Optimizing MPC for robust and scalable integer and floating-point arithmetic
|
|
- Meryl Richards
- 6 years ago
- Views:
Transcription
1 Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter Laud * Jaak Randmets * * Cybernetica AS University of Tartu, Institute of Computer Science January 30, 2016
2 Introduction Secure multiparty computation (SMC) Examples: Yao, Income study Most applications have been run on small data volumes. Only one deployment processing tens of millions of education and income records. Performance is a major hurdle. In this talk will show that SMC can be scalable and robust. 1/15
3 Overview of the talk Background Improvements in floating-point protocols Generic optimization techniques Performance results 2/15
4 Secret sharing We mostly use additive 3-party secret-sharing: v = (v 1 + v 2 + v 3 ) mod N. Private values are denoted with v. Integer addition w = u + v is local: w i = u i + v i mod N. We build integer and floating-point arithmetic on top of this representation. 3/15
5 Representing floating-point numbers x = ( 1) s f 2 e Sign bit s is 0 for positive and 1 for negative numbers. Significand f [0.5, 1) is represented as a fixed-point number with 0 bits before radix point. e is the exponent (with range identical to that of the IEEE float). 4/15
6 Primitive protocols Extend( u, n) casts u Z 2 m to equal value in Z 2 n+m. Cut( u, n) drops n least-significant bits of u Z 2 m. can be used to implement division by power-of-two MultArr( u, { v i } k i=1) multiplies point-wise. more efficient than multiplying u with every v i 5/15
7 Polynomial evaluation Floating-point functions we approximate with polynomials: sqrt, sin, exp, ln, erf. Polynomial evaluation requires additions. Floating-point additions are expensive due to private shifts. Fixed-point polynomials can be computed much faster. We have improved fixed-point polynomial evaluation. Efficiency improvements for polynomial of degree 16 on a 64-bit fixed-point number: old: 89 rounds, 27 KB of communication. new: 57 rounds, 7.5 KB of communication. 6/15
8 Improvements in precision Relative errors of inverse and square root Old New inv inv sqrt sqrt /15
9 Hacks for faster polynomial evaluation 8/15 Restrict domain and range to [0, 1). (Coefficients can still be of any size.) If we know the argument is in range [2 n k, 2 n (k + 1)), then instead of interpolating f(x) in range [2 n k, 2 n (k + 1)) we interpolate f(2 n (x + k)) in range [0, 1). Smaller coefficients and better precision. We add a small linear term to the function we interpolate. Gets rid of denormalized results and overflows. Instead of using ordinary fixed-point multiplications (extend, multiply, cut), we extend the argument sufficiently in the beginning and later only perform multiplications and cuts. In the end, instead of cutting the excess bits and adding the terms, we add the terms and then cut.
10 Powers of a fixed-point number Data: x (0 bits before, n bits after radix point) Result: { x i } k i=1 (n + n bits before, n bits after radix point) 1 if k = 0 then 2 return {} 3 else 4 l log 2 k 5 x 1 Extend( x, n + (l + 1)n) 6 for i 0 to l 1 do 7 { x j } 2i+1 j=2 i +1 MultArr( x 2i, { x j } 2i j=1) 8 for j 1 to 2 i+1 do in parallel 9 x j Cut( x j, n) 10 return { x i } k i=1 9/15
11 Fixed-point polynomial evaluation Data: x (0 bits before, n bits after radix point), { c i } k i=0 (n + n bits before, n bits after radix point, highest n bits empty) Result: Sum({ c i x i } k i=0) (0 bits before, n bits after radix point) 1 { x i } k i=1 PowArr( x, k, n, n ) 2 z 0 Share( c 0 ) 3 for i 1 to k do in parallel 4 z i c i x i 5 for i 0 to k do in parallel 6 z i Trunc( z i, n ) 7 return Cut(Sum({ z i }k i=0), n) 10/15
12 New floating-point protocols: sine Sine Reduce to range ( 2π, 2π). sin ( x) = sin x, sin (x + π) = sin x, sin (π/2 x) = sin (π/2 + x). Polynomial approximation. Near zero we use sin x x for better precision. 11/15
13 New floating-point protocols: logarithm Logarithm log 2 (2 e f) = e + log 2 f. e + log 2 f = (e 2) + 2(log 4 f + 1). f [0.5, 1) log 4 f + 1 [0.5, 1). Polynomial approximation. (For double precision, two different polynomials.) The end result is computed through floating-point addition. Near 1 we use second degree Taylor polynomial. Conversion ln x = ln 2 log 2 x. 12/15
14 Generic optimization techniques
