Are you the one to share? Secret Transfer with Access Structure
|
|
- Tyrone Conley
- 5 years ago
- Views:
Transcription
1 Are you the one to share? Secret Transfer with Access Structure Yongjun Zhao, Sherman S.M. Chow Department of Information Engineering The Chinese University of Hong Kong, Hong Kong
2 Private Set Intersection (PSI) Compute the intersection A B without revealing elements A B??
3 Applications of PSI: Common Interests
4 Applications of PSI: Common Customers
5 Classical Definition for PSI F PSI : X, Y X Y, Well established notion in crypto and security communities client server Input: X = {x 1,, x n } Y = {y 1,, y m } Output: X Y Other variants: fair PSI (both parties obtain X Y), multi-party PSI (>2 participants), etc.
6 Classical Definition for PSI (limitation) F PSI : X, Y (, ) client server Input: X = {x 1,, x n } Y = {y 1,, y m } Output: X Y One party ALAWYS learns the outcome
7 They do not really match that well
8 Classical Definition (limitation) Traditional PSI always reveals the intersection Intersection set itself could be: Sensitive: threat information Commercial asset: customer list Personal info: friend list, hobbies, preferences Intersection should only be revealed when necessary (i.e., the interaction satisfying some policy P( )) e.g., the size exceeds some threshold number
9 More Privacy-Friendly PSI Our new notion: PSI with (monotone) access structure Reveal A B only if P A B = 1 Special cases: (over) threshold PSI P A B = 1 if A B t 0 if A B < t Applications: Private match-making Auditing leakage in information sharing Intersection of threat information / suspect lists / customer list
10 Concrete Construction We construct PSI with access structure in a modular way Roadmap: OTSA STAS PSI w/ AS Oblivious Transfer for a Sparse Array Secret Transfer with Access Structure PSI with Access Structure
11 Oblivious Transfer for a Sparse Array Roadmap: OTSA STAS PSI w/ AS Oblivious Transfer for a Sparse Array Secret Transfer with Access Structure PSI with Access Structure
12 Oblivious Transfer for a Sparse Array (OTSA) F OTSA : x, y (D, ) Input: Output: x = {x 1,, x n } y = {(y 1, d 1 ),, (y m, d m )} D = {d i y i {x 1, x 2,, x n }} Generalizing standard n-out-of-m OT: x 1,, x n {y 1,, y m } x 1,, x n {y 1,, y m } is hidden from receiver
13 Oblivious Polynomial Evaluation (OPE) Encode the set {x 1,, x n } as polynomial: p = x x 1 x x 2 x x n = a 0 + a 1 x + + a n x n Observation: y i X p y i = 0 Given encrypted coefficients a 0, a 1,, a n of a polynomial p We can evaluate its value at x via homomorphic encryption: Enc pk p x = Enc pk a 0 + a 1 x + + a n x n = Enc pk a 0 Enc pk a 1 x (Enc pk (a n ) x n )
14 OTSA from Oblivious Polynomial Evaluation pk, Enc pk a 0,, Enc pk (a n ) {z 1,, z m } (permuted) z i = Enc pk (r i p y i + d i ) (pk, sk) {x 1,, x n } if y i {x 1,, x n } if y i {x 1,, x n } {y 1,, y m } {d 1,, d m } z i will be decrypted to d i z i will be decrypted to random
15 Construction of OTSA pk, Enc pk a 0,, Enc pk (a n ) z i = Enc pk (r i p y i + d i ) z 1,, z m Honest-but-curious model extended to malicious model using zero-knowledge proofs (details in the paper) Computational complexity: O(mn) (worse than O(n log n) via generic approach) O(n) construction (honest-but-curious) in the paper based on garbled Bloom filter [Dong-Chen@CCS 13]
16 PSI with Access Structure Roadmap: OTSA STAS PSI w/ AS Oblivious Transfer for a Sparse Array Secret Transfer with Access Structure PSI with Access Structure
17 Secret Sharing Split a secret s into shares s can be reconstructed only if qualified subset of shares are combined SecretShare(s) {s 1, s 2,, s n } Reconstruct(s i1, s i2,, s ik ) s or Example: access structure: s 1 AND {s 2 OR s 3 } AND s 4 AND s 5 qualified subsets: {s 1, s 2, s 4, s 5 } {s 1, s 3, s 4, s 5 } {s 1, s 2, s 3, s 4, s 5 }
18 Secret Transfer with Access Structure F STAS : Input: X = {x 1,, x n } s, Y = y 1,, y m Output: X Y and s iff P X Y = 1
19 OTSA + Secret Sharing = STAS (pk, sk) X = {x 1,, x n } pk, Enc pk a 0,, Enc pk (a n ) z 1,, z m SecretShare(s) {s 1, s 2,, s m } z i = Enc pk (r i p X y i + s i ) Y = {y 1,, y m } s if y i X if y i X z i will be decrypted to s i z i will be decrypted to random
20 OTSA + Secret Sharing = STAS (pk, sk) X = {x 1,, x n } pk, Enc pk a 0,, Enc pk (a n ) z 1,, z m SecretShare(s) {s 1, s 2,, s m } z i = Enc pk (r i p X y i + s i ) Y = {y 1,, y m } s If X Y satisfies the access structure The receiver can reconstruct the secret s!
