7 research outputs found

    Secure Comparison Under Ideal/Real Simulation Paradigm

    Get PDF
    Secure comparison problem, also known as Yao's Millionaires' problem, was introduced by Andrew Yao in 1982. It is a fundamental problem in secure multi-party computation. In this problem, two millionaires are interested in determining the richer one between them without revealing their actual wealth. Yao's millionaires' problem is a classic and fundamental problem in cryptography. The design of secure and efficient solutions to this problem provides effective building blocks for secure multi-party computation. However, only a few of the solutions in the literature have succeeded in resisting attacks of malicious adversaries, and none of these solutions has been proven secure in malicious model under ideal/real simulation paradigm. In this paper, we propose two secure solutions to Yao's millionaires' problem in the malicious model. One solution has full simulation security, and the other solution achieves one-sided simulation security. Both protocols are only based on symmetric cryptography. Experimental results indicate that our protocols can securely solve Yao's millionaires' problem with high efficiency and scalability. Furthermore, our solutions show better performance than the state-of-the-art solutions in terms of complexity and security. Specifically, our solutions only require O(∣U∣)O(|U|) symmetric operations at most to achieve simulation-based security against malicious adversaries, where UU denotes the universal set and ∣U∣|U| denotes the size of UU

    Efficient Techniques for Privacy-Preserving Sharing of Sensitive Information

    Get PDF
    The need for privacy-preserving sharing of sensitive information occurs in many different and realistic everyday scenarios, ranging from national security to social networking. A typical setting involves two parties: one seeks information from the other without revealing the interest while the latter is either willing, or compelled, to share only the requested information. This poses two challenges: (1) how to enable sharing such that parties learn no information beyond what they are entitled to, and (2) how to do so efficiently, in real-world practical terms. This paper explores the notion of Privacy-Preserving Sharing of Sensitive Information (PPSSI), and provides a concrete and efficient instantiation, modeled in the context of simple database querying. Proposed approach functions as a privacy shield to protect parties from disclosing more than the required minimum of their respective sensitive information. PPSSI deployment prompts several challenges, which are addressed in this paper. Extensive experimental results attest to the practicality of attained privacy features and show that our approach incurs quite low overhead (e.g., 10% slower than standard MySQL). © 2011 Springer-Verlag

    (Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

    Get PDF
    We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamper-proof hardware tokens for universally composable secure computation. As our main result, we show an oblivious-transfer (OT) protocol in which two parties each create and exchange a single, stateless token and can then run an unbounded number of OTs. We also show a more efficient protocol, based only on standard symmetric-key primitives (block ciphers and collision-resistant hash functions), that can be used if a bounded number of OTs suffice. Motivated by this result, we investigate the number of stateless tokens needed for universally composable OT. We prove that our protocol is optimal in this regard for constructions making black-box use of the tokens (in a sense we define). We also show that nonblack-box techniques can be used to obtain a construction using only a single stateless token

    Applying Secure Multi-party Computation in Practice

    Get PDF
    In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them. The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency

    The Cryptographic Strength of Tamper-Proof Hardware

    Get PDF
    Tamper-proof hardware has found its way into our everyday life in various forms, be it SIM cards, credit cards or passports. Usually, a cryptographic key is embedded in these hardware tokens that allows the execution of simple cryptographic operations, such as encryption or digital signing. The inherent security guarantees of tamper-proof hardware, however, allow more complex and diverse applications

    Turvalise ĂŒhisarvutuse rakendamine

    Get PDF
    Andmetest on kasu vaid siis kui neid saab kasutada. Eriti suur lisandvÀÀrtus tekib siis, kui ĂŒhendada andmed erinevatest allikatest. NĂ€iteks, liites kokku maksu- ja haridusandmed, saab riik lĂ€bi viia kĂ”rghariduse erialade tasuvusanalĂŒĂŒse. Sama kehtib ka erasektoris - ĂŒhendades pankade maksekohustuste andmebaasid, saab efektiivsemalt tuvastada kĂ”rge krediidiriskiga kliente. Selline andmekogude ĂŒhendamine on aga tihti konfidentsiaalsus- vĂ”i privaatsusnĂ”uete tĂ”ttu keelatud. Õigustatult, sest suuremahulised ĂŒhendatud andmekogud on atraktiivsed sihtmĂ€rgid nii hĂ€kkeritele kui ka ametnikele ja andmebaaside administraatoritele, kes oma Ă”igusi kuritarvitada vĂ”ivad. Seda sorti rĂŒnnete vastus aitab turvalise ĂŒhisarvutuse tehnoloogia kasutamine, mis vĂ”imaldab mitmed osapoolel andmeid ĂŒhiselt analĂŒĂŒsida, ilma et keegi neist pÀÀseks ligi ĂŒksikutele kirjetele. Oma esimesest rakendamisest praktikas 2008. aastal on turvalise ĂŒhisarvutuse tehnoloogia praeguseks jĂ”udnud seisu, kus seda juurutatakse hajusates rakendustes ĂŒle interneti ning seda pakutakse ka osana teistest teenustest. KĂ€esolevas töös keskendume turvalise ĂŒhisarvutuse praktikas rakendamise tehnilistele kĂŒsimustele. Alustuseks tutvustame esimesi selle tehnoloogia rakendusi, tuvastame veel lahendamata probleeme ning pakume töö kĂ€igus vĂ€lja lahendusi. Töö pĂ”hitulemus on samm-sammuline ĂŒlevaade sellise juurutuse elutsĂŒklist, kasutades nĂ€itena esimest turvalise ĂŒhisarvutuse abil lĂ€bi viidud suuremahulisi registriandmeid hĂ”lmavat uuringut. Sealhulgas anname ĂŒlevaate ka mittetehnilistest toimingutest nagu lepingute sĂ”lmimine ja Andmekaitse Inspektsiooniga suhtlemine, mis tulenevad suurte organisatsioonide kaasamisest nagu seda on riigiasutused. Tulevikku vaadates pakume vĂ€lja lahenduse, mis ĂŒhendab endas födereeritud andmevahetusplatvormi ja turvalise ĂŒhisarvutuse tehnoloogiat. Konkreetse lahendusena pakume Eesti riigi andmevahetuskihi X-tee tĂ€iustamist turvalise ĂŒhisarvutuse teenusega Sharemind. Selline arhitektuur vĂ”imaldaks mitmeid olemasolevaid andmekogusid uuringuteks liita efektiivselt ja turvaliselt, ilma ĂŒksikisikute privaatsust rikkumata.Data is useful only when used. This is especially true if one is able to combine several data sets. For example, combining income and educational data, it is possible for a government to get a return of investment overview of educational investments. The same is true in private sector. Combining data sets of financial obligations of their customers, banks could issue loans with lower credit risks. However, this kind of data sharing is often forbidden as citizens and customers have their privacy expectations. Moreover, such a combined database becomes an interesting target for both hackers as well as nosy officials and administrators taking advantage of their position. Secure multi-party computation is a technology that allows several parties to collaboratively analyse data without seeing any individual values. This technology is suitable for the above mentioned scenarios protecting user privacy from both insider and outsider attacks. With first practical applications using secure multi-party computation developed in 2000s, the technology is now mature enough to be used in distributed deployments and even offered as part of a service. In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them. The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency. Looking into the future, we propose to deploy secure multi-party computation technology as a service on a federated data exchange infrastructure. This allows privacy-preserving analysis to be carried out faster and more conveniently, thus promoting a more informed government

