Yehuda Lindell Bar-Ilan University

Similar documents
Cycles and Simple Cycles. Paths and Simple Paths. Trees. Problem: There is No Completely Standard Terminology!

Outline. 1 Introduction. 2 Min-Cost Spanning Trees. 4 Example

Outline. Binary Tree

1 Introduction to Modulo 7 Arithmetic

(2) If we multiplied a row of B by λ, then the value is also multiplied by λ(here lambda could be 0). namely

Outline. Computer Science 331. Computation of Min-Cost Spanning Trees. Costs of Spanning Trees in Weighted Graphs

Math 166 Week in Review 2 Sections 1.1b, 1.2, 1.3, & 1.4

QUESTIONS BEGIN HERE!

, each of which is a tree, and whose roots r 1. , respectively, are children of r. Data Structures & File Management

CS September 2018

Seven-Segment Display Driver

Present state Next state Q + M N

ECE COMBINATIONAL BUILDING BLOCKS - INVEST 13 DECODERS AND ENCODERS

MAT3707. Tutorial letter 201/1/2017 DISCRETE MATHEMATICS: COMBINATORICS. Semester 1. Department of Mathematical Sciences MAT3707/201/1/2017

Designing A Concrete Arch Bridge

Constructive Geometric Constraint Solving

QUESTIONS BEGIN HERE!

Multipoint Alternate Marking method for passive and hybrid performance monitoring

Why the Junction Tree Algorithm? The Junction Tree Algorithm. Clique Potential Representation. Overview. Chris Williams 1.

Chapter DEs with Discontinuous Force Functions

EE1000 Project 4 Digital Volt Meter

Using the Printable Sticker Function. Using the Edit Screen. Computer. Tablet. ScanNCutCanvas

Garnir Polynomial and their Properties

An undirected graph G = (V, E) V a set of vertices E a set of unordered edges (v,w) where v, w in V

Math 61 : Discrete Structures Final Exam Instructor: Ciprian Manolescu. You have 180 minutes.

Overview. Usages of Fault Simulators. Problem and Motivation. Alternatives and Their Limitations. VLSI Design Verification and Testing

Similarity Search. The Binary Branch Distance. Nikolaus Augsten.

b. How many ternary words of length 23 with eight 0 s, nine 1 s and six 2 s?

16.unified Introduction to Computers and Programming. SOLUTIONS to Examination 4/30/04 9:05am - 10:00am

Paths. Connectivity. Euler and Hamilton Paths. Planar graphs.

The University of Sydney MATH2969/2069. Graph Theory Tutorial 5 (Week 12) Solutions 2008

COMPLEXITY OF COUNTING PLANAR TILINGS BY TWO BARS

OpenMx Matrices and Operators

CSE 373: More on graphs; DFS and BFS. Michael Lee Wednesday, Feb 14, 2018

CSE303 - Introduction to the Theory of Computing Sample Solutions for Exercises on Finite Automata

12/3/12. Outline. Part 10. Graphs. Circuits. Euler paths/circuits. Euler s bridge problem (Bridges of Konigsberg Problem)

5/9/13. Part 10. Graphs. Outline. Circuits. Introduction Terminology Implementing Graphs

a b v a v b v c v = a d + bd +c d +ae r = p + a 0 s = r + b 0 4 ac + ad + bc + bd + e 5 = a + b = q 0 c + qc 0 + qc (a) s v (b)

12. Traffic engineering

Exam 1 Solution. CS 542 Advanced Data Structures and Algorithms 2/14/2013

Improving Union. Implementation. Union-by-size Code. Union-by-Size Find Analysis. Path Compression! Improving Find find(e)

Module graph.py. 1 Introduction. 2 Graph basics. 3 Module graph.py. 3.1 Objects. CS 231 Naomi Nishimura

V={A,B,C,D,E} E={ (A,D),(A,E),(B,D), (B,E),(C,D),(C,E)}

learning objectives learn what graphs are in mathematical terms learn how to represent graphs in computers learn about typical graph algorithms

The University of Sydney MATH 2009

A Simple Code Generator. Code generation Algorithm. Register and Address Descriptors. Example 3/31/2008. Code Generation

Graphs. Graphs. Graphs: Basic Terminology. Directed Graphs. Dr Papalaskari 1

S i m p l i f y i n g A l g e b r a SIMPLIFYING ALGEBRA.

