6,827 research outputs found
On Communication Protocols that Compute Almost Privately
A traditionally desired goal when designing auction mechanisms is incentive
compatibility, i.e., ensuring that bidders fare best by truthfully reporting
their preferences. A complementary goal, which has, thus far, received
significantly less attention, is to preserve privacy, i.e., to ensure that
bidders reveal no more information than necessary. We further investigate and
generalize the approximate privacy model for two-party communication recently
introduced by Feigenbaum et al.[8]. We explore the privacy properties of a
natural class of communication protocols that we refer to as "dissection
protocols". Dissection protocols include, among others, the bisection auction
in [9,10] and the bisection protocol for the millionaires problem in [8].
Informally, in a dissection protocol the communicating parties are restricted
to answering simple questions of the form "Is your input between the values
\alpha and \beta (under a predefined order over the possible inputs)?".
We prove that for a large class of functions, called tiling functions, which
include the 2nd-price Vickrey auction, there always exists a dissection
protocol that provides a constant average-case privacy approximation ratio for
uniform or "almost uniform" probability distributions over inputs. To establish
this result we present an interesting connection between the approximate
privacy framework and basic concepts in computational geometry. We show that
such a good privacy approximation ratio for tiling functions does not, in
general, exist in the worst case. We also discuss extensions of the basic setup
to more than two parties and to non-tiling functions, and provide calculations
of privacy approximation ratios for two functions of interest.Comment: to appear in Theoretical Computer Science (series A
Proving Differential Privacy with Shadow Execution
Recent work on formal verification of differential privacy shows a trend
toward usability and expressiveness -- generating a correctness proof of
sophisticated algorithm while minimizing the annotation burden on programmers.
Sometimes, combining those two requires substantial changes to program logics:
one recent paper is able to verify Report Noisy Max automatically, but it
involves a complex verification system using customized program logics and
verifiers.
In this paper, we propose a new proof technique, called shadow execution, and
embed it into a language called ShadowDP. ShadowDP uses shadow execution to
generate proofs of differential privacy with very few programmer annotations
and without relying on customized logics and verifiers. In addition to
verifying Report Noisy Max, we show that it can verify a new variant of Sparse
Vector that reports the gap between some noisy query answers and the noisy
threshold. Moreover, ShadowDP reduces the complexity of verification: for all
of the algorithms we have evaluated, type checking and verification in total
takes at most 3 seconds, while prior work takes minutes on the same algorithms.Comment: 23 pages, 12 figures, PLDI'1
Do Distributed Differentially-Private Protocols Require Oblivious Transfer?
We study the cryptographic complexity of two-party differentially-private protocols for a large natural class of boolean functionalities. Information theoretically, McGregor et al. [FOCS 2010] and Goyal et al. [Crypto 2013] demonstrated several functionalities for which the maximal possible accuracy in the distributed setting is significantly lower than that in the client-server setting. Goyal et al. [Crypto 2013] further showed that ``highly accurate\u27\u27 protocols in the distributed setting for any non-trivial functionality in fact imply the existence of one-way functions. However, it has remained an open problem to characterize the exact cryptographic complexity of this class. In particular, we know that semi-honest oblivious transfer helps obtain optimally accurate distributed differential privacy. But we do not know whether the reverse is true.
We study the following question: Does the existence of optimally accurate distributed differentially private protocols for any class of functionalities imply the existence of oblivious transfer? We resolve this question in the affirmative for the class of boolean functionalities that contain an XOR embedded on adjacent inputs.
- We construct a protocol implementing oblivious transfer from any optimally accurate, distributed differentially private protocol for any functionality with a boolean XOR embedded on adjacent inputs.
- While the previous result holds for optimally accurate protocols for any privacy parameter \epsilon > 0, we also give a reduction from oblivious transfer to distributed differentially private protocols computing XOR, for a constant small range of non-optimal accuracies and a constant small range of values of privacy parameter \epsilon.
At the heart of our techniques is an interesting connection between optimally-accurate two-party protocols for the XOR functionality and noisy channels, which were shown by Crepeau and Kilian [FOCS 1988] to be sufficient for oblivious transfer
ExTRUST: Reducing Exploit Stockpiles with a Privacy-Preserving Depletion System for Inter-State Relationships
Cyberspace is a fragile construct threatened by malicious cyber operations of
different actors, with vulnerabilities in IT hardware and software forming the
basis for such activities, thus also posing a threat to global IT security.
Advancements in the field of artificial intelligence accelerate this
development, either with artificial intelligence enabled cyber weapons,
automated cyber defense measures, or artificial intelligence-based threat and
vulnerability detection. Especially state actors, with their long-term
strategic security interests, often stockpile such knowledge of vulnerabilities
and exploits to enable their military or intelligence service cyberspace
operations. While treaties and regulations to limit these developments and to
enhance global IT security by disclosing vulnerabilities are currently being
discussed on the international level, these efforts are hindered by state
concerns about the disclosure of unique knowledge and about giving up tactical
advantages. This leads to a situation where multiple states are likely to
stockpile at least some identical exploits, with technical measures to enable a
depletion process for these stockpiles that preserve state secrecy interests
and consider the special constraints of interacting states as well as the
requirements within such environments being non-existent. This paper proposes
such a privacy-preserving approach that allows multiple state parties to
privately compare their stock of vulnerabilities and exploits to check for
items that occur in multiple stockpiles without revealing them so that their
disclosure can be considered. We call our system ExTRUST and show that it is
scalable and can withstand several attack scenarios. Beyond the
intergovernmental setting, ExTRUST can also be used for other zero-trust use
cases, such as bug-bounty programs.Comment: 16 pages, 3 figures, IEEE Transactions on Technology and Societ
On the Complexity of Solving Quadratic Boolean Systems
A fundamental problem in computer science is to find all the common zeroes of
quadratic polynomials in unknowns over . The
cryptanalysis of several modern ciphers reduces to this problem. Up to now, the
best complexity bound was reached by an exhaustive search in
operations. We give an algorithm that reduces the problem to a combination of
exhaustive search and sparse linear algebra. This algorithm has several
variants depending on the method used for the linear algebra step. Under
precise algebraic assumptions on the input system, we show that the
deterministic variant of our algorithm has complexity bounded by
when , while a probabilistic variant of the Las Vegas type
has expected complexity . Experiments on random systems show
that the algebraic assumptions are satisfied with probability very close to~1.
We also give a rough estimate for the actual threshold between our method and
exhaustive search, which is as low as~200, and thus very relevant for
cryptographic applications.Comment: 25 page
Raziel: Private and Verifiable Smart Contracts on Blockchains
Raziel combines secure multi-party computation and proof-carrying code to
provide privacy, correctness and verifiability guarantees for smart contracts
on blockchains. Effectively solving DAO and Gyges attacks, this paper describes
an implementation and presents examples to demonstrate its practical viability
(e.g., private and verifiable crowdfundings and investment funds).
Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e.,
Proof-Carrying Code certificates) to prove the validity of smart contracts to
third parties before their execution without revealing anything else. Finally,
we show how miners could get rewarded for generating pre-processing data for
secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge
- …