15 Resharing protocol Algorithm 1: Resharing protocol. Data: Shared values u R Result: Shared value w R such that u = w. 1 All parties P i perform the following: 2 r R 3 Send r to P p(i) 4 Receive r from P n(i) 5 w i u i + (r r ) 6 return w resharing is used to ensure messages are independent of inputs and outputs All protocols and sub-protocols reshare their inputs. 14/15
16 Shared random number generators A common pattern: generate a random number and send it to some other party. We can instead use a common random number generator. We automatically perform this optimization (mostly). Performance improvements: reduced network communication by 30% to 60% improved runtime performance by up to 60% Automatic optimization. 15/15
17 Multiplication protocol Algorithm 2: Multiplication protocol. Data: Shared values u, v R Result: Shared value w R such that u v = w. 1 u Reshare( u ) 2 v Reshare( v ) 3 All parties P i perform the following: 4 Send u i and v i to P n(i) 5 Receive u p(i) and v p(i) from P p(i) 6 w i u i v i + u p(i) v i + u i v p(i) 7 w Reshare( w ) 8 return w 16/15
18 Multiplication protocol /15
19 Multiplication protocol /15
20 Communication symmetric multiplication Algorithm 3: Symmetric multiplication protocol. Data: Shared values u, v R Result: Shared value w R such that u v = w. 1 u Reshare( u ) 2 v Reshare( v ) 3 All parties P i perform the following: 4 Send u i to P n(i) and v i to P p(i) 5 Receive u p(i) from P p(i) and v n(i) from P n(i) 6 w i u i v i + u p(i) v i + u p(i) v n(i) 7 w Reshare( w ) 8 return w 18/15
21 Balanced communication /15
22 Conclusions Performance evaluation on up to 10 9 element vectors and up to 1000 repeats. Demonstrates scalability and robustness. Memory limitations at Results Can perform 22 million 32-bit integer multiplication per second. Previous published best was 8 million. Late generation Intel i486 (1992). Up to 230 kflops Intel (1987). 20/15
23
Alternative Implementations of Secure Real Numbers
Alternative Implementations of Secure Real Numbers Vassil Dimitrov Liisi Kerik Toomas Krips Jaak Randmets Jan Willemson August 11, 2016 Abstract This paper extends the choice available for secure real
More informationChapter 4 Number Representations
Chapter 4 Number Representations SKEE2263 Digital Systems Mun im/ismahani/izam {munim@utm.my,e-izam@utm.my,ismahani@fke.utm.my} February 9, 2016 Table of Contents 1 Fundamentals 2 Signed Numbers 3 Fixed-Point
More informationFrom Secure MPC to Efficient Zero-Knowledge
From Secure MPC to Efficient Zero-Knowledge David Wu March, 2017 The Complexity Class NP NP the class of problems that are efficiently verifiable a language L is in NP if there exists a polynomial-time
More informationLecture 14. Outline. 1. Finish Polynomials and Secrets. 2. Finite Fields: Abstract Algebra 3. Erasure Coding
Lecture 14. Outline. 1. Finish Polynomials and Secrets. 2. Finite Fields: Abstract Algebra 3. Erasure Coding Modular Arithmetic Fact and Secrets Modular Arithmetic Fact: There is exactly 1 polynomial of
More informationIntroduction CSE 541
Introduction CSE 541 1 Numerical methods Solving scientific/engineering problems using computers. Root finding, Chapter 3 Polynomial Interpolation, Chapter 4 Differentiation, Chapter 4 Integration, Chapters
More informationBinary Floating-Point Numbers
Binary Floating-Point Numbers S exponent E significand M F=(-1) s M β E Significand M pure fraction [0, 1-ulp] or [1, 2) for β=2 Normalized form significand has no leading zeros maximum # of significant
More informationElements of Floating-point Arithmetic
Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software McMaster University July, 2012 Outline 1 Floating-point Numbers Representations IEEE Floating-point Standards Underflow
More informationFloating Point Number Systems. Simon Fraser University Surrey Campus MACM 316 Spring 2005 Instructor: Ha Le
Floating Point Number Systems Simon Fraser University Surrey Campus MACM 316 Spring 2005 Instructor: Ha Le 1 Overview Real number system Examples Absolute and relative errors Floating point numbers Roundoff
More informationComputing Machine-Efficient Polynomial Approximations
Computing Machine-Efficient Polynomial Approximations N. Brisebarre, S. Chevillard, G. Hanrot, J.-M. Muller, D. Stehlé, A. Tisserand and S. Torres Arénaire, LIP, É.N.S. Lyon Journées du GDR et du réseau
