131,800 research outputs found
Composable security of delegated quantum computation
Delegating difficult computations to remote large computation facilities,
with appropriate security guarantees, is a possible solution for the
ever-growing needs of personal computing power. For delegated computation
protocols to be usable in a larger context---or simply to securely run two
protocols in parallel---the security definitions need to be composable. Here,
we define composable security for delegated quantum computation. We distinguish
between protocols which provide only blindness---the computation is hidden from
the server---and those that are also verifiable---the client can check that it
has received the correct result. We show that the composable security
definition capturing both these notions can be reduced to a combination of
several distinct "trace-distance-type" criteria---which are, individually,
non-composable security definitions.
Additionally, we study the security of some known delegated quantum
computation protocols, including Broadbent, Fitzsimons and Kashefi's Universal
Blind Quantum Computation protocol. Even though these protocols were originally
proposed with insufficient security criteria, they turn out to still be secure
given the stronger composable definitions.Comment: 37+9 pages, 13 figures. v3: minor changes, new references. v2:
extended the reduction between composable and local security to include
entangled inputs, substantially rewritten the introduction to the Abstract
Cryptography (AC) framewor
ARM2GC: Succinct Garbled Processor for Secure Computation
We present ARM2GC, a novel secure computation framework based on Yao's
Garbled Circuit (GC) protocol and the ARM processor. It allows users to develop
privacy-preserving applications using standard high-level programming languages
(e.g., C) and compile them using off-the-shelf ARM compilers (e.g., gcc-arm).
The main enabler of this framework is the introduction of SkipGate, an
algorithm that dynamically omits the communication and encryption cost of the
gates whose outputs are independent of the private data. SkipGate greatly
enhances the performance of ARM2GC by omitting costs of the gates associated
with the instructions of the compiled binary, which is known by both parties
involved in the computation. Our evaluation on benchmark functions demonstrates
that ARM2GC not only outperforms the current GC frameworks that support
high-level languages, it also achieves efficiency comparable to the best prior
solutions based on hardware description languages. Moreover, in contrast to
previous high-level frameworks with domain-specific languages and customized
compilers, ARM2GC relies on standard ARM compiler which is rigorously verified
and supports programs written in the standard syntax.Comment: 13 page
Bit Commitment from Non-Signaling Correlations
Central cryptographic functionalities such as encryption, authentication, or
secure two-party computation cannot be realized in an information-theoretically
secure way from scratch. This serves as a motivation to study what (possibly
weak) primitives they can be based on. We consider as such starting points
general two-party input-output systems that do not allow for message
transmission, and show that they can be used for realizing unconditionally
secure bit commitment as soon as they are non-trivial, i.e., cannot be securely
realized from distributed randomness only.Comment: New title. Changes in the introduction and the preliminarie
An Introduction to Secret-Sharing-Based Secure Multiparty Computation
This text serves as a general guide to secure multiparty computation based on secret-sharing, focusing more on practical aspects of the techniques and constructions rather than their theoretical grounds. It is intended to serve as an introductory reference text for readers interested in the area, assuming essentially no background in these topics.
This work in progress currently includes an introduction to several core concepts in secure multiparty computation, an overview of simulation-based security, and detailed constructions for honest and two-thirds honest majority MPC, and also dishonest majority in the preprocessing model
Programmeerimiskeeled turvalise ühisarvutuse rakenduste arendamiseks
Turvaline ühisarvutus on tehnoloogia, mis lubab mitmel sõltumatul osapoolel oma andmeid koos töödelda neis olevaid saladusi avalikustamata. Kui andmed on esitatud krüpteeritud kujul, tähendab see, et neid ei dekrüpteerita arvutuse käigus kordagi.
Turvalise ühisarvutuse teoreetilised konstruktsioonid on teada olnud juba alates kaheksakümnendatest, kuid esimesed praktilised teostused ja rakendused, mis päris andmeid töötlesid, ilmusid alles natuke enam kui kümme aastat tagasi. Nüüdseks on turvalist ühisarvutust kasutatud mitmes praktilises rakenduses ning sellest on kujunenud oluline andmekaitsetehnoloogia.
Turvalise ühisarvutuse rakenduste arendamine on keerukas. Vahendid, mis aitavad kaasa arendusprotsessile, on veel väga uued, ning raamistikud on sageli liiga aeglased praktiliste rakenduste jaoks. Rakendusi on endiselt võimelised arendama ainult krüptograafiaeksperdid.
Käesoleva töö eesmärk on teha turvalise ühisarvutuse raamistikke paremaks ning muuta ühisarvutusrakenduste arendamist kergemaks. Väidame, et valdkon- naspetsiifiliste programmeerimiskeelte kasutamine võimaldab turvalise ühisarvu- tuse rakenduste ja raamistike ehitamist, mis on samaaegselt lihtsasti kasutatavad, hea jõudlusega, hooldatavad, usaldusväärsed ja võimelised suuri andmemahtusid töötlema.
Peamise tulemusena esitleme kahte uut programmeerimiskeelt, mis on mõeldud turvalise ühisarvutuse jaoks. SecreC 2 on mõeldud turvalise ühisarvutuse rakendus- te arendamise lihtsustamiseks ja aitab kaasa sellele, et rakendused oleks turvalised ja efektiivsed. Teine keel on loodud turvalise ühisarvutuse protokollide arenda- miseks ning selle eesmärk on turvalise ühisarvutuse raamistikke paremaks muuta. Protokollide keel teeb raamistikke kiiremaks ja usaldusväärsemaks ning lihtsustab protokollide arendamist ja haldamist. Kirjeldame mõlemad keeled nii formaalselt kui mitteformaalselt. Näitame, kuidas mitmed rakendused ja prototüübid saavad neist keeltest kasu.Secure multi-party computation is a technology that allows several independent parties to cooperatively process their private data without revealing any secrets. If private inputs are given in encrypted form then the results will also be encrypted, and at no stage during processing are values ever decrypted.
As a theoretical concept, the technology has been around since the 1980s, but the first practical implementations arose a bit more than a decade ago. Since then, secure multi-party computation has been used in practical applications, and has been established as an important method of data protection.
Developing applications that use secure multi-party computation is challenging. The tools that help with development are still very young and the frameworks are often too slow for practical applications. Currently only experts in cryptography are able to develop secure multi-party applications.
In this thesis we look how to improve secure multy-party computation frame- works and make the applications easier to develop. We claim that domain-specific programming languages enable to build secure multi-party applications and frame- works that are at the same time usable, efficient, maintainable, trustworthy, and practically scalable.
The contribution of this thesis is the introduction of two new programming languages for secure multi-party computation. The SecreC 2 language makes secure multi-party computation application development easier, ensuring that the applications are secure and enabling them to be efficient. The second language is for developing low-level secure computation protocols. This language was created for improving secure multi-party computation frameworks. It makes the frameworks faster and more trustworthy, and protocols easier to develop and maintain. We give give both a formal and an informal overview of the two languages and see how they benefit multi-party applications and prototypes
분산 컴퓨팅과 캐시를 접목한 정보 검색에서의 보안 및 프라이버시
학위논문(박사)--서울대학교 대학원 :공과대학 전기·정보공학부,2020. 2. 이정우.많은 양의 데이터 저장이나 데이터 계산을 위해서는 분산 시스템이 필수적이다. 이러한 분산 시스템의 데이터 저장과 계산의 효율의 높이는 반면, 데이터의 보안과 프라이버시에 대한 위험도 증가시킨다. 본 논문에서는 데이터 저장과 데이터 계산을 위한 분산 시스템에서 데이터에 대한 보안과 프라이버시를 고려한다. 특히, 이러한 시스템에 대하여 보안과 프라이버시를 보장하는 부호화 기법을 제안한다.
우선, 유저가 사전에 캐시에 일정량의 데이터를 저장하고 있는 cache-aided PIR을 제안한다. 제안하는 기법은 기존 PIR 문제의 최적 기법을 기반으로 한다. 제안하는 기법에서, 캐시에 저장된 데이터는 부가정보로 이용되며, 이는 캐시가 없을 때 대비 다운로드양의 감소로 이어진다.
두 번째로, 부호화된 분산 컴퓨팅 시스템에서 마스터의 프라이버시를 고려한다. 이 시스템에서 워커들과 마스터는 각각 고유한 데이터를 가지며, 워커들의 데이터는 라이브러리 형태로 이루어진다. 마스터는 자신의 데이터와 데이터 라이브러리 내 특정 데이터의 함수를 계산해야 한다. 이 때 마스터의 프라이버시는 워커들이 마스터가 라이브러리 안의 어떤 데이터를 원하는지 모르는 것을 뜻한다. 이러한 시스템을 private coded computation이라 하며, 제안하는 기법을 private polynomial codes라 한다. 제안하는 기법에서는 기존의 polynomial codes에서는 고려되지 않았던 비동기적 기법이 도입된다. 이로 인하여 제안하는 기법은 변형된 최적의 RPIR 기법대비 더 빠른 계산시간을 달성한다.
