39,632 research outputs found
Degree 2 is Complete for the Round-Complexity of Malicious MPC
We show, via a non-interactive reduction, that the existence of a secure multi-party computation (MPC) protocol for degree- functions implies the existence of a protocol with the same round complexity for general functions. Thus showing that when considering the round complexity of MPC, it is sufficient to consider very simple functions.
Our completeness theorem applies in various settings: information theoretic and computational, fully malicious and malicious with various types of aborts. In fact, we give a master theorem from which all individual settings follow as direct corollaries. Our basic transformation does not require any additional assumptions and incurs communication and computation blow-up which is polynomial in the number of players and in , where are the circuit size and depth of the function to be computed. Using one-way functions as an additional assumption, the exponential dependence on the depth can be removed.
As a consequence, we are able to push the envelope on the state of the art in various settings of MPC, including the following cases.
* -round perfectly-secure protocol (with guaranteed output delivery) against an active adversary that corrupts less than a quarter of the parties.
* -round statistically-secure protocol that achieves security with ``selective abort\u27\u27 against an active adversary that corrupts less than half of the parties.
* Assuming one-way functions, -round computationally-secure protocol that achieves security with (standard) abort against an active adversary that corrupts less than half of the parties. This gives a new and conceptually simpler proof to the recent result of Ananth et al. (Crypto 2018).
Technically, our non-interactive reduction draws from the encoding method of Applebaum, Brakerski and Tsabary (TCC 2018). We extend these methods to ones that can be meaningfully analyzed even in the presence of malicious adversaries
Secure Non-interactive Simulation: Feasibility & Rate
A natural solution to increase the efficiency of secure computation will be to non-interactively and securely transform diverse inexpensive-to-generate correlated randomness, like, joint samples from noise sources, into correlations useful for the secure computation while incurring low computational overhead.
Motivated by this general application for secure computation, our work introduces the notion of \textit{secure non-interactive simulation} (SNIS).
Parties receive samples of correlated randomness, and they, without any interaction, securely convert them into samples from another correlated randomness.
SNIS is an extension of \textit{non-interactive simulation of joint distributions} (NIS), and \textit{non-interactive correlation distillation} (NICD) to the cryptographic context.
It is a non-interactive version of \textit{one-way secure computation} (OWSC). Our work presents a simulation-based security definition for SNIS and initiates the study of the feasibility and efficiency of SNIS.
We also study SNIS among fundamental correlated randomnesses like random samples from the binary symmetric and binary erasure channels, represented by BSS and BES, respectively.
The impossibility of realizing a BES sample from BSS samples in NIS and OWSC extends to SNIS.
Additionally, we prove that a SNIS of BSS sample from BES samples is impossible, which remains an open problem in NIS and OWSC.
Next, we prove that a SNIS of a BES sample (a BES with noise characteristic ) from BES is feasible if and only if , for some .
In this context, we prove that all SNIS constructions must be linear.
Furthermore, if , then the rate of simulating multiple independent BES samples is at most , which is also achievable using (block) linear constructions.
Finally, we show that a SNIS of a BSS sample from BSS samples is feasible if and only if , for some .
Interestingly, there are linear as well as non-linear SNIS constructions.
When , we prove that the rate of a \textit{perfectly secure} SNIS is at most , which is achievable using linear and non-linear constructions.
Our results leave open the fascinating problem of determining the rate of \textit{statistically secure} SNIS among BSS samples.
Our technical approach algebraizes the definition of SNIS and proceeds via Fourier analysis. Our work develops general analysis methodologies for Boolean functions, explicitly incorporating cryptographic security constraints.
Our work also proves strong forms of \textit{statistical-to-perfect security} transformations: one can error-correct a statistically secure SNIS to make it perfectly secure.