21 PSI with Access Structure Roadmap: PSI w/ DT STAS PSI w/ AS Oblivious Transfer for a Sparse Array Secret Transfer with Access Structure PSI with Access Structure
22 PSI with Access Structure from STAS STAS protocol X = {x 1,, x n } Y = {y 1,, y m } and s The receiver can reconstruct the secret s if and only if X Y satisfies the access structure
23 STAS + PSI = PSI with Access Structure Normal PSI X = {x 1 s,, x n s} Y = {y 1 s,, y m s} If X Y satisfies the access structure The receiver can learn X Y, which is essentially X Y
24 PSI with Access Structure Normal PSI X = {x 1 s,, x n s } Y = {y 1 s,, y m s} If X Y does not satisfies the access structure The receiver can learn X Y, which is an empty set
25 Concluding Remarks We introduce the notions of Oblivious Transfer with Spare Array (OTSA) Secret Transfer with Access Structure (STAS) PSI with Access Structure We then construct Two OTSA schemes (from OPE / garbled Bloom filter) OTSA + Secret Sharing = STAS STAS + PSI = PSI with Access Structure Future work 1: can we hide X Y in STAS? Future work 2: can we support non-monotone access structure? {zy113, sherman}@ie.cuhk.edu.hk Under submission
Secure Multi-Party Computation
Secure Multi-Party Computation (cryptography for the not so good, the not so bad and the not so ugly) María Isabel González Vasco mariaisabel.vasco@urjc.es Based on joint work with Paolo D Arco (U. Salerno)
More informationKeyword Search and Oblivious Pseudo-Random Functions
Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold 1 Background: Oblivious Transfer Oblivious Transfer (OT) [R], 1-out-of-N [EGL]: Input: Server:
More information1 Secure two-party computation
CSCI 5440: Cryptography Lecture 7 The Chinese University of Hong Kong, Spring 2018 26 and 27 February 2018 In the first half of the course we covered the basic cryptographic primitives that enable secure
More informationMachine Learning Classification over Encrypted Data. Raphael Bost, Raluca Ada Popa, Stephen Tu, Shafi Goldwasser
Machine Learning Classification over Encrypted Data Raphael Bost, Raluca Ada Popa, Stephen Tu, Shafi Goldwasser Classification (Machine Learning) Supervised learning (training) Classification data set
More informationBenny Pinkas Bar Ilan University
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar Ilan University 1 Extending OT [IKNP] Is fully simulatable Depends on a non-standard security assumption
More informationCut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings
Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings Yehuda Lindell Bar-Ilan University, Israel Technion Cryptoday 2014 Yehuda Lindell Online/Offline and Batch Yao 30/12/2014
More informationPrivate Comparison. Chloé Hébant 1, Cedric Lefebvre 2, Étienne Louboutin3, Elie Noumon Allini 4, Ida Tucker 5
Private Comparison Chloé Hébant 1, Cedric Lefebvre 2, Étienne Louboutin3, Elie Noumon Allini 4, Ida Tucker 5 1 École Normale Supérieure, CNRS, PSL University 2 IRIT 3 Chair of Naval Cyber Defense, IMT
More informationAdditive Conditional Disclosure of Secrets
Additive Conditional Disclosure of Secrets Sven Laur swen@math.ut.ee Helsinki University of Technology Motivation Consider standard two-party computation protocol. x f 1 (x, y) m 1 m2 m r 1 mr f 2 (x,
More informationLectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols
CS 294 Secure Computation January 19, 2016 Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols Instructor: Sanjam Garg Scribe: Pratyush Mishra 1 Introduction Secure multiparty computation
More informationIntroduction to Modern Cryptography Lecture 11
Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00
More informationSecret sharing schemes
Secret sharing schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction Shamir s secret sharing scheme perfect secret
More information4-3 A Survey on Oblivious Transfer Protocols
4-3 A Survey on Oblivious Transfer Protocols In this paper, we survey some constructions of oblivious transfer (OT) protocols from public key encryption schemes. We begin with a simple construction of
More informationComputing on Encrypted Data
Computing on Encrypted Data COSIC, KU Leuven, ESAT, Kasteelpark Arenberg 10, bus 2452, B-3001 Leuven-Heverlee, Belgium. August 31, 2018 Computing on Encrypted Data Slide 1 Outline Introduction Multi-Party
More informationMulti-Party Computation with Conversion of Secret Sharing
Multi-Party Computation with Conversion of Secret Sharing Josef Pieprzyk joint work with Hossein Ghodosi and Ron Steinfeld NTU, Singapore, September 2011 1/ 33 Road Map Introduction Background Our Contribution
More informationA Zero-One Law for Secure Multi-Party Computation with Ternary Outputs
A Zero-One Law for Secure Multi-Party Computation with Ternary Outputs KTH Royal Institute of Technology gkreitz@kth.se TCC, Mar 29 2011 Model Limits of secure computation Our main result Theorem (This
More informationANALYSIS OF PRIVACY-PRESERVING ELEMENT REDUCTION OF A MULTISET
J. Korean Math. Soc. 46 (2009), No. 1, pp. 59 69 ANALYSIS OF PRIVACY-PRESERVING ELEMENT REDUCTION OF A MULTISET Jae Hong Seo, HyoJin Yoon, Seongan Lim, Jung Hee Cheon, and Dowon Hong Abstract. The element
More informationSecret Sharing CPT, Version 3
Secret Sharing CPT, 2006 Version 3 1 Introduction In all secure systems that use cryptography in practice, keys have to be protected by encryption under other keys when they are stored in a physically
More informationModulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis. Financial Cryptography '10, Tenerife, Spain
Modulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis Bart Mennink (K.U.Leuven) Joint work with: Jorge Guajardo (Philips Research Labs) Berry Schoenmakers (TU Eindhoven)
More informationEfficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply
CIS 2018 Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply Claudio Orlandi, Aarhus University Circuit Evaluation 3) Multiplication? How to compute [z]=[xy]? Alice, Bob
More informationPerfect Secure Computation in Two Rounds
Perfect Secure Computation in Two Rounds Benny Applebaum Tel Aviv University Joint work with Zvika Brakerski and Rotem Tsabary Theory and Practice of Multiparty Computation Workshop, Aarhus, 2018 The MPC
More informationi-hop Homomorphic Encryption Schemes
i-hop Homomorphic Encryption Schemes Craig Gentry Shai Halevi Vinod Vaikuntanathan March 12, 2010 Abstract A homomorphic encryption scheme enables computing on encrypted data by means of a public evaluation
More informationFundamental MPC Protocols
3 Fundamental MPC Protocols In this chapter we survey several important MPC approaches, covering the main protocols and presenting the intuition behind each approach. All of the approaches discussed can
More informationDistributed Oblivious RAM for Secure Two-Party Computation
Seminar in Distributed Computing Distributed Oblivious RAM for Secure Two-Party Computation Steve Lu & Rafail Ostrovsky Philipp Gamper Philipp Gamper 2017-04-25 1 Yao s millionaires problem Two millionaires
More informationEvaluating 2-DNF Formulas on Ciphertexts
Evaluating 2-DNF Formulas on Ciphertexts Dan Boneh, Eu-Jin Goh, and Kobbi Nissim Theory of Cryptography Conference 2005 Homomorphic Encryption Enc. scheme is homomorphic to function f if from E[A], E[B],
More informationAn Efficient and Secure Protocol for Privacy Preserving Set Intersection
An Efficient and Secure Protocol for Privacy Preserving Set Intersection PhD Candidate: Yingpeng Sang Advisor: Associate Professor Yasuo Tan School of Information Science Japan Advanced Institute of Science
More informationOn i-hop Homomorphic Encryption
No relation to On i-hop Homomorphic Encryption Craig Gentry, Shai Halevi, Vinod Vaikuntanathan IBM Research 2 This Work is About Connections between: Homomorphic encryption (HE) Secure function evaluation
More informationCircular Range Search on Encrypted Spatial Data
Circular Range Search on Encrypted Spatial Data Boyang Wang, Ming Li, Haitao Wang and Hui Li Department of Computer Science, Utah State University, Logan, UT, USA State Key Laboratory of Integrated Service
More informationRate-Limited Secure Function Evaluation: Definitions and Constructions