Lecture 20: Minimum Spanning Trees (CLRS 23)

0.1. Exercise 1: the distances between four points in a graph

CSE 373. Graphs 1: Concepts, Depth/Breadth-First Search reading: Weiss Ch. 9. slides created by Marty Stepp

10/30/12. Today. CS/ENGRD 2110 Object- Oriented Programming and Data Structures Fall 2012 Doug James. DFS algorithm. Reachability Algorithms

V={A,B,C,D,E} E={ (A,D),(A,E),(B,D), (B,E),(C,D),(C,E)}

Algorithmic and NP-Completeness Aspects of a Total Lict Domination Number of a Graph

Graphs. CSC 1300 Discrete Structures Villanova University. Villanova CSC Dr Papalaskari

BASIC CAGE DETAILS SHOWN 3D MODEL: PSM ASY INNER WALL TABS ARE COINED OVER BASE AND COVER FOR RIGIDITY SPRING FINGERS CLOSED TOP

Integration Continued. Integration by Parts Solving Definite Integrals: Area Under a Curve Improper Integrals

Chem 104A, Fall 2016, Midterm 1 Key

Tangram Fractions Overview: Students will analyze standard and nonstandard

Solutions for HW11. Exercise 34. (a) Use the recurrence relation t(g) = t(g e) + t(g/e) to count the number of spanning trees of v 1

Walk Like a Mathematician Learning Task:

d e c b a d c b a d e c b a a c a d c c e b

Outline. Circuits. Euler paths/circuits 4/25/12. Part 10. Graphs. Euler s bridge problem (Bridges of Konigsberg Problem)

4.1 Interval Scheduling. Chapter 4. Greedy Algorithms. Interval Scheduling: Greedy Algorithms. Interval Scheduling. Interval scheduling.

A 4-state solution to the Firing Squad Synchronization Problem based on hybrid rule 60 and 102 cellular automata

5/1/2018. Huffman Coding Trees. Huffman Coding Trees. Huffman Coding Trees. Huffman Coding Trees. Huffman Coding Trees. Huffman Coding Trees

DUET WITH DIAMONDS COLOR SHIFTING BRACELET By Leslie Rogalski

Trees as operads. Lecture A formalism of trees

(Minimum) Spanning Trees

An Efficient FPGA Implementation of the Advanced Encryption Standard Algorithm G. Mohan 1 K. Rambabu 2

Spanning Trees. BFS, DFS spanning tree Minimum spanning tree. March 28, 2018 Cinda Heeren / Geoffrey Tien 1

Weighted Graphs. Weighted graphs may be either directed or undirected.

Floating Point Number System -(1.3)

FSA. CmSc 365 Theory of Computation. Finite State Automata and Regular Expressions (Chapter 2, Section 2.3) ALPHABET operations: U, concatenation, *

Floating Point Number System -(1.3)

CSE 373: AVL trees. Warmup: Warmup. Interlude: Exploring the balance invariant. AVL Trees: Invariants. AVL tree invariants review

Numbering Boundary Nodes

Construction 11: Book I, Proposition 42

Nefertiti. Echoes of. Regal components evoke visions of the past MULTIPLE STITCHES. designed by Helena Tang-Lim

Winter 2016 COMP-250: Introduction to Computer Science. Lecture 23, April 5, 2016

ME 522 PRINCIPLES OF ROBOTICS. FIRST MIDTERM EXAMINATION April 19, M. Kemal Özgören

CS 241 Analysis of Algorithms

Wave Equation on a Two Dimensional Rectangle

Organization. Dominators. Control-flow graphs 8/30/2010. Dominators, control-dependence. Dominator relation of CFGs

Binomials and Pascal s Triangle

CSE 421 Algorithms. Warmup. Dijkstra s Algorithm. Single Source Shortest Path Problem. Construct Shortest Path Tree from s

BASIC CAGE DETAILS D C SHOWN CLOSED TOP SPRING FINGERS INNER WALL TABS ARE COINED OVER BASE AND COVER FOR RIGIDITY

Physics 222 Midterm, Form: A

Shortest Paths. CSE 421 Algorithms. Bottleneck Shortest Path. Negative Cost Edge Preview. Compute the bottleneck shortest paths

Probability. b a b. a b 32.

