 x1 x2 L2,0, L2,1 x4 L3,0, L3,1 x3 L4,0, L4,1 Pairs of λ-bit labels

17 Garble Circuit Construction [Yao80]
Boolean Circuit C Garbled Circuit GC GC L1,0, L1,1 x1 x2 L2,0, L2,1 x2 x3 L3,0, L3,1 L4,0, L4,1 Pairs of λ-bit keys Decoder

18 Token-based Garble Circuits
Garbled Circuit GC L1,0, L1,1 L2,0, L2,1 L3,0, L3,1 L4,0, L4,1

19 How to Equivocate Garble Circuits
Sim Garbled Circuit GC Sender’s input is unknown L1,0, L1,1 R S L2,0, L2,1 L3,0, L3,1 L4,0, L4,1 Sender’s input is Known!

20 How to Equivocate Garble Circuits
Garbled Circuit GC Sender’s input is unknown Sim Fake P P’ Fake P P R S Simulator cannot program the token after its creation Sender’s input is Known! Fake P Real P

21 How to Equivocate Garble Circuits
Sim Fake P Best case Both labels are active R S Active labels Fake P Real P

22 How to Equivocate Garble Circuits
Sim Fake P One label is active R S Active labels Subliminal mechanishm Fake P Real P Inactive labels as

23 How to Equivocate Garble Circuits
Sim Fake P One label is active R S Active labels Subliminal mechanishm Fake P Real P Inactive labels as

24 Summary Designed constant-round adaptive 2PC protocols with stateless tokens: OWFs (minimal [GISVW10]) GUC security Interesting corollaries to the Global Random Oracle (GRO) model [CJS15]: First adaptively secure protocols with GUC security in GRO model Inspiration for an upcoming result in the plain model [CPV17b]!

25 Thank you!

Download ppt "Carmit Hazay (Bar-Ilan University, Israel)"

Similar presentations

Coin Tossing With A Man In The Middle Boaz Barak.

Coin Tossing With A Man In The Middle Boaz Barak.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.

Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)

On the Security of the “Free-XOR” Technique Ranjit Kumaresan Joint work with Seung Geol Choi, Jonathan Katz, and Hong-Sheng Zhou (UMD)
GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.

Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

Similar presentations

Ads by Google