Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Published byTimothy Drake Modified over 10 years ago

Similar presentations

Presentation on theme: "Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories."— Presentation transcript:

1 Mix and Match: A Simple Approach to General Secure Multiparty Computation
+ Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories

2 What is secure multiparty computation?

3 The problem f(a,b) Alice Bob a b

4 The problem f(a,b) b a Alice Bob f Black Box a b

5 Millionaires’ Problem
Richie Rich is richer Who’s richer? > Scrooge McDuck Worth $a Worth $b

6 Auctions Special Edition Furby Special Edition f Furby Bob $810 Alice
Cate f Bob Edgar

7 What’s in the black box?

8 Trusted third party? Trusted Party We want to do without!

9 Tamper-resistant hardware
f(a,b) Alice Bob b a But we don’t want to rely on hardware!

10 Secure multiparty computation
f(a,b) Alice Bob b a Alice and Bob simulate circuit

11 Other methods Simulate full field operations
gate involves local computation gate requires rounds of verifiable secret sharing Complex Recently becoming somewhat practical

12 Our method: Mix and match
Conceptually simple Simulates only boolean gates directly Very efficient for bitwise operations, not so for others Some pre-computation possible

13 Some previous work Yao Chaum, Damgård, van de Graaf
Use of logical tables (two-player) Chaum, Damgård, van de Graaf Multi-party use of logical tables (for passive adversaries)

14 Mix and Match (Non-private)

15 Non-private simulation: OR gate
b 1

16 Non-private simulation: OR gate
Alice Bob a b a b a b 1 = ? 1 1 1 = ? 1 1 1 = ? 1 1 a b = 1 1 1 1 1

17 Alice and Bob simulate circuit
Mix and Match f(a,b) Alice Bob b a Alice and Bob simulate circuit

18 Mix and Match (Private)

19 First tool: Mix network (MN)
plaintext 1 plaintext 2 plaintext 3 plaintext 4 Randomly permutes and encrypts inputs

20 Second tool: Matching or Plaintext equivalence decision (PED)
= ? Ciphertext 1 Ciphertext 2 Reveals no information other than equality

21 Mix and Match Step 1: Key sharing between Alice and Bob -- public key y Step 2: Alice and Bob encrypt individual bits under y a Alice a Bob b b

22 Step 3: Alice and Bob mix tables
1 a b Mix network (MN) Permute and encrypt rows

23 = = Step 4: Matching using PED, i.e., Table lookup b a b a
? b a = ? b a a b = Find matching row

24 Repeat matching on each table for entire circuit
f(a,b) =

25 Decrypting f(a,b) Step 5: Decrypt f(a,b) Alice f(a,b) f(a,b) Bob

26 Some extensions Easy to have multiple parties participate
“Mixing” and “matching” can be performed by different coalitions We can get XOR for “free” using Franklin-Haber cryptosystem

27 Privacy and Robustness
As long as more than half of participants are honest… Computation will be performed correctly No information other than output is revealed Security in random oracle model reducible to Decision Diffie-Hellman problem

28 Low cost Very low overall broadcast complexity: O(Nn) group elements
N is number of gates n is number of players Equal to that of best competitive methods O(n+d) broadcast rounds d is circuit depth Computation: O(Nn) exponentiations for each player

29 Questions? + ?

Download ppt "Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories."

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
ADDER, HALF ADDER & FULL ADDER

ADDER, HALF ADDER & FULL ADDER
Secure Computation of Linear Algebraic Functions

Secure Computation of Linear Algebraic Functions
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.

Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
Modern Cryptography.

Modern Cryptography.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
UMBC Protocol Meeting 10/01/03 Universal Re-encryption: For Mix-Nets and Other Applications (to appear CT-RSA ’04) Paul Syverson NRL Markus Jakobsson Ari.

UMBC Protocol Meeting 10/01/03 Universal Re-encryption: For Mix-Nets and Other Applications (to appear CT-RSA ’04) Paul Syverson NRL Markus Jakobsson Ari.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Similar presentations

Ads by Google