A Secure Multi-Party Computation Protocol Suite Inspired by Shamir’s Secret Sharing Scheme

Tänapäeva maailm on täis saladusi. Mõnikord me sooviks teada midagi nende kohta ilma oma saladusi avalikustamata. Näiteks võib kedagi huvitada, kas ta on rikkam kui mõni tema sõber. Valitsusi võib huvitada, et nende satelliidid ei satuks kokkupõrkesse, kuid samas ei tahaks nad välismaailmale oma strateegiliste satelliitide liikumise kohta liiga palju infot jagada. Turvaline ühisarvutus võimaldab osapooltel ühiselt arvutada mingi funktsiooni väärtusi ilma sisendeid avalikustamata. Sharemind on üks praktiline raamistik turvaliste ühisarvutuste tegemiseks. Selles töös loomegi protokollide komplekti Sharemindi jaoks. Meie protokollid on inspireeritud Shamiri ühissalastusest, mis võimaldab saladusi osadeks jagada. Me anname algoritmid liitmise, korrutamise ja võrdlustehete jaoks koos vastavate turvatõestustega. Lisaks võrdleme realiseeritud protokollide jõudlust juba varasemalt olemasoleva protokollistikuga. Esialgsed keerukus- ja jõudlustulemused on lubavad, kuid on arenguruumi.The world today is full of secrets. Sometimes, we would like to know something about them without revealing the secrets themselves. For example, whether I have more money than my friend or whether two satellites would collide without publishing their moving trajectories. Secure multi-party computation allows us to jointly compute some functions while keeping the privacy of our inputs. Sharemind is a practical framework for performing secure multi-party computations. In this work, we added a protocol suite to Sharemind. This protocol suite was inspired by Shamir's secret sharing scheme, which describes a way to divide a secret into pieces. We describe algorithms for addition, multiplication, equality-testing and less-than comparison. We also give correctness and security proofs for the protocols. The resulting implementations were compared to an existing protocol suite inspired by additive secret sharing. The initial complexities and benchmarking results are promising, but there is room for improvement

On the Composability of Statistically Secure Random Oblivious Transfer

We show that random oblivious transfer protocols that are statistically secure according to a definition based on a list of information-theoretical properties are also statistically universally composable. That is, they are simulatable secure with an unlimited adversary, an unlimited simulator, and an unlimited environment machine. Our result implies that several previous oblivious transfer protocols in the literature that were proven secure under weaker, non-composable definitions of security can actually be used in arbitrary statistically secure applications without lowering the security

Universally Composable and Statistically Secure Verifiable Secret Sharing Scheme Based on Pre-Distributed Data

This paper presents a non-interactive verifiable secret sharing scheme (VSS) tolerating a dishonest majority based on data pre-distributed by a trusted authority. As an application of this VSS scheme we present very efficient unconditionally secure multiparty protocols based on pre-distributed data which generalize two-party computations based on linear pre-distributed bit commitments. The main results of this paper are a non-interactive VSS where the amount of data which needs to be pre-distributed to each player depends on the number of tolerable cheaters only, a simplified multiplication protocol for shared values based on pre-distributed random products, and non-interactive zero knowledge proofs for arbitrary polynomial relations. The security of the schemes are proved using the UC framework

Confidential Boosting with Random Linear Classifiers for Outsourced User-generated Data

User-generated data is crucial to predictive modeling in many applications. With a web/mobile/wearable interface, a data owner can continuously record data generated by distributed users and build various predictive models from the data to improve their operations, services, and revenue. Due to the large size and evolving nature of users data, data owners may rely on public cloud service providers (Cloud) for storage and computation scalability. Exposing sensitive user-generated data and advanced analytic models to Cloud raises privacy concerns. We present a confidential learning framework, SecureBoost, for data owners that want to learn predictive models from aggregated user-generated data but offload the storage and computational burden to Cloud without having to worry about protecting the sensitive data. SecureBoost allows users to submit encrypted or randomly masked data to designated Cloud directly. Our framework utilizes random linear classifiers (RLCs) as the base classifiers in the boosting framework to dramatically simplify the design of the proposed confidential boosting protocols, yet still preserve the model quality. A Cryptographic Service Provider (CSP) is used to assist the Cloud's processing, reducing the complexity of the protocol constructions. We present two constructions of SecureBoost: HE+GC and SecSh+GC, using combinations of homomorphic encryption, garbled circuits, and random masking to achieve both security and efficiency. For a boosted model, Cloud learns only the RLCs and the CSP learns only the weights of the RLCs. Finally, the data owner collects the two parts to get the complete model. We conduct extensive experiments to understand the quality of the RLC-based boosting and the cost distribution of the constructions. Our results show that SecureBoost can efficiently learn high-quality boosting models from protected user-generated data

Improved Black-Box Constructions of Composable Secure Computation

We close the gap between black-box and non-black-box constructions of $\mathit{composable}$ secure multiparty computation in the plain model under the $\mathit{minimal}$ assumption of semi-honest oblivious transfer. The notion of protocol composition we target is $\mathit{angel\text{-}based}$ security, or more precisely, security with super-polynomial helpers. In this notion, both the simulator and the adversary are given access to an oracle called an $\mathit{angel}$ that can perform some predefined super-polynomial time task. Angel-based security maintains the attractive properties of the universal composition framework while providing meaningful security guarantees in complex environments without having to trust anyone. Angel-based security can be achieved using non-black-box constructions in $\max(R_{\mathsf{OT}},\widetilde{O}(\log n))$ rounds where $R_{\mathsf{OT}}$ is the round-complexity of the semi-honest oblivious transfer. However, currently, the best known $\mathit{black\text{-}box}$ constructions under the same assumption require $\max(R_{\mathsf{OT}},\widetilde{O}(\log^2 n))$ rounds. If $R_{\mathsf{OT}}$ is a constant, the gap between non-black-box and black-box constructions can be a multiplicative factor $\log n$. We close this gap by presenting a $\max(R_{\mathsf{OT}},\widetilde{O}(\log n))$-round black-box construction. We achieve this result by constructing constant-round 1-1 CCA-secure commitments assuming only black-box access to one-way functions

Classical Cryptographic Protocols in a Quantum World

Cryptographic protocols, such as protocols for secure function evaluation (SFE), have played a crucial role in the development of modern cryptography. The extensive theory of these protocols, however, deals almost exclusively with classical attackers. If we accept that quantum information processing is the most realistic model of physically feasible computation, then we must ask: what classical protocols remain secure against quantum attackers? Our main contribution is showing the existence of classical two-party protocols for the secure evaluation of any polynomial-time function under reasonable computational assumptions (for example, it suffices that the learning with errors problem be hard for quantum polynomial time). Our result shows that the basic two-party feasibility picture from classical cryptography remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is authors' copy with different formattin