Planar Upward Drawings

N=4 L=4. Our first non-linear data structure! A graph G consists of two sets G = {V, E} A set of V vertices, or nodes f

T h e C S E T I P r o j e c t

Register Allocation. Register Allocation. Principle Phases. Principle Phases. Example: Build. Spills 11/14/2012

Instructions for Section 1

More Foundations. Undirected Graphs. Degree. A Theorem. Graphs, Products, & Relations

Aquauno Video 6 Plus Page 1

Polygons POLYGONS.

WORKSHOP 6 BRIDGE TRUSS

Complete Solutions for MATH 3012 Quiz 2, October 25, 2011, WTT

Transcription:

Wintr Shool on Sur Computtion n iiny Br-Iln Unirsity, Isrl 3//2-/2/2 Br Iln Unirsity Dpt. o Computr Sin Yhu Linll Br-Iln Unirsity

Br Iln Unirsity Dpt. o Computr Sin Protool or nrl sur to-prty omputtion Constnt numr o rouns Sur or smi-honst rsris Mny pplitions o th mthooloy yon sur omputtion Gnrl sur omputtion Cn us to surly omput ny untionlity Bs on th Booln iruit or omputin th untion Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 2

Br Iln Unirsity Dpt. o Computr Sin Grl iruit An nrypt iruit tothr ith pir o ys (, ) or ry input ir so tht in on y on ry ir: It is possil to omput th output (s on th input trmin y th y proi on ry ir) It is not possil to lrn nythin ls Oliious trnsr Snr hs x,x ; rir hs Rir otins x only Snr lrns nothin Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 3

Br Iln Unirsity Dpt. o Computr Sin Yo s protool Prty P onstruts rl iruit P sns P 2 th ys ssoit ith its input on its on input irs P sns only th ys so P 2 osn t no ht th tul input is P n P 2 us oliious trnsr so tht or ry on o P 2 s input irs: P 2 otins th orrt y ssoit ith its input P lrns nothin out P 2 s input P 2 omputs th iruit n ris th output, n sns it to P Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 4

Br Iln Unirsity Dpt. o Computr Sin Trpoor prmuttion (I,D,F,F - ) I: smpls untion n trpoor t in th mily D(): uniormly smpls lu in th omin o F(,x): omputs (x) F - (t,y): omputs - (y) Hr to inrt rnom y, in (ut not t) nhn trpoor prmuttions Hr to inrt y, n in th rnom oins us to smpl y (usin D) Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 5

Hr-or prit B Gin y=(x), n uss B(x) ith proility only nliily rtr thn ½ quilntly, in y=(x), th it B(x) is psuornom Br Iln Unirsity Dpt. o Computr Sin Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 6

Snr s input: (z,z ); rir s input Snr s irst mss: Snr hooss (,t) usin smplin lorithm I Snr sns to rir Rir s irst mss: Rir hooss x n omputs y =(x ) Rir hooss rnom y - Rir sns (y,y ) to snr Snr s son mss: Snr omputs (x,x ) y inrtin Snr omputs i = z i B(x i ) Snr sns (, ) to rir Rir outputs z = x Br Iln Unirsity Dpt. o Computr Sin Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 7

Br Iln Unirsity Dpt. o Computr Sin S (z,z ) Choos (,t) x = - (y ) = z B(x ) y,y R () Choos x, omput y =(x ) Choos y - x = - (y ) = z B(x ), Output z = B(x ) Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 8

Br Iln Unirsity Dpt. o Computr Sin Simultor is in (z,z ); thr is no output SIM nrts (,t) SIM hooss rnom y,y usin D() SIM omputs, s in snr s instrutions Th trnsript is xtly li rl protool xution Choosin x usin D() n omputin y =(x ) is intil to hoosin y usin D() Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 9

Simultor is in (,z ) SIM nrts (,t) SIM hooss rnom x,y - usin D() SIM omputs y =(x ) SIM omputs = B(x ) z SIM hooss - t rnom Br Iln Unirsity Dpt. o Computr Sin Th trnsript is inistinuishl rom rl xution By th hr-or proprty o B n th nhnmnt proprty o TDP, B(x - ) is inistinuishl rom rnom Sur Computtion n iiny Br-Iln Unirsity, Isrl 2