    Faster Oblivious Transfer Extension and Its Impact on Secure Computation

    Get PDF
    Secure two-party computation allows two parties to evaluate a function on their private inputs while keeping all information private except what can be inferred from the outputs. A major building block and the foundation for many efficient secure computation protocols is oblivious transfer (OT). In an OT protocol a sender inputs two messages (x_{0}, x_{1}) while a receiver with choice bit c wants to receive message x_{c}.The OT protocol execution guarantees that the sender learns no information about c and the receiver learns no information about x_{1−c}. This thesis focuses on the efficient generation of OTs and their use in secure computation. In particular, we show how to compute OTs more efficiently, improve generic secure computation protocols which can be used to securely evaluate any functionality, and develop highly efficient special-purpose protocols for private set intersection (PSI). We outline our contributions in more detail next. More Efficient OT Extensions. The most efficient OT protocols are based on public-key cryptography and require a constant number of exponentiations per OT. However, for many practical applications where millions to billions of OTs need to be computed, these exponentiations become prohibitively slow. To enable these applications, OT extension protocols [Bea96, IKNP03] can be used, which extend a small number of public-key-based OTs to an arbitrarily large number using cheap symmetric-key cryptography only. We improve the computation and communication efficiency of OT extension protocols and show how to achieve security against malicious adversaries, which can arbitrarily deviate from the protocol, at low overhead. Our resulting protocols can compute several million of OTs per second and we show that, in contrast to previous belief, the local computation overhead for computing OTs is so low that the main bottleneck is the network bandwidth. Parts of these results are published in: ‱ G. Asharov, Y. Lindell, T. Schneider, M. Zohner. More Efficient Oblivious Transfer and Extensions for Faster Secure Computation. In 20th ACM Conference on Computer and Communications Security (CCS’13). ‱ G. Asharov, Y. Lindell, T. Schneider, M. Zohner. More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries. In 34th Advances in Cryptology – EUROCRYPT’15. ‱ G. Asharov, Y. Lindell, T. Schneider, M. Zohner. More Efficient Oblivious Transfer Extensions. To appear in Journal of Cryptology. Online at http://eprint.iacr.org/2016/602. Communication-Efficient Generic Secure Two-Party Computation. Generic secure two-party computation techniques allow to evaluate a function, represented as a circuit of linear (XOR) and non-linear (AND) gates. One of the most prominent generic secure two-party computation protocols is Yao’s garbled circuits [Yao86], for which many optimizations have been proposed. Shortly after Yao’s protocol, the generic secure protocol by Goldreich-Micali-Wigderson (GMW) [GMW87] was introduced. The GMW protocol requires a large number of OTs and was believed to be less efficient for secure two-party computation than Yao’s protocol [HL10, CHK+12]. We improve the efficiency of the GMW protocol and show that it can outperform Yao’s garbled circuits protocol in settings with low bandwidth. Furthermore, we utilize the flexibility of OT and outline special-purpose constructions that can be used within the GMW protocol and which improve its efficiency even further. Parts of these results are published in: ‱ T. Schneider, M. Zohner. GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits. In 17th International Conference on Financial Cryptography and Data Security (FC’13). ‱ D. Demmler, T. Schneider, M. Zohner. ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In 22th Network and Distributed System Security Symposium (NDSS’15). ‱ G. Dessouky, F. Koushanfar, A.-R. Sadeghi, T. Schneider, S. Zeitouni, M. Zohner. Pushing the Communication Barrier in Secure Computation using Lookup Tables. In 24th Network and Distributed System Security Symposium (NDSS’17). Faster Private Set Intersection (PSI). PSI allows two parties to compute the intersection of their private sets without revealing any element that is not in the intersection. PSI is a well-studied problem in secure computation and many special-purpose protocols have been proposed. However, existing PSI protocols are several orders of magnitude slower than an insecure naive hashing solution that is used in practice. In addition, many protocols were compared in a biased fashion, which makes it difficult to identify the most promising solution for a particular scenario. We systematize the progress made on PSI protocols by reviewing, optimizing, and comparing existing PSI protocols. We then introduce a novel PSI protocol that is based on our efficiency improvements in OT extension protocols and which outperforms existing protocols by up to two orders of magnitude. Parts of these results are published in: ‱ B. Pinkas, T. Schneider, M. Zohner. Faster Private Set Intersection Based on OT Extension. In 23th USENIX Security Symposium (USENIX Security’14). ‱ B. Pinkas, T. Schneider, G. Segev, M. Zohner. Phasing: Private Set Intersection using Permutation-based Hashing. In 24th USENIX Security Symposium (USENIX Security’15). ‱ B. Pinkas, T. Schneider, M. Zohner. Scalable Private Set Intersection Based on OT Extension. Journal paper. In submission. Online at http://iacr.eprint.org/2016/930
    corecore