An extended abstract of this paper is published in the proceedings of the 16th International Conference on Practice and Theory in Public-Key Cryptography PKC 2013. This is the full version. Rate-Limited
More informationEfficient Conversion of Secret-shared Values Between Different Fields
Efficient Conversion of Secret-shared Values Between Different Fields Ivan Damgård and Rune Thorbek BRICS, Dept. of Computer Science, University of Aarhus Abstract. We show how to effectively convert a
More informationOn Adaptively Secure Multiparty Computation with a Short CRS [SCN 16] Ran Cohen (Tel Aviv University) Chris Peikert (University of Michigan)
On Adaptively Secure Multiparty Computation with a Short CRS [SCN 16] Ran Cohen (Tel Aviv University) Chris Peikert (University of Michigan) Secure Multiparty Computation (MPC) Ideal World/ Functionality
More informationSecure Computation of Hidden Markov Models and Secure Floating-Point Arithmetic in the Malicious Model
Noname manuscript No. (will be inserted by the editor) Secure Computation of Hidden Markov Models and Secure Floating-Point Arithmetic in the Malicious Model Mehrdad Aliasgari Marina Blanton Fattaneh Bayatbabolghani
More informationMultiparty Computation
Multiparty Computation Principle There is a (randomized) function f : ({0, 1} l ) n ({0, 1} l ) n. There are n parties, P 1,...,P n. Some of them may be adversarial. Two forms of adversarial behaviour:
More informationMinimal Design for Decentralized Wallet. Omer Shlomovits
Minimal Design for Decentralized Wallet Omer Shlomovits 1 !2 Motivation Imagine we had a private key management system where: No single point of failure Move of assets (signing) cannot happen without Owner
More informationSecure computation of hidden Markov models and secure floating-point arithmetic in the malicious model
Int. J. Inf. Secur. DOI 10.1007/s10207-016-0350-0 REGULAR CONTRIBUTION Secure computation of hidden Markov models and secure floating-point arithmetic in the malicious model Mehrdad Aliasgari 1 Marina
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationReducing Garbled Circuit Size While Preserving Circuit Gate Privacy *
Reducing Garbled Circuit Size While Preserving Circuit Gate Privacy * Yongge Wang 1 and Qutaibah m. Malluhi 2 1 Department of SIS, UNC Charlotte, USA (yonwang@uncc.edu) 2 Department of CS, Qatar University,
More informationFully Key-Homomorphic Encryption and its Applications
Fully Key-Homomorphic Encryption and its Applications D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, Valeria Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy Outline Background on PKE and IBE Functionality
More informationMultiparty Computation (MPC) Arpita Patra
Multiparty Computation (MPC) Arpita Patra MPC offers more than Traditional Crypto! > MPC goes BEYOND traditional Crypto > Models the distributed computing applications that simultaneously demands usability
More informationEfficient Public-Key Distance Bounding
Efficient Public-Key Distance Bounding HNDN KILINÇ ND SERGE VUDENY 1 1. Introduction of Distance Bounding 2. Formal Definitions for Security and Privacy 3. Weak uthenticated Key greement 4. Our Protocols:
More informationMultiparty Computation from Somewhat Homomorphic Encryption. November 9, 2011
Multiparty Computation from Somewhat Homomorphic Encryption Ivan Damgård 1 Valerio Pastro 1 Nigel Smart 2 Sarah Zakarias 1 1 Aarhus University 2 Bristol University CTIC 交互计算 November 9, 2011 Damgård, Pastro,
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationSecret Sharing. Qi Chen. December 14, 2015
Secret Sharing Qi Chen December 14, 2015 What is secret sharing? A dealer: know the secret S and distribute the shares of S to each party A set of n parties P n {p 1,, p n }: each party owns a share Authorized
More informationLecture 38: Secure Multi-party Computation MPC
Lecture 38: Secure Multi-party Computation Problem Statement I Suppose Alice has private input x, and Bob has private input y Alice and Bob are interested in computing z = f (x, y) such that each party
More informationMarch 19: Zero-Knowledge (cont.) and Signatures