Br Iln Unirsity Dpt. o Computr Sin For th ntir iruit, ssin rnom lus/ys to h ir (y or, y or ) nrypt h t, so tht in on y or h input ir, n omput th pproprit y on th output ir Sur Computtion n iiny Br-Iln Unirsity, Isrl 2

Br Iln Unirsity Dpt. o Computr Sin u u

Br Iln Unirsity Dpt. o Computr Sin u u u u u u u u

Br Iln Unirsity Dpt. o Computr Sin u u u u u u u u u ( ( ( ( ( u ( u ( u ( u u u u

Th tul rl t u ( ( u ( ( u u u ( ( ( ( Gin n n otin only Furthrmor, sin th tl is prmut, th prty hs no i i it otin th or y u u u Br Iln Unirsity Dpt. o Computr Sin

I th t is n output t, n to proi th ryption o th output ir Output trnsltion tl Br Iln Unirsity Dpt. o Computr Sin,,, u u u Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 6

Br Iln Unirsity Dpt. o Computr Sin Gin Booln iruit Assin rl lus to ll irs Construt rl ts usin th rl lus Cntrl proprty: Gin st o rl lus, on or h input ir, n omput th ntir iruit, n otin rl lus or th output irs Gin trnsltion tl or th output irs, n otin output But, nothin ut th output is lrn!

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( AND r Computtion n iiny Iln Unirsity, Isrl 2 x x 2 y y 2 8

Br Iln Unirsity Dpt. o Computr Sin Ho os th prty omputin th iruit no hih is th orrt ntry It hs on y on h ir, ut symmtri nryption my rypt orrtly n ith inorrt ys To possiilitis (tully mny ) Us nryption s on PRF ith runnt zros; only orrt ys i runnt lo A it to sinl hih iphrtxt to rypt Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 9

Br Iln Unirsity Dpt. o Computr Sin Option : nryption: K (m) = [r, F K (r) (m n )] By psuornomnss o F, proility o otinin n ith n inorrt K is nliil Option 2: For ry ir, hoos rnom sinl it tothr ith th ys u u u Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 u 2

Th tul rl t (,) (,) (,) (,) Ant u u u u ( ( ( ( u = Computin th iruit rquirs just to ryptions pr t (rthr thn n r o 5) ( ( ( ( u u u = Br Iln Unirsity Dpt. o Computr Sin = Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 2

Br Iln Unirsity Dpt. o Computr Sin N to ormlly pro tht in 4 nryptions o rl t n only 2 ys Nothin is lrn yon on output Atully, in orr to simult th protool, n somthin stronr Nottion: Doul nryption: Orl: (,, ) ( u,, m) ( u ( m Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 22

Br Iln Unirsity Dpt. o Computr Sin Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 23

Br Iln Unirsity Dpt. o Computr Sin Input: x n y o lnth n P nrts rl iruit G(C) L, L r th ys on ir L Lt,, n th input irs o P n n+,, 2n th input irs o P 2 P sns P 2 th strins x,, n xn P n P 2 run n OTs in prlll P inputs n+i, n+i P 2 inputs y i Gin ll ys, P 2 omputs G(C) n otins C(x,y) P 2 sns rsult to P Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 24

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( AND OT Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 25

Br Iln Unirsity Dpt. o Computr Sin Prty P s i onsists only o th msss it ris in th oliious trnsrs In th OT-hyri mol, P ris no msss in th oliious trnsrs Simultion: Gnrt n mpty trnsript Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 26

Br Iln Unirsity Dpt. o Computr Sin Mor iiult s N to onstrut rl iruit G(C ) tht loos inistinuishl to G(C) Simult i ontins ys to input irs n G(C ) G(C ) tothr ith th ys omputs to (x,y) Simultor osn t no x, so nnot nrt rl rl iruit Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 27

Br Iln Unirsity Dpt. o Computr Sin Simultor Gin y n z = (x,y), onstrut rl iruit G (C) tht lys outputs z Do this y hoosin ir ys s usul, ut nryptin th sm output y in ll iphrtxts ( ( u u ( ( ( ( u ( This nsurs tht no mttr th input, th sm non rl lus on th output irs r ri u ( Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 28