More informationNotes for Chapter 1 of. Scientific Computing with Case Studies
Notes for Chapter 1 of Scientific Computing with Case Studies Dianne P. O Leary SIAM Press, 2008 Mathematical modeling Computer arithmetic Errors 1999-2008 Dianne P. O'Leary 1 Arithmetic and Error What
More informationArithmetic and Error. How does error arise? How does error arise? Notes for Part 1 of CMSC 460
Notes for Part 1 of CMSC 460 Dianne P. O Leary Preliminaries: Mathematical modeling Computer arithmetic Errors 1999-2006 Dianne P. O'Leary 1 Arithmetic and Error What we need to know about error: -- how
More informationElements of Floating-point Arithmetic
Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software McMaster University July, 2012 Outline 1 Floating-point Numbers Representations IEEE Floating-point Standards Underflow
More informationYou separate binary numbers into columns in a similar fashion. 2 5 = 32
RSA Encryption 2 At the end of Part I of this article, we stated that RSA encryption works because it s impractical to factor n, which determines P 1 and P 2, which determines our private key, d, which
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationChapter 1 Mathematical Preliminaries and Error Analysis
Chapter 1 Mathematical Preliminaries and Error Analysis Per-Olof Persson persson@berkeley.edu Department of Mathematics University of California, Berkeley Math 128A Numerical Analysis Limits and Continuity
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationMultiparty Computation (MPC) Arpita Patra
Multiparty Computation (MPC) Arpita Patra MPC offers more than Traditional Crypto! > MPC goes BEYOND traditional Crypto > Models the distributed computing applications that simultaneously demands usability
More informationContinuing discussion of CRC s, especially looking at two-bit errors
Continuing discussion of CRC s, especially looking at two-bit errors The definition of primitive binary polynomials Brute force checking for primitivity A theorem giving a better test for primitivity Fast
More informationChapter 10 Elliptic Curves in Cryptography
Chapter 10 Elliptic Curves in Cryptography February 15, 2010 10 Elliptic Curves (ECs) can be used as an alternative to modular arithmetic in all applications based on the Discrete Logarithm (DL) problem.
More information8/13/16. Data analysis and modeling: the tools of the trade. Ø Set of numbers. Ø Binary representation of numbers. Ø Floating points.
Data analysis and modeling: the tools of the trade Patrice Koehl Department of Biological Sciences National University of Singapore http://www.cs.ucdavis.edu/~koehl/teaching/bl5229 koehl@cs.ucdavis.edu
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationLecture 2: Number Representations (2)
Lecture 2: Number Representations (2) ECE 645 Computer Arithmetic 1/29/08 ECE 645 Computer Arithmetic Lecture Roadmap Number systems (cont'd) Floating point number system representations Residue number
More informationArithmétique et Cryptographie Asymétrique
Arithmétique et Cryptographie Asymétrique Laurent Imbert CNRS, LIRMM, Université Montpellier 2 Journée d inauguration groupe Sécurité 23 mars 2010 This talk is about public-key cryptography Why did mathematicians
More informationComputational Number Theory. Adam O Neill Based on
Computational Number Theory Adam O Neill Based on http://cseweb.ucsd.edu/~mihir/cse207/ Secret Key Exchange - * Is Alice Ka Public Network Ka = KB O KB 0^1 Eve should have a hard time getting information
More informationLecture 6: Introducing Complexity
COMP26120: Algorithms and Imperative Programming Lecture 6: Introducing Complexity Ian Pratt-Hartmann Room KB2.38: email: ipratt@cs.man.ac.uk 2015 16 You need this book: Make sure you use the up-to-date
More informationThe tangent FFT. D. J. Bernstein University of Illinois at Chicago
The tangent FFT D. J. Bernstein University of Illinois at Chicago Advertisement SPEED: Software Performance Enhancement for Encryption and Decryption A workshop on software speeds for secret-key cryptography
More informationWhat s the best data structure for multivariate polynomials in a world of 64 bit multicore computers?
What s the best data structure for multivariate polynomials in a world of 64 bit multicore computers? Michael Monagan Center for Experimental and Constructive Mathematics Simon Fraser University British
More informationHow do computers represent numbers?
