30 research outputs found
DTKI: a new formalized PKI with no trusted parties
The security of public key validation protocols for web-based applications
has recently attracted attention because of weaknesses in the certificate
authority model, and consequent attacks.
Recent proposals using public logs have succeeded in making certificate
management more transparent and verifiable. However, those proposals involve a
fixed set of authorities. This means an oligopoly is created. Another problem
with current log-based system is their heavy reliance on trusted parties that
monitor the logs.
We propose a distributed transparent key infrastructure (DTKI), which greatly
reduces the oligopoly of service providers and allows verification of the
behaviour of trusted parties. In addition, this paper formalises the public log
data structure and provides a formal analysis of the security that DTKI
guarantees.Comment: 19 page
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
Foundations of Homomorphic Secret Sharing
Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open.
We initiate a systematic study of HSS, making the following contributions.
- A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework.
- Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer.
- Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic efficiency features under the Decision Diffie Hellman (DDH) assumption. Second, we use HSS to obtain nearly optimal worst-case to average-case reductions in P. This in turn has applications to fine-grained average-case hardness and verifiable computation
On the Download Rate of Homomorphic Secret Sharing
A homomorphic secret sharing (HSS) scheme is a secret sharing scheme that
supports evaluating functions on shared secrets by means of a local mapping
from input shares to output shares. We initiate the study of the download rate
of HSS, namely, the achievable ratio between the length of the output shares
and the output length when amortized over function evaluations. We
obtain the following results.
* In the case of linear information-theoretic HSS schemes for degree-
multivariate polynomials, we characterize the optimal download rate in terms of
the optimal minimal distance of a linear code with related parameters. We
further show that for sufficiently large (polynomial in all problem
parameters), the optimal rate can be realized using Shamir's scheme, even with
secrets over .
* We present a general rate-amplification technique for HSS that improves the
download rate at the cost of requiring more shares. As a corollary, we get
high-rate variants of computationally secure HSS schemes and efficient private
information retrieval protocols from the literature.
* We show that, in some cases, one can beat the best download rate of linear
HSS by allowing nonlinear output reconstruction and error
probability
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little
is known about the communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
concrete setting involving 3-parties, in order to bring out the power of
these tools without introducing too many complications. Our techniques
include the use of a data processing inequality for {\em residual
information} --- i.e., the gap between mutual information and
Gács-Körner common information, a new {\em information inequality} for
3-party protocols, and the idea of {\em distribution switching} by which
lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have ``communication-ideal\u27\u27 protocols, which
achieve the minimum communication simultaneously on all links in the
network. Also, we obtain the first {\em explicit} example of a function that
incurs a higher communication cost than the input length in the secure
computation model of Feige, Kilian and Naor \cite{FeigeKiNa94}, who had
shown that such functions exist. We also show that our communication bounds
imply tight lower bounds on the amount of randomness required by MPC
protocols for many interesting functions
On Regenerating Codes and Proactive Secret Sharing: Relationships and Implications
We look at two basic coding theoretic and cryptographic mechanisms developed separately and investigate relationships between them and their implications. The first mechanism is Proactive Secret Sharing (PSS), which allows randomization and repair of shares using information from other shares. PSS enables constructing secure multi-party computation protocols that can withstand mobile dynamic attacks.
This self-recovery and the redundancy of uncorrupted shares allows a system to overcome recurring faults throughout its lifetime, eventually finishing the computation (or continuing forever to maintain stored data). The second mechanismis Regenerating Codes (RC) which were extensively studied and adopted in distributed storage systems. RC are error correcting (or erasure handling) codes capable of recovering a block of a distributively held codeword from other servers\u27 blocks. This self-healing nature enables more robustness of a code distributed over different machines. Given that the two mechanisms have a built-in self-healing (leading to stabilizing) and that both can be based on Reed Solomon Codes, it is natural to formally investigate deeper relationships between them.
We prove that a PSS scheme can be converted into an RC scheme, and that under some conditions RC can be utilized to instantiate a PSS scheme. This allows us, in turn, to leverage recent results enabling more efficient polynomial interpolation (due to Guruswami and Wooters) to improve the efficiency of a PSS scheme. We also show that if parameters are not carefully calibrated, such interpolation techniques (allowing partial word leakage) may be used to attack a PSS scheme over time.
Secondly, the above relationships give rise to extended (de)coding notions. Our first example is mapping the generalized capabilities of adversaries (called generalized adversary structures) from the PSS realm into the RC one. Based on this we define a new variant of RC we call Generalized-decoding Regenerating Code (GRC) where not all network servers have a uniform sub-codeword (motivated by non-uniform probability of attacking different servers case). We finally
highlight several interesting research directions due to our results, e.g., designing new improved GRC, and more adaptive RC re-coding techniques