Simultor (ontinu) Simultion o output trnsltion tls Br Iln Unirsity Dpt. o Computr Sin Lt, th ys on th i th output ir; lt th y nrypt in th prin t I z i =, rit [(,),(, )] I z i =, rit [(, ),(,)] Simultion o input ys phs Input irs ssoit ith P s input: sn ny on o th to ys on th ir Input irs ssoit ith P 2 s input: simult output o OT to ny on o th to ys on th ir Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 29

Br Iln Unirsity Dpt. o Computr Sin N to pro tht th simultion is inistinuishl rom th rl First stp moiy simultor s ollos Gin x n y (just or th s o th proo), ll ll ys on th irs s ti or inti ti: y is otin on this ir upon inputs (x,y) inti: y is not otin on ir upon inputs (x,y) Th sinl y to nrypt in h t is th ti on This simultion is intil Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 3

Br Iln Unirsity Dpt. o Computr Sin Pron y hyri rumnt Consir rl iruit G L (C) or hih: Th irst L ts r nrt s in th (ltrnti) simultion Th rst o th ts r nrt honstly Clim: G L- (C) is inistinuishl rom G L (C) Proo: Dirn is in L th t Intuition: us inistinuishility o nryptions to sy tht nnot istinuish rl rl t rom on hr sm y is nrypt Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 3

Br Iln Unirsity Dpt. o Computr Sin Osrtion L th t Th nryption unr oth ti ys is intil in oth ss Th irn is ht th inti ys nrypt (only th nxt ti y, or lso th inti) Th tripl in th xprimnt r ll nryptions unr inti ys Th prolm Th inti ys in this t my ppr in othr ts s ll Us orls to nrt rst Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 32

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 33

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 34

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 35

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 36

,,,,,, Br Iln Unirsity Dpt. o Computr Sin ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( Not hn in nrypt y ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 37

RAL,,,,,, Br Iln Unirsity Dpt. o Computr Sin SIM ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( SIM ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 38

RAL,,,,,, Br Iln Unirsity Dpt. o Computr Sin RAL ( ( ( ( AND OR ( ( ( ( ( ( ( ( ( ( ( ( SIM ( ( ( ( ( ( ( ( AND Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 39

Br Iln Unirsity Dpt. o Computr Sin In th simult OR s, th inti y nrypts th y In th rl OR s, th inti y nrypts th y Inistinuishility ollos rom th inistinushility o nryptions unr th inti y Sur Computtion n iiny Br-Iln Unirsity, Isrl 2 4

Br Iln Unirsity Dpt. o Computr Sin ollos rom th inistinushility o nryptions unr th inti y h oo ns Ky is not nrypt nyhr (s t) us prior ts r simult h ns Th y ns to us to onstrut th rl AND t or th hyri h solution Th spil oul-nryption

, (, ) r ti ys, (, ) r inti ys Cn us orl to nrt th RAL AND t Br Iln Unirsity Dpt. o Computr Sin

in h t-rplmnt is nistinuishl, usin hyri rumnt h tht th istriutions r nistinuishl Br Iln Unirsity Dpt. o Computr Sin D

Br Iln Unirsity Dpt. o Computr Sin -4 rouns (pnin on OT n i oth or n prty ris output) y oliious trnsrs C symmtri nryptions to nrt iruit n 2 C to omput it (usin th inl it) or iruit o 33, ts: Btn 7 n 4 sons Btn 53 n 362 Kyts (pns on nryption us)

Br Iln Unirsity Dpt. o Computr Sin ssum tht th OT is sur or mliious : A orrupt P nnot lrn nythin (it ris no msss in th protool, in th hyri-ot mol) Thus, h priy W n pro ull surity or th s o orrupt P 2 his n usul, ut B rn tht this osn t ompos ith nythin.., onsir P tht uils iruit so tht i P 2 s irst it is, th iruit osn t rypt I P n tt this in th rl orl, priy is lost

n omput ny untionlity surly in rsn o smi-honst rsris Br Iln Unirsity Dpt. o Computr Sin rotool is iint nouh or us, or iruits tht r not too lr ommntion: r ull proo

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback