An Efficient and Secure Protocol for Privacy Preserving Set Intersection
|
|
- Teresa Barnett
- 5 years ago
- Views:
Transcription
1 An Efficient and Secure Protocol for Privacy Preserving Set Intersection PhD Candidate: Yingpeng Sang Advisor: Associate Professor Yasuo Tan School of Information Science Japan Advanced Institute of Science and Technology JAIST COE Symposium / 23
2 Overview JAIST COE Symposium / 23
3 Privacy Preserving Computations Two Models of Adversarial Parties JAIST COE Symposium / 23
4 Privacy Preserving Computations Privacy Preserving Computations Two Models of Adversarial Parties Inputs: (x 1,x 2,...,x N ) held by distributed parties (P 1,P 2,...,P N ) respectively. Outputs: some function f(x 1,x 2,...,x N ), e.g., intersection, maximum, minimum, etc. Privacy Requirement: P i (i = 1,...,N) knows nothing about x i (i i), except the information I(x i,f). Difficulties: Some parties may have adversarial behaviors; There may be no party that can be trusted by all the other parties. JAIST COE Symposium / 23
5 Two Models of Adversarial Parties Privacy Preserving Computations Two Models of Adversarial Parties Assumption: only one adversary, who controls arbitrary number of parties. : the adversary follows the protocol properly, but may analyze its intermediate computations. : the adversary arbitrarily deviates from the protocol, i.e., refusing to participate in the protocol when the protocol is first invoked; arbitrarily substituting its original local input and entering the protocol with an input other than the one provided to them; aborting the protocol whenever obtaining the desired result. JAIST COE Symposium / 23
6 JAIST COE Symposium / 23
7 Government: A = {No flight Name List} Airline Company: B = {Customer N ame List} Preventing Terrorism: A B Government s Privacy: A Air Flight Company Company s Privacy: B Government JAIST COE Symposium / 23
8 Intersection (PPSI): For Semi-honest Model Inputs: N (N 2) parties. Each party P i (i = 1,...,N) has a set (or multiset) T i : T i = {T(i,j) j = 1,...,S}. Outputs: Each party P i learns TI = T 1... T N, without knowing the elements in T i (i i) except TI. Π is a secure PPSI protocol in the semi-honest model, if {S(I, (T i1,..., T ic ), f I (T))} c {V IEW Π I (T)} in which, S: a PPT algorithm; I = {i 1,..., i c }: the index set of adversarial parties; f: the intersection function; (T): the view of adversarial parties during Π; V IEW Π I JAIST COE Symposium / 23
9 (contd.) PPSI: For Inputs: N (N 2) parties. P i (i = 1,...,N) has a set (or multiset) T i. Outputs: Each party P i learns TI = T 1... T N, without knowing the elements in T i (i i) except TI. Π is a secure PPSI protocol in the malicious model, if {IDEAL f,i,b (T)} c {REAL Π,I,A (T)}. in which, A: PPT algorithm of the adversary in Π; B: PPT algorithm of the adversary in the ideal model, where there is an available trusted party; REAL Π,I,A (T): Output of A in Π; IDEAL f,i,b (T): Output of B in the ideal execution. JAIST COE Symposium / 23
10 1) L. Kissner and D. Song, Privacy-Preserving Set Operations, in Advances in Cryptology - CRYPTO f i = (x T(i, 1)) (x T(i, S)), F = N i=1 f i N k=1 r i,k. Security: semi-honest and malicious models. 2) M. Freedman, K. Nissim and B. Pinkas, Efficient Private Matching and Set Intersection, in Proc. of Eurocrypt 04. P N evaluates its elements T(N, j) on f i (i = 1,..., N 1). Security: semi-honest model Our aims: less costs while keeping the same security. JAIST COE Symposium / 23
11 Threshold version of additive homomorphic encryption: Paillier s scheme. Calculations on encrypted polynomials: For f(x) = m i=0 a ix i, E(f(x)) = {E(a i ) i = 0,...,m}; The evaluation E(f(x)) for x = v; The scalar product E(cf(x)), given c; The sum E(f(x) + g(x)), given E(f(x)) and E(g(x)); The polynomials multiplication E(f(x) g(x)), given f(x) and E(g(x)). JAIST COE Symposium / 23
12 1) Constructing the Polynomial Vector F 1.1) P i computes f i = (x T(i, 1)) (x T(i,S)) mod N to represent its set T i. 1.2) P i computes E(f i N j=1 r i,j), in which r i,j is generated by P j, r i,j = a i,j x + b i,j, a i,j,b i,j R Z N. 1.3) The N parties get: E(F) = ( E(f 1 N r 1,j ),...,E(f N j=1 N r N,j ) ) j=1 JAIST COE Symposium / 23