How do computers represent numbers? Tips & Tricks Week 1 Topics in Scientific Computing QMUL Semester A 2017/18 1/10 What does digital mean? The term DIGITAL refers to any device that operates on discrete
More informationEvidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs
Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice
More informationIntroduction to Scientific Computing Languages
1 / 21 Introduction to Scientific Computing Languages Prof. Paolo Bientinesi pauldj@aices.rwth-aachen.de Numerical Representation 2 / 21 Numbers 123 = (first 40 digits) 29 4.241379310344827586206896551724137931034...
More informationPoint-Counting Method for Embarrassingly Parallel Evaluation in Secure Computation
Point-Counting Method for Embarrassingly Parallel Evaluation in Secure Computation Toomas Krips 2,3, Jan Willemson 1,3 1 Cybernetica, Ülikooli 2, Tartu, Estonia 2 Institute of Computer Science, University
More informationA Brief Introduction to Numerical Methods for Differential Equations
A Brief Introduction to Numerical Methods for Differential Equations January 10, 2011 This tutorial introduces some basic numerical computation techniques that are useful for the simulation and analysis
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More information1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation
1 The Fundamental Theorem of Arithmetic A positive integer N has a unique prime power decomposition 2 Primality Testing Integer Factorisation (Gauss 1801, but probably known to Euclid) The Computational
More informationMental Mathematics. basic calculations without instruments. Dominik Kern. 8th June Chemnitz Linux User Group
Mental Mathematics basic calculations without instruments Dominik Kern Chemnitz Linux User Group 8th June 2018 Introduction Basic Idea Either you are a natural born lightning calculator (Leibniz, Euler)
More informationbasics of security/cryptography
RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)
More informationSecure Computation. Unconditionally Secure Multi- Party Computation
Secure Computation Unconditionally Secure Multi- Party Computation Benny Pinkas page 1 Overview Completeness theorems for non-cryptographic faulttolerant distributed computation M. Ben-Or, S. Goldwasser,
More informationSELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION
Journal of Applied Mathematics and Computational Mechanics 2016, 15(1), 39-47 www.amcm.pcz.pl p-issn 2299-9965 DOI: 10.17512/jamcm.2016.1.04 e-issn 2353-0588 SELECTED APPLICATION OF THE CHINESE REMAINDER
More information9. Datapath Design. Jacob Abraham. Department of Electrical and Computer Engineering The University of Texas at Austin VLSI Design Fall 2017
9. Datapath Design Jacob Abraham Department of Electrical and Computer Engineering The University of Texas at Austin VLSI Design Fall 2017 October 2, 2017 ECE Department, University of Texas at Austin
More informationAsymmetric Pairings. Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp)
Asymmetric Pairings Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp) 1 Overview In their 2006 paper "Pairings for cryptographers", Galbraith, Paterson and Smart identified three
More informationIntroduction to Modern Cryptography Lecture 11
Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00
More informationEfficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply
CIS 2018 Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply Claudio Orlandi, Aarhus University Circuit Evaluation 3) Multiplication? How to compute [z]=[xy]? Alice, Bob
More informationMultiparty Computation, an Introduction
Multiparty Computation, an Introduction Ronald Cramer and Ivan Damgård Lecture Notes, 2004 1 introduction These lecture notes introduce the notion of secure multiparty computation. We introduce some concepts
More informationMATH ASSIGNMENT 03 SOLUTIONS
MATH444.0 ASSIGNMENT 03 SOLUTIONS 4.3 Newton s method can be used to compute reciprocals, without division. To compute /R, let fx) = x R so that fx) = 0 when x = /R. Write down the Newton iteration for
More informationLecture 14: Secure Multiparty Computation
600.641 Special Topics in Theoretical Cryptography 3/20/2007 Lecture 14: Secure Multiparty Computation Instructor: Susan Hohenberger Scribe: Adam McKibben 1 Overview Suppose a group of people want to determine
More informationLecture 3,4: Multiparty Computation
CS 276 Cryptography January 26/28, 2016 Lecture 3,4: Multiparty Computation Instructor: Sanjam Garg Scribe: Joseph Hui 1 Constant-Round Multiparty Computation Last time we considered the GMW protocol,
More informationFactoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.
Factoring Algorithms Pollard s p 1 Method This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors. Input: n (to factor) and a limit B Output: a proper factor of
More informationIntroduction to Cryptography Lecture 13
Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple
More informationRadix polynomial representation
1 Radix polynomial representation 1.1 Introduction From the earliest cultures humans have used methods of recording numbers (integers), by notches in wooden sticks or collecting pebbles in piles or rows.