March 19: Zero-Knowledge (cont.) and Signatures March 26, 2013 1 Zero-Knowledge (review) 1.1 Review Alice has y, g, p and claims to know x such that y = g x mod p. Alice proves knowledge of x to Bob w/o
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationk-nearest Neighbor Classification over Semantically Secure Encry
k-nearest Neighbor Classification over Semantically Secure Encrypted Relational Data Reporter:Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU May 9, 2014 1 2 3 4 5 Outline 1. Samanthula B K, Elmehdwi
More informationLinear Secret-Sharing Schemes for Forbidden Graph Access Structures
Linear Secret-Sharing Schemes for Forbidden Graph Access Structures Amos Beimel 1, Oriol Farràs 2, Yuval Mintz 1, and Naty Peter 1 1 Ben Gurion University of the Negev, Be er Sheva, Israel 2 Universitat
More informationSELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION
Journal of Applied Mathematics and Computational Mechanics 2016, 15(1), 39-47 www.amcm.pcz.pl p-issn 2299-9965 DOI: 10.17512/jamcm.2016.1.04 e-issn 2353-0588 SELECTED APPLICATION OF THE CHINESE REMAINDER
More informationPrivate Projections & Variants
Private Projections & Variants Xavier Carpent University of California, Irvine xcarpent@uci.edu Sky Faber University of California, Irvine fabers@uci.edu Gene Tsudik University of California, Irvine gts@ics.uci.edu
More informationMulti-Party Computation of
Multi-Party Computation of Polynomials & Branching Programs without Simultaneous Interaction Hoeteck Wee (ENS) + Dov Gordon (ACS) Tal Malkin (Columbia) Mike Rosulek (OSU) multi-party computation x x 2
More informationPrivacy Preserving Multiset Union with ElGamal Encryption
Privacy Preserving Multiset Union with ElGamal Encryption Jeongdae Hong 1, Jung Woo Kim 1, and Jihye Kim 2 and Kunsoo Park 1, and Jung Hee Cheon 3 1 School of Computer Science and Engineering, Seoul National
More informationNotes on Zero Knowledge
U.C. Berkeley CS172: Automata, Computability and Complexity Handout 9 Professor Luca Trevisan 4/21/2015 Notes on Zero Knowledge These notes on zero knowledge protocols for quadratic residuosity are based
More informationOn Homomorphic Encryption and Secure Computation
On Homomorphic Encryption and Secure Computation challenge response Shai Halevi IBM NYU Columbia Theory Day, May 7, 2010 Computing on Encrypted Data Wouldn t it be nice to be able to o Encrypt my data
More informationADVERTISING AGGREGATIONARCHITECTURE
SOMAR LAPS PRIVACY-PRESERVING LATTICE-BASED PRIVATE-STREAM SOCIAL MEDIA ADVERTISING AGGREGATIONARCHITECTURE OR: HOW NOT TO LEAVE YOUR PERSONAL DATA AROUND REVISITING PRIVATE-STREAM AGGREGATION: LATTICE-BASED
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 10
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 10 Lecture date: 14 and 16 of March, 2005 Scribe: Ruzan Shahinian, Tim Hu 1 Oblivious Transfer 1.1 Rabin Oblivious Transfer
More informationLecture 04: Secret Sharing Schemes (2) Secret Sharing
Lecture 04: Schemes (2) Recall: Goal We want to Share a secret s Z p to n parties, such that {1,..., n} Z p, Any two parties can reconstruct the secret s, and No party alone can predict the secret s Recall:
More information1 Basic Number Theory
ECS 228 (Franklin), Winter 2013, Crypto Review 1 Basic Number Theory This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationFully Homomorphic Encryption from LWE
Fully Homomorphic Encryption from LWE Based on joint works with: Zvika Brakerski (Stanford) Vinod Vaikuntanathan (University of Toronto) Craig Gentry (IBM) Post-Quantum Webinar, November 2011 Outsourcing
More informationThesis Proposal: Privacy Preserving Distributed Information Sharing
Thesis Proposal: Privacy Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu July 5, 2005 1 1 Introduction In many important applications, a collection of mutually distrustful parties
More informationAn Efficient Protocol for Fair Secure Two-Party Computation
Appears in Cryptographers Track-RSA Conference (CT-RSA 2008), Lecture Notes in Computer Science 4964 (2008) 88 105. Springer-Verlag. An Efficient Protocol for Fair Secure Two-Party Computation Mehmet S.
More informationLecture 1. 1 Introduction. 2 Secret Sharing Schemes (SSS) G Exposure-Resilient Cryptography 17 January 2007
G22.3033-013 Exposure-Resilient Cryptography 17 January 2007 Lecturer: Yevgeniy Dodis Lecture 1 Scribe: Marisa Debowsky 1 Introduction The issue at hand in this course is key exposure: there s a secret
More informationData-Mining on GBytes of
Data-Mining on GBytes of Encrypted Data In collaboration with Dan Boneh (Stanford); Udi Weinsberg, Stratis Ioannidis, Marc Joye, Nina Taft (Technicolor). Outline Motivation Background on cryptographic
More informationDistribution Design. Ariel Gabizon. Amos Beimel. Eyal Kushilevitz.
Distribution Design ABSTRACT Amos Beimel Dept. of Computer Science Ben Gurion University amos.beimel@gmail.com Yuval Ishai Dept. of Computer Science Technion and UCLA yuvali@cs.technion.ac.il Motivated
More informationUniversal Blind Quantum Computing
Universal Blind Quantum Computing Elham Kashefi Laboratoire d Informatique de Grenoble Joint work with Anne Broadbent Montreal Joe Fitzsimons Oxford Classical Blind Computing Fundamentally asymmetric unlike
More informationLecture 9 and 10: Malicious Security - GMW Compiler and Cut and Choose, OT Extension
CS 294 Secure Computation February 16 and 18, 2016 Lecture 9 and 10: Malicious Security - GMW Compiler and Cut and Choose, OT Extension Instructor: Sanjam Garg Scribe: Alex Irpan 1 Overview Garbled circuits
More informationHow to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions
Presentation Article presentation, for the ENS Lattice Based Crypto Workgroup http://www.di.ens.fr/~pnguyen/lbc.html, 30 September 2009 How to Use Short Basis : Trapdoors for http://www.cc.gatech.edu/~cpeikert/pubs/trap_lattice.pdf
More informationHow to Shuffle in Public
How to Shuffle in Public Ben Adida Harvard (work done at MIT) Douglas Wikström ETH Zürich TCC 27 February 24th, 27 How to Shuffle in Public Ben Adida Harvard (work done at MIT) Douglas Wikström ETH Zürich
More informationFast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries
Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries Yehuda Lindell Dept. of Computer Science Bar-Ilan University, Israel lindell@biu.ac.il February 8, 2015 Abstract In the setting
More informationOblivious Transfer and Secure Multi-Party Computation With Malicious Parties
CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties Vitaly Shmatikov slide 1 Reminder: Oblivious Transfer b 0, b 1 i = 0 or 1 A b i B A inputs two bits, B inputs the index
More informationCSA E0 312: Secure Computation September 09, [Lecture 9-10]
CSA E0 312: Secure Computation September 09, 2015 Instructor: Arpita Patra [Lecture 9-10] Submitted by: Pratik Sarkar 1 Summary In this lecture we will introduce the concept of Public Key Samplability
More informationPRIVACY PRESERVING DISTANCE COMPUTATION USING SOMEWHAT-TRUSTED THIRD PARTIES. Abelino Jimenez and Bhiksha Raj
PRIVACY PRESERVING DISTANCE COPUTATION USING SOEWHAT-TRUSTED THIRD PARTIES Abelino Jimenez and Bhisha Raj Carnegie ellon University, Pittsburgh, PA, USA {abjimenez,bhisha}@cmu.edu ABSTRACT A critically
More informationPrivacy-Preserving Ridge Regression over Distributed Data from LHE
Privacy-Preserving Ridge Regression over Distributed Data from LHE Irene Giacomelli 1, Somesh Jha 1, Marc Joye, C. David Page 1, and Kyonghwan Yoon 1 1 University of Wisconsin-Madison, Madison, WI, USA
More informationYuval Ishai Technion
Winter School on, Israel 30/1/2011-1/2/2011 Yuval Ishai Technion 1 Several potential advantages Unconditional security Guaranteed output and fairness Universally composable security This talk: efficiency
More informationOblivious Evaluation of Multivariate Polynomials. and Applications
The Open University of Israel Department of Mathematics and Computer Science Oblivious Evaluation of Multivariate Polynomials and Applications Thesis submitted as partial fulfillment of the requirements
More informationBroadcast and Verifiable Secret Sharing: New Security Models and Round-Optimal Constructions
Broadcast and Verifiable Secret Sharing: New Security Models and Round-Optimal Constructions Dissertation submitted to the Faculty of the Graduate School of the University of Maryland, College Park in
More informationBounded-Communication Leakage Resilience via Parity-Resilient Circuits
Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal Yuval Ishai Hemanta K. Maji Amit Sahai Alexander A. Sherstov September 6, 2016 Abstract We consider the problem of distributing
More informationNo#ons of Privacy: ID- Hiding, Untrace- ability, Anonymity & Deniability
No#ons of Privacy: ID- Hiding, Untrace- ability, Anonymity & Deniability Paris, 19/03/2014 CIDRE Cristina Onete Meet the girl Need authentication Marie-Claire Cris%na Onete 19/03/2014 2 Secure Authentication
More informationBounded Key-Dependent Message Security
Bounded Key-Dependent Message Security Boaz Barak Iftach Haitner Dennis Hofheinz Yuval Ishai October 21, 2009 Abstract We construct the first public-key encryption scheme that is proven secure (in the
More information5PM: Secure Pattern Matching
5PM: Secure Pattern Matching Joshua Baron, 2 Karim El Defrawy, 2 Kirill Minkovich, 2 Rafail Ostrovsky, 1 and Eric Tressler 2 1 Departments of Mathematics and Computer Science, UCLA, Los Angeles, CA, USA
More informationLossy Trapdoor Functions and Their Applications
1 / 15 Lossy Trapdoor Functions and Their Applications Chris Peikert Brent Waters SRI International On Losing Information 2 / 15 On Losing Information 2 / 15 On Losing Information 2 / 15 On Losing Information
More informationCryptographic Multilinear Maps. Craig Gentry and Shai Halevi
Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,
More informationIncreased efficiency and functionality through lattice-based cryptography
Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, INRIA, PSL Research University RESEARCH UNIVERSITY PARIS ECRYPT-NET Cloud Summer School Leuven, Belgium
More informationMASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer Tore Frederiksen Emmanuela Orsini Marcel Keller Peter Scholl Aarhus University University of Bristol 31 May 2016 Secure Multiparty
More informationSingle Database Private Information Retrieval with Logarithmic Communication
Single Database Private Information Retrieval with Logarithmic Communication Yan-Cheng Chang Harvard University ycchang@eecs.harvard.edu February 10, 2004 Abstract In this paper, we study the problem of
More informationNon-Interactive Secure Multiparty Computation
Non-Interactive Secure Multiparty Computation Amos Beimel 1, Ariel Gabizon 2, Yuval Ishai 2, Eyal Kushilevitz 2, Sigurd Meldgaard 3, and Anat Paskin-Cherniavsky 4 1 Dept. of Computer Science, Ben Gurion
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationMalicious Security. 6.1 Cut-and-Choose. Figure 6.1: Summary of malicious MPC protocols discussed in this chapter.
6 Malicious Security So far, we have focused on semi-honest protocols which provide privacy and security only against passive adversaries who follow the protocol as specified. The semi-honest threat model
More informationOn Achieving the Best of Both Worlds in Secure Multiparty Computation
On Achieving the Best of Both Worlds in Secure Multiparty Computation Yuval Ishai Jonathan Katz Eyal Kushilevitz Yehuda Lindell Erez Petrank Abstract Two settings are traditionally considered for secure
More informationHomomorphic Secret Sharing for Low Degree Polynomials
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta, and Dominique Schröder Friedrich-Alexander-Universität Erlangen-Nürnberg Abstract. Homomorphic secret sharing
More informationFounding Cryptography on Smooth Projective Hashing
Founding Cryptography on Smooth Projective Hashing Bing Zeng a a School of Software Engineering, South China University of Technology, Guangzhou, 510006, China Abstract Oblivious transfer (OT) is a fundamental
More informationFair Private Set Intersection with a Semi-trusted Arbiter
Fair Private Set Intersection with a Semi-trusted Arbiter Changyu Dong 1, Liqun Chen 2, Jan Camenisch 3, and Giovanni Russello 4 1 Department of Computer and Information Sciences,University of Strathclyde,
More informationc Copyright 2016 Caleb Horst
c Copyright 2016 Caleb Horst Communication and Round Balanced Oblivious FSM Evaluation Caleb Horst A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science University
More informationCRYPTANALYSIS OF COMPACT-LWE
SESSION ID: CRYP-T10 CRYPTANALYSIS OF COMPACT-LWE Jonathan Bootle, Mehdi Tibouchi, Keita Xagawa Background Information Lattice-based cryptographic assumption Based on the learning-with-errors (LWE) assumption
More informationEdinburgh Research Explorer
Edinburgh Research Explorer Garbled Quantum Computation Citation for published version: Kashefi, E & Wallden, P 2017, 'Garbled Quantum Computation' Cryptography, vol. 1, no. 1, 6, pp. 1-30. DOI: 10.3390/cryptography1010006
More informationCRYPTOGRAPHIC PROTOCOLS 2016, LECTURE 16
CRYPTOGRAPHIC PROTOCOLS 2016, LECTURE 16 Groth-Sahai proofs helger lipmaa, university of tartu UP TO NOW Introduction to the field Secure computation protocols Interactive zero knowledge from Σ-protocols
More informationEncryption Switching Protocols Revisited: Switching modulo p
Encryption Switching Protocols Revisited: Switching modulo p Guilhem Castagnos 1, Laurent Imbert 2 and Fabien Laguillaumie 2,3 1 IMB UMR 5251, Université de Bordeaux, LFANT/INRIA 2 CNRS, Université Montpellier/CNRS
More informationEncryption Switching Protocols
This is the full version of the extended abstract which appears in In Advances in Cryptology Proceedings of CRYPTO 16 Part I Springer-Verlag, LNCS 9814, pages 308 338 . Encryption
More informationPattern Matching Encryption, Strategic Equivalence of Range Voting and Approval Voting, and Statistical Robustness of Voting Rules.
Pattern Matching Encryption, Strategic Equivalence of Range Voting and Approval Voting, and Statistical Robustness of Voting Rules by Emily Shen Submitted to the Department of Electrical Engineering and
More informationQUANTUM HOMOMORPHIC ENCRYPTION FOR POLYNOMIAL-SIZED CIRCUITS
QUANTUM HOMOMORPHIC ENCRYPTION FOR POLYNOMIAL-SIZED CIRCUITS Florian Speelman (joint work with Yfke Dulek and Christian Schaffner) http://arxiv.org/abs/1603.09717 QIP 2017, Seattle, Washington, Monday
More informationLesson 8 : Key-Policy Attribute-Based Encryption and Public Key Encryption with Keyword Search
Lesson 8 : Key-Policy Attribute-Based Encryption and Public Key Encryption with Keyword Search November 3, 2014 teacher : Benoît Libert scribe : Florent Bréhard Key-Policy Attribute-Based Encryption (KP-ABE)
More information