끝으로, 부호화된 분산 컴퓨팅 시스템에서 마스터의 프라이버시와 데이터 보안을 동시에 고려한다. 데이터 보안은 마스터의 고유한 데이터를 워커들로부터 보호하는 것을 의미한다. 이러한 시스템을 private secure coded computation이라 하며, 제안하는 기법을 private secure polynomial codes라 한다. Private polynomial codes를 변형하여 private secure polynomial codes와 private polynomial codes를 계산시간과 통신량 측면에서 비교한다. 그 결과, 같은 양의 통신량에 대하여, private secure polynomial codes가 더 빠른 계산 시간을 달성한다.As a major format of data changes from the text to the videos, the amount of memory for storing data increases exponentially, as well as the amount of computation for handling the data. As a result, to alleviate these burdens of storage and computations, the distributed systems are actively studied. Meanwhile, since low latency is one of the main objectives in 5G communications, recent techniques such as edge computing or federated learning in machine learning become important. Since the decentralized systems are fundamental characteristics of these techniques, the distributed systems which include the decentralized systems also become important.
In this dissertation, I consider the distributed systems for storage and computation. For the data storage, large-scale data centers collectively store a library of files where the size of each file is tremendous. When a user needs a specific file, it can be downloaded from distributed data centers. In this system, minimizing the amount of download is a significant concern. The user's privacy in this system implies that the user should conceal the index of its desired file against the databases. This kind of problem is referred to as private information retrieval (PIR) problem. The goal of PIR problem is to minimize the amount of download from the databases while ensuring the user's privacy.
Meanwhile, for a large amount of computation, the user can divide the whole computation into sub-computations and distribute them to external workers who constitute a distributed system. There can be three cases for the computation. Firstly, the user may own all of the data to be computed and sends both of its data and instructions for the computation to the workers. Secondly, the workers collectively own all of the data and the user just sends instructions for the data selection and computation to the workers. Thirdly, the user and the workers have their own data respectively and the user sends the data and instructions for the data selection and computation to the workers. Since some of the workers can be slow for various reasons, the user may use a coding technique, e.g., an erasure code, to avoid the delaying effect caused by the slow workers.
This kind of technique is referred to as coded computation. In these systems, speeding up the computation process is a significant concern. In this dissertation, I focus on the third system. In the considered system, the privacy is similar to that of distributed systems for storage. On the other hand, the security implies that the user should conceal the content of its own data against the workers so that the workers do not have any information about the user's own data.
In this dissertation, I consider the user's privacy in distributed systems for storage, and both of the privacy and security in distributed systems for the computation. In case of the distributed systems for storage, since the user does not have its own data, the data security on the user's data cannot be considered. Particularly, I propose some achievable schemes that ensure the privacy and security in these systems.
To begin with, as a new variation of PIR problem, I consider a user's cache that has some pre-stored data of databases' library. I refer to this problem as cache-aided PIR problem. By introducing the user's cache in the PIR problem, the amount of download from the databases is significantly reduced. The achievable scheme is based on the optimal scheme for conventional PIR problem. In the achievable scheme, the pre-store cache was exploited as an side information, which reduces the amount of download, compared to the PIR problem without cache.
Secondly, I consider the master's privacy in coded computation. In the system model, the workers have their own data, as well as the master. The workers' data constitutes a library of several files. The master should compute a function of its own data and a specific file in the library. The master's privacy implies that the workers' should not know which file in the library is desired by the user. I refer to this problem as private coded computation and propose an achievable scheme of private coded computation, namely private polynomial codes. The private polynomial codes are based on the polynomial codes which were proposed in the conventional coded computation system. In the achievable scheme, the workers are grouped for the privacy and asynchronous scheme is considered, which was not considered in the conventional polynomial codes. Due to the asynchronous scheme, the proposed scheme achieves the faster computation time, compared to the modified optimal RPIR scheme.
Lastly, I consider the data security in coded computation, as well as the master's privacy.
The system model is similar to that of private coded computation. The data security implies that the master should protect its own data against the workers. I refer to this problem as private secure coded computation and propose an achievable scheme, namely private secure polynomial codes. The private secure polynomial codes are based on the polynomial codes which were proposed in the conventional coded computation system. By modifying the private polynomial codes, the private secure polynomial codes and private secure polynomial codes are compared in terms of computation time and communication load. As a result, the private secure polynomial codes achieves faster computation time for the same communication load.1. Introduction 1
1.1 Related work 3
1.1.1 Private information retrieval 3
1.1.2 Coded computation 4
1.2 Contributions and Organization 5
2. Cache-aided Private Information Retrieval 8
2.1 Introduction 8
2.2 System model 9
2.3 Main results : 12
2.4 Achievable scheme 17
2.4.1 Cacheless phase 17
2.4.2 Cache-assisted phase 21
2.4.3 Cache-aided PIR 24
2.5 Tightness of achievable scheme 29
2.6 Conclusions and follow-up works 30
3. Private Coded Computation 32
3.1 Introduction 32
3.2 System model 37
3.3 Main results 41
3.4 Private polynomial codes 42
3.4.1 First example 42
3.4.2 Second example 48
3.4.3 General description 52
3.4.4 Privacy proof 56
3.4.5 Performance analysis 59
3.4.6 Special cases 61
3.5 Simulation results 62
3.5.1 Computation time 62
3.5.2 Communication load 68
3.6 Conclusion 69
4. Private Secure Coded Computation 71
4.1 Introduction 71
4.2 Main results 75
4.3 Private secure polynomial codes 76
4.3.1 Illustrative example 76
4.3.2 General description 80
4.3.3 Performance analysis 83
4.3.4 Privacy and security proof 84
4.4 Simulation results 85
4.4.1 Computation time 86
4.4.2 Communication load 90
4.5 Conclusion 91
5 Conclusion 93
5.1 Summary 93
5.2 Future directions 94
국문초록 105
Acknowledgement 107Docto
Efficient secure comparison in the dishonest majority model
Secure comparison (SC) is an essential primitive in Secure Multiparty Computation (SMC) and a fundamental building block in Privacy-Preserving Data Analytics (PPDA). Although secure comparison has been studied since the introduction of SMC in the early 80s and many protocols have been proposed, there is still room for improvement, especially providing security against malicious adversaries who form the majority among the participating parties. It is not hard to develop an SC protocol secure against malicious majority based on the current state-of-the-art SPDZ framework. SPDZ is designed to work for arbitrary polynomially-bounded functionalities; it may not provide the most efficient SMC implementation for a specific task, such as SC. In this thesis, we propose a novel and efficient compiler specifically designed to convert most existing SC protocols with semi-honest security into the ones secure against the dishonest majority (malicious majority). We analyze the security of the proposed solutions using the real-ideal paradigm. Moreover, we provide computation and communication complexity analysis. Comparing to the current state-of-the-art SC protocols Rabbit and edaBits, our design offers significant performance gain. The empirical results show that the proposed solution is at least 5 and 10 times more efficient than Rabbit in run-time and communication cost respectively.Includes bibliographical references
JUBILEE: Secure Debt Relief and Forgiveness
JUBILEE is a securely computed mechanism for debt relief and forgiveness in a frictionless manner without involving trusted third parties, leading to more harmonious debt settlements by incentivising the parties to truthfully reveal their private information. JUBILEE improves over all previous methods:
- individually rational, incentive-compatible, truthful/strategy-proof, ex-post efficient, optimal mechanism for debt relief and forgiveness with private information
- by the novel introduction of secure computation techniques to debt relief, the “blessing of the debtor ” is hereby granted for the first time: debt settlements with higher expected profits and a higher probability of success than without using secure computation
A simple and practical implementation is included for “The Secure Spreadsheet”.
Another implementation is realised using Raziel smart contracts on a blockchain with Pravuil consensus
On the Explanation and Implementation of Three Open-Source Fully Homomorphic Encryption Libraries
While fully homomorphic encryption (FHE) is a fairly new realm of cryptography, it has shown to be a promising mode of information protection as it allows arbitrary computations on encrypted data. The development of a practical FHE scheme would enable the development of secure cloud computation over sensitive data, which is a much-needed technology in today\u27s trend of outsourced computation and storage. The first FHE scheme was proposed by Craig Gentry in 2009, and although it was not a practical implementation, his scheme laid the groundwork for many schemes that exist today. One main focus in FHE research is the creation of a library that allows users without much knowledge of the complexities of FHE to use the technology securely. In this paper, we will present the concepts behind FHE, together with the introduction of three open-source FHE libraries, in order to bring better understanding to how the libraries function
- …