3 research outputs found
Multi-party Poisoning through Generalized -Tampering
In a poisoning attack against a learning algorithm, an adversary tampers with
a fraction of the training data with the goal of increasing the
classification error of the constructed hypothesis/model over the final test
distribution. In the distributed setting, might be gathered gradually from
data providers who generate and submit their shares of
in an online way.
In this work, we initiate a formal study of -poisoning attacks in
which an adversary controls of the parties, and even for each
corrupted party , the adversary submits some poisoned data on
behalf of that is still "-close" to the correct data (e.g.,
fraction of is still honestly generated). For , this model
becomes the traditional notion of poisoning, and for it coincides with
the standard notion of corruption in multi-party computation.
We prove that if there is an initial constant error for the generated
hypothesis , there is always a -poisoning attacker who can decrease
the confidence of (to have a small error), or alternatively increase the
error of , by . Our attacks can be implemented in
polynomial time given samples from the correct data, and they use no wrong
labels if the original distributions are not noisy.
At a technical level, we prove a general lemma about biasing bounded
functions through an attack model in which each
block might be controlled by an adversary with marginal probability
in an online way. When the probabilities are independent, this coincides with
the model of -tampering attacks, thus we call our model generalized
-tampering. We prove the power of such attacks by incorporating ideas from
the context of coin-flipping attacks into the -tampering model and
generalize the results in both of these areas
Adaptively Secure Coin-Flipping, Revisited
The full-information model was introduced by Ben-Or and Linial in 1985 to
study collective coin-flipping: the problem of generating a common bounded-bias
bit in a network of players with faults. They showed that the
majority protocol can tolerate adaptive corruptions, and
conjectured that this is optimal in the adaptive setting. Lichtenstein, Linial,
and Saks proved that the conjecture holds for protocols in which each player
sends a single bit. Their result has been the main progress on the conjecture
in the last 30 years.
In this work we revisit this question and ask: what about protocols involving
longer messages? Can increased communication allow for a larger fraction of
faulty players?
We introduce a model of strong adaptive corruptions, where in each round, the
adversary sees all messages sent by honest parties and, based on the message
content, decides whether to corrupt a party (and intercept his message) or not.
We prove that any one-round coin-flipping protocol, regardless of message
length, is secure against at most strong adaptive
corruptions. Thus, increased message length does not help in this setting.
We then shed light on the connection between adaptive and strongly adaptive
adversaries, by proving that for any symmetric one-round coin-flipping protocol
secure against adaptive corruptions, there is a symmetric one-round
coin-flipping protocol secure against strongly adaptive corruptions.
Returning to the standard adaptive model, we can now prove that any symmetric
one-round protocol with arbitrarily long messages can tolerate at most
adaptive corruptions.
At the heart of our results lies a novel use of the Minimax Theorem and a new
technique for converting any one-round secure protocol into a protocol with
messages of bits. This technique may be of independent interest
Quantum Weak Coin Flipping
We investigate weak coin flipping, a fundamental cryptographic primitive
where two distrustful parties need to remotely establish a shared random bit. A
cheating player can try to bias the output bit towards a preferred value. For
weak coin flipping the players have known opposite preferred values. A weak
coin-flipping protocol has a bias if neither player can force the
outcome towards their preferred value with probability more than
. While it is known that all classical protocols have
, Mochon showed in 2007 [arXiv:0711.4114] that quantumly
weak coin flipping can be achieved with arbitrarily small bias (near perfect)
but the best known explicit protocol has bias (also due to Mochon, 2005
[Phys. Rev. A 72, 022341]). We propose a framework to construct new explicit
protocols achieving biases below . In particular, we construct explicit
unitaries for protocols with bias approaching . To go below, we introduce
what we call the Elliptic Monotone Align (EMA) algorithm which, together with
the framework, allows us to numerically construct protocols with arbitrarily
small biases.Comment: 98 pages split into 3 parts, 10 figures; For updates and contact
information see https://atulsingharora.github.io/WCF. Version 2 has minor
improvements. arXiv admin note: text overlap with arXiv:1402.7166 by other
author