51,268 research outputs found
Secure Multiparty Computation with Partial Fairness
A protocol for computing a functionality is secure if an adversary in this
protocol cannot cause more harm than in an ideal computation where parties give
their inputs to a trusted party which returns the output of the functionality
to all parties. In particular, in the ideal model such computation is fair --
all parties get the output. Cleve (STOC 1986) proved that, in general, fairness
is not possible without an honest majority. To overcome this impossibility,
Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition -- 1/p-secure
computation -- which guarantees partial fairness. For two parties, they
construct 1/p-secure protocols for functionalities for which the size of either
their domain or their range is polynomial (in the security parameter). Gordon
and Katz ask whether their results can be extended to multiparty protocols.
We study 1/p-secure protocols in the multiparty setting for general
functionalities. Our main result is constructions of 1/p-secure protocols when
the number of parties is constant provided that less than 2/3 of the parties
are corrupt. Our protocols require that either (1) the functionality is
deterministic and the size of the domain is polynomial (in the security
parameter), or (2) the functionality can be randomized and the size of the
range is polynomial. If the size of the domain is constant and the
functionality is deterministic, then our protocol is efficient even when the
number of parties is O(log log n) (where n is the security parameter). On the
negative side, we show that when the number of parties is super-constant,
1/p-secure protocols are not possible when the size of the domain is
polynomial
Multilevel Threshold Secret and Function Sharing based on the Chinese Remainder Theorem
A recent work of Harn and Fuyou presents the first multilevel (disjunctive)
threshold secret sharing scheme based on the Chinese Remainder Theorem. In this
work, we first show that the proposed method is not secure and also fails to
work with a certain natural setting of the threshold values on compartments. We
then propose a secure scheme that works for all threshold settings. In this
scheme, we employ a refined version of Asmuth-Bloom secret sharing with a
special and generic Asmuth-Bloom sequence called the {\it anchor sequence}.
Based on this idea, we also propose the first multilevel conjunctive threshold
secret sharing scheme based on the Chinese Remainder Theorem. Lastly, we
discuss how the proposed schemes can be used for multilevel threshold function
sharing by employing it in a threshold RSA cryptosystem as an example
SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning
Performing machine learning (ML) computation on private data while
maintaining data privacy, aka Privacy-preserving Machine Learning~(PPML), is an
emergent field of research. Recently, PPML has seen a visible shift towards the
adoption of the Secure Outsourced Computation~(SOC) paradigm due to the heavy
computation that it entails. In the SOC paradigm, computation is outsourced to
a set of powerful and specially equipped servers that provide service on a
pay-per-use basis. In this work, we propose SWIFT, a robust PPML framework for
a range of ML algorithms in SOC setting, that guarantees output delivery to the
users irrespective of any adversarial behaviour. Robustness, a highly desirable
feature, evokes user participation without the fear of denial of service.
At the heart of our framework lies a highly-efficient, maliciously-secure,
three-party computation (3PC) over rings that provides guaranteed output
delivery (GOD) in the honest-majority setting. To the best of our knowledge,
SWIFT is the first robust and efficient PPML framework in the 3PC setting.
SWIFT is as fast as (and is strictly better in some cases than) the best-known
3PC framework BLAZE (Patra et al. NDSS'20), which only achieves fairness. We
extend our 3PC framework for four parties (4PC). In this regime, SWIFT is as
fast as the best known fair 4PC framework Trident (Chaudhari et al. NDSS'20)
and twice faster than the best-known robust 4PC framework FLASH (Byali et al.
PETS'20).
We demonstrate our framework's practical relevance by benchmarking popular ML
algorithms such as Logistic Regression and deep Neural Networks such as VGG16
and LeNet, both over a 64-bit ring in a WAN setting. For deep NN, our results
testify to our claims that we provide improved security guarantee while
incurring no additional overhead for 3PC and obtaining 2x improvement for 4PC.Comment: This article is the full and extended version of an article to appear
in USENIX Security 202
Multi-party Quantum Computation
We investigate definitions of and protocols for multi-party quantum computing
in the scenario where the secret data are quantum systems. We work in the
quantum information-theoretic model, where no assumptions are made on the
computational power of the adversary. For the slightly weaker task of
verifiable quantum secret sharing, we give a protocol which tolerates any t <
n/4 cheating parties (out of n). This is shown to be optimal. We use this new
tool to establish that any multi-party quantum computation can be securely
performed as long as the number of dishonest players is less than n/6.Comment: Masters Thesis. Based on Joint work with Claude Crepeau and Daniel
Gottesman. Full version is in preparatio
Recommended from our members
Fairness with an Honest Minority and a Rational Majority
We provide a simple protocol for secret reconstruction in any threshold secret sharing scheme, and prove that it is fair when executed with many rational parties together with a small minority of honest parties. That is, all parties will learn the secret with high probability when the honest parties follow the protocol and the rational parties act in their own self-interest (as captured by a set-Nash analogue of trembling hand perfect equilibrium). The protocol only requires a standard (synchronous) broadcast channel, tolerates both early stopping and incorrectly computed messages, and only requires 2 rounds of communication.
Previous protocols for this problem in the cryptographic or economic models have either required an honest majority, used strong communication channels that enable simultaneous exchange of information, or settled for approximate notions of security/equilibria. They all also required a nonconstant number of rounds of communication.Engineering and Applied Science
Fair and Sound Secret Sharing from Homomorphic Time-Lock Puzzles
Achieving fairness and soundness in non-simultaneous rational secret sharing schemes has proved to be challenging.
On the one hand, soundness can be ensured by providing side information related to the secret as a check, but on the other, this can be used by deviant players to compromise fairness.
To overcome this, the idea of incorporating a time delay was suggested in the literature: in particular, time-delay encryption based on memory-bound functions has been put forth as a solution.
In this paper, we propose a different approach to achieve such delay, namely using homomorphic time-lock puzzles (HTLPs), introduced at CRYPTO 2019, and construct a fair and sound rational secret sharing scheme in the non-simultaneous setting from HTLPs.
HTLPs are used to embed sub-shares of the secret for a predetermined time. This allows to restore fairness of the secret reconstruction phase, despite players having access to information related to the secret which is required to ensure soundness of the scheme. Key to our construction is the fact that the time-lock puzzles are homomorphic so that players can compactly evaluate sub-shares. Without this efficiency improvement, players would have to independently solve each puzzle sent from the other players to obtain a share of the secret, which would be computationally inefficient.
We argue that achieving both fairness and soundness in a non-simultaneous scheme using a time delay based on CPU-bound functions rather than memory-bound functions is more cost effective and realistic in relation to the implementation of the construction
- …