More informationCSCE 564, Fall 2001 Notes 6 Page 1 13 Random Numbers The great metaphysical truth in the generation of random numbers is this: If you want a function
CSCE 564, Fall 2001 Notes 6 Page 1 13 Random Numbers The great metaphysical truth in the generation of random numbers is this: If you want a function that is reasonably random in behavior, then take any
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationMulti-Party Computation with Conversion of Secret Sharing
Multi-Party Computation with Conversion of Secret Sharing Josef Pieprzyk joint work with Hossein Ghodosi and Ron Steinfeld NTU, Singapore, September 2011 1/ 33 Road Map Introduction Background Our Contribution
More informationSolutions - Homework 1 (Due date: September 25 th ) Presentation and clarity are very important! Show your procedure!
c 10 =0 c 9 =0 c 8 =0 c 7 =0 c 6 =0 c 5 =0 c 10 =1 c 9 =1 c 8 =1 c 7 =0 c 6 =1 c 5 =1 c 4 =1 c 8 =1 c 7 =1 c 6 =0 c 5 =0 c 8 =0 c 7 =0 c 6 =0 c 5 =0 c 8 =1 c 7 =1 c 6 =1 c 5 =0 c 4 =1 b 7 =0 b 6 =0 b 5
More informationBenny Pinkas. Winter School on Secure Computation and Efficiency Bar-Ilan University, Israel 30/1/2011-1/2/2011
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar-Ilan University 1 What is N? Bar-Ilan University 2 Completeness theorems for non-cryptographic fault-tolerant
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationSecure Multiparty Computation from Graph Colouring
Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012 Ron Steinfeld Secure Multiparty Computation from Graph Colouring July 2012 1/34 Acknowledgements Based on joint
More informationYuval Ishai Technion
Winter School on, Israel 30/1/2011-1/2/2011 Yuval Ishai Technion 1 Several potential advantages Unconditional security Guaranteed output and fairness Universally composable security This talk: efficiency
More informationComputation of the error functions erf and erfc in arbitrary precision with correct rounding
Computation of the error functions erf and erfc in arbitrary precision with correct rounding Sylvain Chevillard Arenaire, LIP, ENS-Lyon, France Sylvain.Chevillard@ens-lyon.fr Nathalie Revol INRIA, Arenaire,
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationRSA Cryptosystem and Factorization
RSA Cryptosystem and Factorization D. J. Guan Department of Computer Science National Sun Yat Sen University Kaoshiung, Taiwan 80424 R. O. C. guan@cse.nsysu.edu.tw August 25, 2003 RSA Cryptosystem was
More informationOptimizing Scientific Libraries for the Itanium
0 Optimizing Scientific Libraries for the Itanium John Harrison Intel Corporation Gelato Federation Meeting, HP Cupertino May 25, 2005 1 Quick summary Intel supplies drop-in replacement versions of common
More informationDetection of Cheaters in Non-interactive Polynomial Evaluation
Detection of Cheaters in Non-interactive Polynomial Evaluation Maki Yoshida 1 and Satoshi Obana 2 1 Osaka University, Japan 2 Hosei University, Japan Abstract. In this paper, we consider both theoretical
More information14 Diffie-Hellman Key Agreement
14 Diffie-Hellman Key Agreement 14.1 Cyclic Groups Definition 14.1 Example Let д Z n. Define д n = {д i % n i Z}, the set of all powers of д reduced mod n. Then д is called a generator of д n, and д n
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationz = log loglog
Name: Units do not have to be included. 2016 2017 Log1 Contest Round 2 Theta Logs and Exponents points each 1 Write in logarithmic form: 2 = 1 8 2 Evaluate: log 5 0 log 5 8 (log 2 log 6) Simplify the expression
More informationDistributed Oblivious RAM for Secure Two-Party Computation
Seminar in Distributed Computing Distributed Oblivious RAM for Secure Two-Party Computation Steve Lu & Rafail Ostrovsky Philipp Gamper Philipp Gamper 2017-04-25 1 Yao s millionaires problem Two millionaires
More informationGalois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.
Galois fields 1 Fields A field is an algebraic structure in which the operations of addition, subtraction, multiplication, and division (except by zero) can be performed, and satisfy the usual rules. More
More informationComposable Oblivious Extended Permutations
Composable Oblivious Extended Permutations Peeter Laud and Jan Willemson {peeter.laud jan.willemson}@cyber.ee Cybernetica AS Abstract. An extended permutation is a function f : {1,..., m} {1,..., n}, used
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationAlgorithms and Their Complexity
CSCE 222 Discrete Structures for Computing David Kebo Houngninou Algorithms and Their Complexity Chapter 3 Algorithm An algorithm is a finite sequence of steps that solves a problem. Computational complexity
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More informationIntroduction to Finite Di erence Methods
Introduction to Finite Di erence Methods ME 448/548 Notes Gerald Recktenwald Portland State University Department of Mechanical Engineering gerry@pdx.edu ME 448/548: Introduction to Finite Di erence Approximation
More informationTheoretical Cryptography, Lectures 18-20
Theoretical Cryptography, Lectures 18-20 Instructor: Manuel Blum Scribes: Ryan Williams and Yinmeng Zhang March 29, 2006 1 Content of the Lectures These lectures will cover how someone can prove in zero-knowledge
More informationFinite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek
Finite Fields In practice most finite field applications e.g. cryptography and error correcting codes utilizes a specific type of finite fields, namely the binary extension fields. The following exercises
More informationIntroduction to Scientific Computing Languages
1 / 19 Introduction to Scientific Computing Languages Prof. Paolo Bientinesi pauldj@aices.rwth-aachen.de Numerical Representation 2 / 19 Numbers 123 = (first 40 digits) 29 4.241379310344827586206896551724137931034...
More informationResidue Number Systems. Alternative number representations. TSTE 8 Digital Arithmetic Seminar 2. Residue Number Systems.
TSTE8 Digital Arithmetic Seminar Oscar Gustafsson The idea is to use the residues of the numbers and perform operations on the residues Also called modular arithmetic since the residues are computed using
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More information6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)
6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC) 6.0 Introduction Elliptic curve cryptography (ECC) is the application of elliptic curve in the field of cryptography.basically a form of PKC which applies over the
More informationLecture 8 Public-Key Encryption and Computational Number Theory
Lecture 8 Public-Key Encryption and Computational Number Theory COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Recall Symmetric-Key Crypto In this setting, if
More informationLecture 7. Floating point arithmetic and stability
Lecture 7 Floating point arithmetic and stability 2.5 Machine representation of numbers Scientific notation: 23 }{{} }{{} } 3.14159265 {{} }{{} 10 sign mantissa base exponent (significand) s m β e A floating
More informationMultiparty Computation from Somewhat Homomorphic Encryption. November 9, 2011
Multiparty Computation from Somewhat Homomorphic Encryption Ivan Damgård 1 Valerio Pastro 1 Nigel Smart 2 Sarah Zakarias 1 1 Aarhus University 2 Bristol University CTIC 交互计算 November 9, 2011 Damgård, Pastro,
More informationHistory & Binary Representation
History & Binary Representation C. R. da Cunha 1 1 Instituto de Física, Universidade Federal do Rio Grande do Sul, RS 91501-970, Brazil. August 30, 2017 Abstract In this lesson we will review the history
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationHandling Encryption in an Analysis for Secure Information Flow
Handling Encryption in an Analysis for Secure Information Flow Peeter Laud peeter l@ut.ee Tartu Ülikool Cybernetica AS ESOP 2003, 7.-11.04.2003 p.1/15 Overview Some words about the overall approach. Definition
More informationNUMBERS AND CODES CHAPTER Numbers
CHAPTER 2 NUMBERS AND CODES 2.1 Numbers When a number such as 101 is given, it is impossible to determine its numerical value. Some may say it is five. Others may say it is one hundred and one. Could it
More informationPOLY : A new polynomial data structure for Maple 17 that improves parallel speedup.
: A new polynomial data structure for Maple 17 that improves parallel speedup. Centre for Experimental and Constructive Mathematics Simon Fraser University. Maplesoft presentation, August 14th, 2012 This
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationOn various ways to split a floating-point number
On various ways to split a floating-point number Claude-Pierre Jeannerod Jean-Michel Muller Paul Zimmermann Inria, CNRS, ENS Lyon, Université de Lyon, Université de Lorraine France ARITH-25 June 2018 -2-
More informationEfficient Conversion of Secret-shared Values Between Different Fields
Efficient Conversion of Secret-shared Values Between Different Fields Ivan Damgård and Rune Thorbek BRICS, Dept. of Computer Science, University of Aarhus Abstract. We show how to effectively convert a
More informationLectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols
CS 294 Secure Computation January 19, 2016 Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols Instructor: Sanjam Garg Scribe: Pratyush Mishra 1 Introduction Secure multiparty computation
More information