4,021 research outputs found
On the Oblivious Transfer Capacity of the Degraded Wiretapped Binary Erasure Channel
We study oblivious transfer (OT) between Alice and Bob in the presence of an
eavesdropper Eve over a degraded wiretapped binary erasure channel from Alice
to Bob and Eve. In addition to the privacy goals of oblivious transfer between
Alice and Bob, we require privacy of Alice and Bob's private data from Eve. In
previous work we derived the OT capacity (in the honest-but-curious model) of
the wiretapped binary independent erasure channel where the erasure processes
of Bob and Eve are independent. Here we derive a lower bound on the OT capacity
in the same secrecy model when the wiretapped binary erasure channel is
degraded in favour of Bob.Comment: To be presented at the IEEE International Symposium on Information
Theory (ISIT 2015), Hong Kon
The Oblivious Transfer Capacity of the Wiretapped Binary Erasure Channel
We consider oblivious transfer between Alice and Bob in the presence of an
eavesdropper Eve when there is a broadcast channel from Alice to Bob and Eve.
In addition to the secrecy constraints of Alice and Bob, Eve should not learn
the private data of Alice and Bob. When the broadcast channel consists of two
independent binary erasure channels, we derive the oblivious transfer capacity
for both 2-privacy (where the eavesdropper may collude with either party) and
1-privacy (where there are no collusions).Comment: This is an extended version of the paper "The Oblivious Transfer
Capacity of the Wiretapped Binary Erasure Channel" to be presented at ISIT
201
An Epitome of Multi Secret Sharing Schemes for General Access Structure
Secret sharing schemes are widely used now a days in various applications,
which need more security, trust and reliability. In secret sharing scheme, the
secret is divided among the participants and only authorized set of
participants can recover the secret by combining their shares. The authorized
set of participants are called access structure of the scheme. In Multi-Secret
Sharing Scheme (MSSS), k different secrets are distributed among the
participants, each one according to an access structure. Multi-secret sharing
schemes have been studied extensively by the cryptographic community. Number of
schemes are proposed for the threshold multi-secret sharing and multi-secret
sharing according to generalized access structure with various features. In
this survey we explore the important constructions of multi-secret sharing for
the generalized access structure with their merits and demerits. The features
like whether shares can be reused, participants can be enrolled or dis-enrolled
efficiently, whether shares have to modified in the renewal phase etc., are
considered for the evaluation
Private Data Transfer over a Broadcast Channel
We study the following private data transfer problem: Alice has a database of
files. Bob and Cathy want to access a file each from this database (which may
or may not be the same file), but each of them wants to ensure that their
choices of file do not get revealed even if Alice colludes with the other user.
Alice, on the other hand, wants to make sure that each of Bob and Cathy does
not learn any more information from the database than the files they demand
(the identities of which will be unknown to her). Moreover, they should not
learn any information about the other files even if they collude.
It turns out that it is impossible to accomplish this if Alice, Bob, and
Cathy have access only to private randomness and noiseless communication links.
We consider this problem when a binary erasure broadcast channel with
independent erasures is available from Alice to Bob and Cathy in addition to a
noiseless public discussion channel. We study the
file-length-per-broadcast-channel-use rate in the honest-but-curious model. We
focus on the case when the database consists of two files, and obtain the
optimal rate. We then extend to the case of larger databases, and give upper
and lower bounds on the optimal rate.Comment: To be presented at IEEE International Symposium on Information Theory
(ISIT 2015), Hong Kon
XONN: XNOR-based Oblivious Deep Neural Network Inference
Advancements in deep learning enable cloud servers to provide
inference-as-a-service for clients. In this scenario, clients send their raw
data to the server to run the deep learning model and send back the results.
One standing challenge in this setting is to ensure the privacy of the clients'
sensitive data. Oblivious inference is the task of running the neural network
on the client's input without disclosing the input or the result to the server.
This paper introduces XONN, a novel end-to-end framework based on Yao's Garbled
Circuits (GC) protocol, that provides a paradigm shift in the conceptual and
practical realization of oblivious inference. In XONN, the costly
matrix-multiplication operations of the deep learning model are replaced with
XNOR operations that are essentially free in GC. We further provide a novel
algorithm that customizes the neural network such that the runtime of the GC
protocol is minimized without sacrificing the inference accuracy.
We design a user-friendly high-level API for XONN, allowing expression of the
deep learning model architecture in an unprecedented level of abstraction.
Extensive proof-of-concept evaluation on various neural network architectures
demonstrates that XONN outperforms prior art such as Gazelle (USENIX
Security'18) by up to 7x, MiniONN (ACM CCS'17) by 93x, and SecureML (IEEE
S&P'17) by 37x. State-of-the-art frameworks require one round of interaction
between the client and the server for each layer of the neural network,
whereas, XONN requires a constant round of interactions for any number of
layers in the model. XONN is first to perform oblivious inference on Fitnet
architectures with up to 21 layers, suggesting a new level of scalability
compared with state-of-the-art. Moreover, we evaluate XONN on four datasets to
perform privacy-preserving medical diagnosis.Comment: To appear in USENIX Security 201
Communication Complexity and Secure Function Evaluation
We suggest two new methodologies for the design of efficient secure
protocols, that differ with respect to their underlying computational models.
In one methodology we utilize the communication complexity tree (or branching
for f and transform it into a secure protocol. In other words, "any function f
that can be computed using communication complexity c can be can be computed
securely using communication complexity that is polynomial in c and a security
parameter". The second methodology uses the circuit computing f, enhanced with
look-up tables as its underlying computational model. It is possible to
simulate any RAM machine in this model with polylogarithmic blowup. Hence it is
possible to start with a computation of f on a RAM machine and transform it
into a secure protocol.
We show many applications of these new methodologies resulting in protocols
efficient either in communication or in computation. In particular, we
exemplify a protocol for the "millionaires problem", where two participants
want to compare their values but reveal no other information. Our protocol is
more efficient than previously known ones in either communication or
computation
- …