13 (contd.) 2) Multiplication with Nonsingular Matrices 2.1) P i generates a random and nonsingular matrix R i ; 2.2) P i computes E(FR 1 R i ); 2.3) The N parties get E(G) = E(FR 1 R N ) = E(FR) and decrypt it: g 1 = f 1... g N = f 1 N r 1,j R f N j=1 N r 1,j R 1N f N j=1 N r N,j R N1 j=1 N r N,j R NN j=1 in which R uv is the (u, v) entry of R (1 u, v N). 2.4) P i evaluates (g 1,..., g N ) at the element T(i, j). JAIST COE Symposium / 23
14 (contd.) Correctness Lemma: If for k = 1,...,N, g k (T(i,j)) = 0, then T(i,j) TI with an overwhelming probability (> ). Proof Sketch: R is nonsingular, If G(T(i, j)) = F(T(i, j)) R = (0, 0,..., 0), then F(T(i, j)) = (0, 0,..., 0). JAIST COE Symposium / 23
15 (contd.) Security: Semi-honest attacks: analyze the coefficients in G, and infer the roots of f i from P i (i I, I is the index set of honest parties). Lemma 1 In PPSI Protocol, any P i in the coalition of c (1 c N 1) semi-honest parties (P I ) can know no more elements than TI in any T i for i I. Theorem 1 Protocol 1 is a secure protocol Π, which privately solves the PPSI problem with respect to the semi-honest behaviors of arbitrary number of parties. JAIST COE Symposium / 23
16 Main Ideas We assume the adversary controls arbitrary number of parties. Protocol 2 for the malicious model is based on Protocol 1 for the semi-honest model. Blocks are added to prevent malicious behaviors: Attack 1): sending to others an arbitrarily encrypted polynomial without knowing its coefficients. Solution: P i should prove that: 1.1) knowing the plaintexts of E(f), PK{f : E(f)}. 1.2) correct polynomials multiplication, PK{r : M = E(f r) E(f) E(r)} JAIST COE Symposium / 23
17 (contd.) Attack 2): encrypting a polynomial whose coefficients are all zeros. Solution: The honest parties can reset the leading coefficient of polynomials received from others to be E(1). Attack 3): generating a singular matrix R i, then the protocol won t be correct. Solution: P i should prove that R i it generates is nonsingular: PK{R i : D = E(det(R i )) D = E(0) R = E(R i )}. det(r i ) is the determinant of R i. JAIST COE Symposium / 23
18 (contd.) Attack 4): doing multiplication with a matrix R i other than the committed matrix R i. Solution: Each party should prove that he does correct matrix multiplication with the matrix R i it has committed: PK{R : G = E(FR) F = E(F) R = E(R)}. F = (f 1,..., f N ), R is an N N matrix, and E(R) are the encrypted entries of R. JAIST COE Symposium / 23
19 Table 1: Comparisons of solutions for PPSI in the semi-honest model Ours Kissner s Freedman s A quantitative analysis: Computation Cost Communication Cost Security Model 2(c(S + 2)(N 1) 2)lgN +c(s + 2)(N + 3) 2cN(4S + 5)lgN Semi-honest 2(c(S + 1) 2 + 5S + 3)lgN +c(s 2 + 4S + 2) 2cN(5S + 2)lgN Semi-honest ((S + 1)(S + 2) + 3S(N 1) 1)2lgN +S(S + 1) 10S(N 1) 2 lgn Semi-honest S = 20, N = 5, c = 3, lgn = Our protocol saves about 81% and 63% computation costs, 17% and 20% communication costs in comparison with Kissner s and Freedman s solutions. JAIST COE Symposium / 23
20 (contd.) Table 2: Comparisons of solutions for PPSI in the malicious model Computation Cost Communication Cost Security Model Ours O(cSN lgn) O(cSN lgn) Malicious Kissner s O(cS 2 lgn) O(cSNlgN) Malicious In practical applications: S (the size of a set ) N (the number of parties ); Our Protocol can be faster than Kissner s solution. JAIST COE Symposium / 23
21 Future Work JAIST COE Symposium / 23
22 We propose: PPSI protocols in the semi-honest and malicious models which cost less computation time and bandwidth in practical applications than previous results. : Doing comparisons between data disguising techniques and cryptographic techniques. Proposing secure and efficient solutions for some basic computation problems. Proposing secure solutions for some large-scale data mining tasks. JAIST COE Symposium / 23
23 The End Thank You Very Much! JAIST COE Symposium / 23
An Efficient and Secure Protocol for Privacy Preserving Set Intersection
An Efficient and Secure Protocol for Privacy Preserving Set Intersection Yingpeng Sang 1, Hong Shen 2, Laurence T. Yang 3, Naixue Xiong 1, Yasuo Tan 1 1 School of Information Science, Japan Advanced Institute
More informationPrivacy Preserving Set Intersection Protocol Secure Against Malicious Behaviors
Privacy Preserving Set Intersection Protocol Secure Against Malicious Behaviors Yingpeng Sang, Hong Shen School of Computer Science The University of Adelaide Adelaide, South Australia, 5005, Australia
More informationANALYSIS OF PRIVACY-PRESERVING ELEMENT REDUCTION OF A MULTISET
J. Korean Math. Soc. 46 (2009), No. 1, pp. 59 69 ANALYSIS OF PRIVACY-PRESERVING ELEMENT REDUCTION OF A MULTISET Jae Hong Seo, HyoJin Yoon, Seongan Lim, Jung Hee Cheon, and Dowon Hong Abstract. The element
More informationPrivacy Preserving Set Intersection Based on Bilinear Groups
Privacy Preserving Set Intersection Based on Bilinear Groups Yingpeng Sang Hong Shen School of Computer Science The University of Adelaide, Adelaide, South Australia 5005, Australia, Email: {yingpeng.sang,
More informationEfficient Protocols for Privacy Preserving Matching Against Distributed Datasets
Efficient Protocols for Privacy Preserving Matching Against Distributed Datasets Yingpeng Sang 1, Hong Shen 2,YasuoTan 1, and Naixue Xiong 1 1 School of Information Science, Japan Advanced Institute of
More informationPrivacy Preserving Multiset Union with ElGamal Encryption
Privacy Preserving Multiset Union with ElGamal Encryption Jeongdae Hong 1, Jung Woo Kim 1, and Jihye Kim 2 and Kunsoo Park 1, and Jung Hee Cheon 3 1 School of Computer Science and Engineering, Seoul National
More informationAn Unconditionally Secure Protocol for Multi-Party Set Intersection
An Unconditionally Secure Protocol for Multi-Party Set Intersection Ronghua Li 1,2 and Chuankun Wu 1 1 State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences,
More informationLecture 9 and 10: Malicious Security - GMW Compiler and Cut and Choose, OT Extension
CS 294 Secure Computation February 16 and 18, 2016 Lecture 9 and 10: Malicious Security - GMW Compiler and Cut and Choose, OT Extension Instructor: Sanjam Garg Scribe: Alex Irpan 1 Overview Garbled circuits
More informationThesis Proposal: Privacy Preserving Distributed Information Sharing
Thesis Proposal: Privacy Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu July 5, 2005 1 1 Introduction In many important applications, a collection of mutually distrustful parties
More informationBenny Pinkas Bar Ilan University
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar Ilan University 1 Extending OT [IKNP] Is fully simulatable Depends on a non-standard security assumption
More informationMulti-Party Computation with Conversion of Secret Sharing
Multi-Party Computation with Conversion of Secret Sharing Josef Pieprzyk joint work with Hossein Ghodosi and Ron Steinfeld NTU, Singapore, September 2011 1/ 33 Road Map Introduction Background Our Contribution
More informationMultiparty Computation
Multiparty Computation Principle There is a (randomized) function f : ({0, 1} l ) n ({0, 1} l ) n. There are n parties, P 1,...,P n. Some of them may be adversarial. Two forms of adversarial behaviour:
More informationCut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings
Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings Yehuda Lindell Bar-Ilan University, Israel Technion Cryptoday 2014 Yehuda Lindell Online/Offline and Batch Yao 30/12/2014
More informationLectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols
CS 294 Secure Computation January 19, 2016 Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols Instructor: Sanjam Garg Scribe: Pratyush Mishra 1 Introduction Secure multiparty computation
More informationSecure Computation. Unconditionally Secure Multi- Party Computation
Secure Computation Unconditionally Secure Multi- Party Computation Benny Pinkas page 1 Overview Completeness theorems for non-cryptographic faulttolerant distributed computation M. Ben-Or, S. Goldwasser,
More informationIntroduction to Cryptography Lecture 13
Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple
More informationMultiparty Computation (MPC) Arpita Patra
Multiparty Computation (MPC) Arpita Patra MPC offers more than Traditional Crypto! > MPC goes BEYOND traditional Crypto > Models the distributed computing applications that simultaneously demands usability
More informationPrivacy-Preserving Distributed Information Sharing
Privacy-Preserving Distributed Information Sharing Lea Kissner CMU-CS-06-149 July 2006 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Thesis Committee: Dawn Song, Chair Manuel
More informationPrivacy-preserving cooperative statistical analysis
Syracuse University SURFACE Electrical Engineering and Computer Science College of Engineering and Computer Science 2001 Privacy-preserving cooperative statistical analysis Wenliang Du Syracuse University,
More informationSecret sharing schemes
Secret sharing schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction Shamir s secret sharing scheme perfect secret
More informationAre you the one to share? Secret Transfer with Access Structure
Are you the one to share? Secret Transfer with Access Structure Yongjun Zhao, Sherman S.M. Chow Department of Information Engineering The Chinese University of Hong Kong, Hong Kong Private Set Intersection
More informationHonest-Verifier Private Disjointness Testing without Random Oracles
Honest-Verifier Private Disjointness Testing without Random Oracles Susan Hohenberger and Stephen A. Weis Massachusetts Institute of Technology Cambridge, MA, USA {srhohen,sweis}@mit.edu Abstract. We present
More informationLecture Notes 20: Zero-Knowledge Proofs
CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Lecture Notes 20: Zero-Knowledge Proofs Reading. Katz-Lindell Ÿ14.6.0-14.6.4,14.7 1 Interactive Proofs Motivation: how can parties
More informationPrivate Intersection of Certified Sets
Private Intersection of Certified Sets Jan Camenisch 1 and Gregory M. Zaverucha 2 1 IBM Research Zürich Research Laboratory CH-8803 Rüschlikon jca@zurich.ibm.com 2 Cheriton School of Computer Science University
More informationOblivious Transfer and Secure Multi-Party Computation With Malicious Parties
CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties Vitaly Shmatikov slide 1 Reminder: Oblivious Transfer b 0, b 1 i = 0 or 1 A b i B A inputs two bits, B inputs the index
More informationEvaluating 2-DNF Formulas on Ciphertexts
Evaluating 2-DNF Formulas on Ciphertexts Dan Boneh, Eu-Jin Goh, and Kobbi Nissim Theory of Cryptography Conference 2005 Homomorphic Encryption Enc. scheme is homomorphic to function f if from E[A], E[B],
More informationParallel Coin-Tossing and Constant-Round Secure Two-Party Computation
Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation Yehuda Lindell Dept. of Computer Science and Applied Math. The Weizmann Institute of Science Rehovot 76100, Israel. lindell@wisdom.weizmann.ac.il
More informationBenny Pinkas. Winter School on Secure Computation and Efficiency Bar-Ilan University, Israel 30/1/2011-1/2/2011
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar-Ilan University 1 What is N? Bar-Ilan University 2 Completeness theorems for non-cryptographic fault-tolerant
More informationLecture 14: Secure Multiparty Computation
600.641 Special Topics in Theoretical Cryptography 3/20/2007 Lecture 14: Secure Multiparty Computation Instructor: Susan Hohenberger Scribe: Adam McKibben 1 Overview Suppose a group of people want to determine
More informationSecure Multi-Party Computation
Secure Multi-Party Computation (cryptography for the not so good, the not so bad and the not so ugly) María Isabel González Vasco mariaisabel.vasco@urjc.es Based on joint work with Paolo D Arco (U. Salerno)
More informationSingle Database Private Information Retrieval with Logarithmic Communication
Single Database Private Information Retrieval with Logarithmic Communication Yan-Cheng Chang Harvard University ycchang@eecs.harvard.edu February 10, 2004 Abstract In this paper, we study the problem of
More informationOn Two Round Rerunnable MPC Protocols
On Two Round Rerunnable MPC Protocols Paul Laird Dublin Institute of Technology, Dublin, Ireland email: {paul.laird}@dit.ie Abstract. Two-rounds are minimal for all MPC protocols in the absence of a trusted
More informationSecure Multiparty Computation from Graph Colouring
Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012 Ron Steinfeld Secure Multiparty Computation from Graph Colouring July 2012 1/34 Acknowledgements Based on joint
More informationPrivacy-Preserving Data Imputation
Privacy-Preserving Data Imputation Geetha Jagannathan Stevens Institute of Technology Hoboken, NJ, 07030, USA gjaganna@cs.stevens.edu Rebecca N. Wright Stevens Institute of Technology Hoboken, NJ, 07030,
More informationPrivacy-Preserving Ridge Regression Without Garbled Circuits
Privacy-Preserving Ridge Regression Without Garbled Circuits Marc Joye NXP Semiconductors, San Jose, USA marc.joye@nxp.com Abstract. Ridge regression is an algorithm that takes as input a large number
More informationSecure Vickrey Auctions without Threshold Trust
Secure Vickrey Auctions without Threshold Trust Helger Lipmaa Helsinki University of Technology, {helger}@tcs.hut.fi N. Asokan, Valtteri Niemi Nokia Research Center, {n.asokan,valtteri.niemi}@nokia.com
More informationAn Efficient Protocol for Fair Secure Two-Party Computation
Appears in Cryptographers Track-RSA Conference (CT-RSA 2008), Lecture Notes in Computer Science 4964 (2008) 88 105. Springer-Verlag. An Efficient Protocol for Fair Secure Two-Party Computation Mehmet S.
More informationSealed-bid Auctions with Efficient Bids
Sealed-bid Auctions with Efficient Bids Toru Nakanishi, Daisuke Yamamoto, and Yuji Sugiyama Department of Communication Network Engineering, Faculty of Engineering, Okayama University 3-1-1 Tsushima-naka,
More informationCryptanalysis of Threshold-Multisignature Schemes
Cryptanalysis of Threshold-Multisignature Schemes Lifeng Guo Institute of Systems Science, Academy of Mathematics and System Sciences, Chinese Academy of Sciences, Beijing 100080, P.R. China E-mail address:
More informationFair Private Set Intersection with a Semi-trusted Arbiter
Fair Private Set Intersection with a Semi-trusted Arbiter Changyu Dong 1, Liqun Chen 2, Jan Camenisch 3, and Giovanni Russello 4 1 Department of Computer and Information Sciences,University of Strathclyde,
More informationCovert Multi-party Computation
Covert Multi-party Computation Nishanth Chandran Vipul Goyal Rafail Ostrovsky Amit Sahai University of California, Los Angeles {nishanth,vipul,rafail,sahai}@cs.ucla.edu Abstract In STOC 05, Ahn, Hopper
More informationRound-Efficient Multi-party Computation with a Dishonest Majority
Round-Efficient Multi-party Computation with a Dishonest Majority Jonathan Katz, U. Maryland Rafail Ostrovsky, Telcordia Adam Smith, MIT Longer version on http://theory.lcs.mit.edu/~asmith 1 Multi-party
More informationExtracting Witnesses from Proofs of Knowledge in the Random Oracle Model
Extracting Witnesses from Proofs of Knowledge in the Random Oracle Model Jens Groth Cryptomathic and BRICS, Aarhus University Abstract We prove that a 3-move interactive proof system with the special soundness
More informationUniversally Composable Multi-Party Computation with an Unreliable Common Reference String
Universally Composable Multi-Party Computation with an Unreliable Common Reference String Vipul Goyal 1 and Jonathan Katz 2 1 Department of Computer Science, UCLA vipul@cs.ucla.edu 2 Department of Computer
More informationEfficient and Secure Delegation of Linear Algebra
Efficient and Secure Delegation of Linear Algebra Payman Mohassel University of Calgary pmohasse@cpsc.ucalgary.ca Abstract We consider secure delegation of linear algebra computation, wherein a client,
More informationShort Exponent Diffie-Hellman Problems
Short Exponent Diffie-Hellman Problems Takeshi Koshiba 12 and Kaoru Kurosawa 3 1 Secure Computing Lab., Fujitsu Laboratories Ltd. 2 ERATO Quantum Computation and Information Project, Japan Science and
More informationk-nearest Neighbor Classification over Semantically Secure Encry
k-nearest Neighbor Classification over Semantically Secure Encrypted Relational Data Reporter:Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU May 9, 2014 1 2 3 4 5 Outline 1. Samanthula B K, Elmehdwi
More informationFounding Cryptography on Smooth Projective Hashing
Founding Cryptography on Smooth Projective Hashing Bing Zeng a a School of Software Engineering, South China University of Technology, Guangzhou, 510006, China Abstract Oblivious transfer (OT) is a fundamental
More informationSHADE: Secure HAmming DistancE computation from oblivious transfer
SHADE: Secure HAmming DistancE computation from oblivious transfer Julien Bringer 1, Hervé Chabanne 1,2, and Alain Patey 1,2 1 Morpho 2 Télécom ParisTech Identity and Security Alliance (The Morpho and
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationIntroduction to Modern Cryptography Lecture 11
Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00
More informationOblivious Evaluation of Multivariate Polynomials. and Applications
The Open University of Israel Department of Mathematics and Computer Science Oblivious Evaluation of Multivariate Polynomials and Applications Thesis submitted as partial fulfillment of the requirements
More information4-3 A Survey on Oblivious Transfer Protocols
4-3 A Survey on Oblivious Transfer Protocols In this paper, we survey some constructions of oblivious transfer (OT) protocols from public key encryption schemes. We begin with a simple construction of
More informationSecurity Protocols and Application Final Exam
Security Protocols and Application Final Exam Solution Philippe Oechslin and Serge Vaudenay 25.6.2014 duration: 3h00 no document allowed a pocket calculator is allowed communication devices are not allowed
More informationOne-Round Secure Computation and Secure Autonomous Mobile Agents
One-Round Secure Computation and Secure Autonomous Mobile Agents (Extended Abstract) Christian Cachin 1, Jan Camenisch 1, Joe Kilian 2, and Joy Müller 1 Abstract. This paper investigates one-round secure
More informationModulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis. Financial Cryptography '10, Tenerife, Spain
Modulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis Bart Mennink (K.U.Leuven) Joint work with: Jorge Guajardo (Philips Research Labs) Berry Schoenmakers (TU Eindhoven)
More informationEntity Authentication
Entity Authentication Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Entity authentication pk (sk, pk) Gen α 1 β 1 β i V pk (α 1,...,α i 1 ) α i P sk (β 1,...,β i 1 ) Is it Charlie? α k The
More informationMultiparty Computation from Somewhat Homomorphic Encryption. November 9, 2011
Multiparty Computation from Somewhat Homomorphic Encryption Ivan Damgård 1 Valerio Pastro 1 Nigel Smart 2 Sarah Zakarias 1 1 Aarhus University 2 Bristol University CTIC 交互计算 November 9, 2011 Damgård, Pastro,
More informationA Fair and Efficient Solution to the Socialist Millionaires Problem
In Discrete Applied Mathematics, 111 (2001) 23 36. (Special issue on coding and cryptology) A Fair and Efficient Solution to the Socialist Millionaires Problem Fabrice Boudot a Berry Schoenmakers b Jacques
More information1 Secure two-party computation
CSCI 5440: Cryptography Lecture 7 The Chinese University of Hong Kong, Spring 2018 26 and 27 February 2018 In the first half of the course we covered the basic cryptographic primitives that enable secure
More informationFast and Private Computation of Cardinality of Set Intersection and Union *
Fast and Private Computation of Cardinality of Set Intersection and Union * Emiliano De Cristofaro, Paolo Gasti, Gene Tsudik PARC UC Irvine Abstract In many everyday scenarios, sensitive information must
More informationKeyword Search and Oblivious Pseudo-Random Functions
Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold 1 Background: Oblivious Transfer Oblivious Transfer (OT) [R], 1-out-of-N [EGL]: Input: Server:
More informationFast and Private Computation of Cardinality of Set Intersection and Union
Fast and Private Computation of Cardinality of Set Intersection and Union Emiliano De Cristofaro 1, Paolo Gasti 2, and Gene Tsudik 3 1 Palo Alto Research Center Emiliano.DeCristofaro@parc.com 2 New York
More informationReducing Garbled Circuit Size While Preserving Circuit Gate Privacy *
Reducing Garbled Circuit Size While Preserving Circuit Gate Privacy * Yongge Wang 1 and Qutaibah m. Malluhi 2 1 Department of SIS, UNC Charlotte, USA (yonwang@uncc.edu) 2 Department of CS, Qatar University,
More informationEfficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply
CIS 2018 Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply Claudio Orlandi, Aarhus University Circuit Evaluation 3) Multiplication? How to compute [z]=[xy]? Alice, Bob
More informationGeneralized Oblivious Transfer by Secret Sharing
Generalized Oblivious Transfer by Secret Sharing Tamir Tassa Abstract The notion of Generalized Oblivious Transfer (GOT) was introduced by Ishai and Kushilevitz in [12]. In a GOT protocol, Alice holds
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationOn Achieving the Best of Both Worlds in Secure Multiparty Computation
On Achieving the Best of Both Worlds in Secure Multiparty Computation Yuval Ishai Jonathan Katz Eyal Kushilevitz Yehuda Lindell Erez Petrank Abstract Two settings are traditionally considered for secure
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationAdditive Conditional Disclosure of Secrets
Additive Conditional Disclosure of Secrets Sven Laur swen@math.ut.ee Helsinki University of Technology Motivation Consider standard two-party computation protocol. x f 1 (x, y) m 1 m2 m r 1 mr f 2 (x,
More informationError-Tolerant Combiners for Oblivious Primitives
Error-Tolerant Combiners for Oblivious Primitives Bartosz Przydatek 1 and Jürg Wullschleger 2 1 Google Switzerland, (Zurich, Switzerland) przydatek@google.com 2 University of Bristol (Bristol, United Kingdom)
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationSecure Computation of the Mean and Related Statistics
A preliminary version of this paper appeared in Theory of Cryptography Conference, TCC 05, Lecture Notes in Computer Science Vol.???, Joe Kilian ed, Springer Verlag, 2005. This is the full version. Secure
More informationINFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING
INFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING Changlu Lin State Key Lab. of Information Security, Graduate University of Chinese Academy of Sciences, China Key Lab. of Network Security
More informationFast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries
Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries Yehuda Lindell Dept. of Computer Science Bar-Ilan University, Israel lindell@biu.ac.il February 8, 2015 Abstract In the setting
More informationEfficient Fuzzy Matching and Intersection on Private Datasets
Efficient Fuzzy Matching and Intersection on Private Datasets Qingsong Ye 1, Ron Steinfeld 1, Josef Pieprzyk 1, and Huaxiong Wang 1,2 1 Centre for Advanced Computing Algorithms and Cryptography Department
More informationCryptographical Security in the Quantum Random Oracle Model
Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons
More informationRate-Limited Secure Function Evaluation: Definitions and Constructions
An extended abstract of this paper is published in the proceedings of the 16th International Conference on Practice and Theory in Public-Key Cryptography PKC 2013. This is the full version. Rate-Limited
More informationCMSC 858K Introduction to Secure Computation October 18, Lecture 19
CMSC 858K Introduction to Secure Computation October 18, 2013 Lecturer: Jonathan Katz Lecture 19 Scribe(s): Alex J. Malozemoff 1 Zero Knowledge Variants and Results Recall that a proof-of-knowledge (PoK)
More informationA Zero-One Law for Secure Multi-Party Computation with Ternary Outputs
A Zero-One Law for Secure Multi-Party Computation with Ternary Outputs KTH Royal Institute of Technology gkreitz@kth.se TCC, Mar 29 2011 Model Limits of secure computation Our main result Theorem (This
More informationComputing on Encrypted Data
Computing on Encrypted Data COSIC, KU Leuven, ESAT, Kasteelpark Arenberg 10, bus 2452, B-3001 Leuven-Heverlee, Belgium. August 31, 2018 Computing on Encrypted Data Slide 1 Outline Introduction Multi-Party
More informationPrivacy-Preserving Protocols for Eigenvector Computation
Privacy-Preserving Protocols for Eigenvector Computation Manas A. Pathak and Bhiksha Raj Carnegie Mellon University, Pittsburgh, PA 15213, USA Abstract. In this paper, we present a protocol for computing
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationMASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer Tore Frederiksen Emmanuela Orsini Marcel Keller Peter Scholl Aarhus University University of Bristol 31 May 2016 Secure Multiparty
More informationNew Notions of Security: Universal Composability without Trusted Setup
New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran & Amit Sahai Princeton University To appear in STOC 04 Defining Security Central Problem in Cryptography Understanding
More informationOblivious Keyword Search
Oblivious Keyword Search Wakaha Ogata 1 Kaoru Kurosawa 2 1 Tokyo Institute of Technology, 2-12-1 O-okayama, Meguro-ku, Tokyo 152-8552, Japan wakaha@ss.titech.ac.jp 2 Ibaraki University, 4-12-1 Nakanarusawa,
More informationk-points-of-interest Low-Complexity Privacy-Preserving k-pois Search Scheme by Dividing and Aggregating POI-Table
Computer Security Symposium 2014 22-24 October 2014 k-points-of-interest 223-8522 3-14-1 utsunomiya@sasase.ics.keio.ac.jp POIs Points of Interest Lien POI POI POI POI Low-Complexity Privacy-Preserving
More informationEfficient Set Intersection with Simulation-Based Security
Efficient Set Intersection with Simulation-Based Security Michael J. Freedman Carmit Hazay Kobbi Nissim Benny Pinkas September 4, 2014 Abstract We consider the problem of computing the intersection of
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationPractical Verifiable Encryption and Decryption of Discrete Logarithms
Practical Verifiable Encryption and Decryption of Discrete Logarithms Jan Camenisch IBM Zurich Research Lab Victor Shoup New York University p.1/27 Verifiable encryption of discrete logs Three players:
More informationSecure Modulo Zero-Sum Randomness as Cryptographic Resource
Secure Modulo Zero-Sum Randomness as Cryptographic Resource Masahito Hayashi 12 and Takeshi Koshiba 3 1 Graduate School of Mathematics, Nagoya University masahito@math.nagoya-u.ac.jp 2 Centre for Quantum
More informationPractical Fully Homomorphic Encryption without Noise Reduction
Practical Fully Homomorphic Encryption without Noise Reduction Dongxi Liu CSIRO, Marsfield, NSW 2122, Australia dongxi.liu@csiro.au Abstract. We present a new fully homomorphic encryption (FHE) scheme
More informationSELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION
Journal of Applied Mathematics and Computational Mechanics 2016, 15(1), 39-47 www.amcm.pcz.pl p-issn 2299-9965 DOI: 10.17512/jamcm.2016.1.04 e-issn 2353-0588 SELECTED APPLICATION OF THE CHINESE REMAINDER
More information1 Basic Number Theory
ECS 228 (Franklin), Winter 2013, Crypto Review 1 Basic Number Theory This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationSecure Linear Algebra Using Linearly Recurrent Sequences
Secure Linear Algebra Using Linearly Recurrent Sequences Eike Kiltz, Payman Mohassel, Enav Weinreb, and Matthew Franklin Abstract. In this work we present secure two-party protocols for various core problems
More informationCryptographic Multilinear Maps. Craig Gentry and Shai Halevi
Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,
More informationMTAT Cryptology II. Zero-knowledge Proofs. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Zero-knowledge Proofs Sven Laur University of Tartu Formal Syntax Zero-knowledge proofs pk (pk, sk) Gen α 1 β 1 β i V pk (α 1,...,α i 1 ) α i P sk (β 1,...,β i 1 ) (pk,sk)? R
More informationLecture 11: Non-Interactive Zero-Knowledge II. 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian problem
CS 276 Cryptography Oct 8, 2014 Lecture 11: Non-Interactive Zero-Knowledge II Instructor: Sanjam Garg Scribe: Rafael Dutra 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian
More informationEfficient Conversion of Secret-shared Values Between Different Fields
Efficient Conversion of Secret-shared Values Between Different Fields Ivan Damgård and Rune Thorbek BRICS, Dept. of Computer Science, University of Aarhus Abstract. We show how to effectively convert a
More informationImpossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs
Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs Dafna Kidron Yehuda Lindell June 6, 2010 Abstract Universal composability and concurrent general composition
More information