We show a connection of our research with \textit{homogeneous Boolean functions} and \textit{distance-invariant codes}, which may be of independent interest
Separating Two-Round Secure Computation From Oblivious Transfer
We consider the question of minimizing the round complexity of protocols for secure multiparty computation (MPC) with security against an arbitrary number of semi-honest parties. Very recently, Garg and Srinivasan (Eurocrypt 2018) and Benhamouda and Lin (Eurocrypt 2018) constructed such 2-round MPC protocols from minimal assumptions. This was done by showing a round preserving reduction to the task of secure 2-party computation of the oblivious transfer functionality (OT). These constructions made a novel non-black-box use of the underlying OT protocol. The question remained whether this can be done by only making black-box use of 2-round OT. This is of theoretical and potentially also practical value as black-box use of primitives tends to lead to more efficient constructions.
Our main result proves that such a black-box construction is impossible, namely that non-black-box use of OT is necessary. As a corollary, a similar separation holds when starting with any 2-party functionality other than OT.
As a secondary contribution, we prove several additional results that further clarify the landscape of black-box MPC with minimal interaction. In particular, we complement the separation from 2-party functionalities by presenting a complete 4-party functionality, give evidence for the difficulty of ruling out a complete 3-party functionality and for the difficulty of ruling out black-box constructions of 3-round MPC from 2-round OT, and separate a relaxed "non-compact" variant of 2-party homomorphic secret sharing from 2-round OT
Delegating Quantum Computation in the Quantum Random Oracle Model
A delegation scheme allows a computationally weak client to use a server's
resources to help it evaluate a complex circuit without leaking any information
about the input (other than its length) to the server. In this paper, we
consider delegation schemes for quantum circuits, where we try to minimize the
quantum operations needed by the client. We construct a new scheme for
delegating a large circuit family, which we call "C+P circuits". "C+P" circuits
are the circuits composed of Toffoli gates and diagonal gates. Our scheme is
non-interactive, requires very little quantum computation from the client
(proportional to input length but independent of the circuit size), and can be
proved secure in the quantum random oracle model, without relying on additional
assumptions, such as the existence of fully homomorphic encryption. In practice
the random oracle can be replaced by an appropriate hash function or block
cipher, for example, SHA-3, AES.
This protocol allows a client to delegate the most expensive part of some
quantum algorithms, for example, Shor's algorithm. The previous protocols that
are powerful enough to delegate Shor's algorithm require either many rounds of
interactions or the existence of FHE. The protocol requires asymptotically
fewer quantum gates on the client side compared to running Shor's algorithm
locally.
To hide the inputs, our scheme uses an encoding that maps one input qubit to
multiple qubits. We then provide a novel generalization of classical garbled
circuits ("reversible garbled circuits") to allow the computation of Toffoli
circuits on this encoding. We also give a technique that can support the
computation of phase gates on this encoding.
To prove the security of this protocol, we study key dependent message(KDM)
security in the quantum random oracle model. KDM security was not previously
studied in quantum settings.Comment: 41 pages, 1 figures. Update to be consistent with the proceeding
versio
Ad Hoc PSM Protocols: Secure Computation Without Coordination
We study the notion of {\em ad hoc secure computation}, recently introduced by Beimel et al. (ITCS 2016),
in the context of the {\em Private Simultaneous Messages} (PSM) model of Feige et al.\ (STOC 2004).
In ad hoc secure computation we have parties that may potentially participate in a protocol but, at the actual time of execution, only of them, whose identity is {\em not} known in advance, actually participate. This situation is particularly challenging in the PSM setting, where protocols are non-interactive (a single message from each participating party to a special output party) and where the parties rely on pre-distributed, correlated randomness (that in the ad-hoc setting will have to take into account all possible sets of participants).
We present several different constructions of \apsm\ protocols from standard PSM protocols. These constructions imply, in particular, that efficient information-theoretic \apsm\ protocols exist for NC1 and different classes of log-space computation, and efficient computationally-secure \apsm\ protocols for polynomial-time computable functions can be based on a one-way function. As an application, we obtain an information-theoretic implementation of {\em order-revealing encryption} whose security holds for two messages.
We also consider the case where the actual number of participating parties may be larger than the minimal for which the protocol is designed to work. In this case, it is unavoidable that the output party learns the output corresponding to each subset of out of the participants. Therefore, a ``best possible security\u27\u27 notion, requiring that this will be the {\em only} information that the output party learns, is needed. We present connections between this notion and the previously studied notion of {\em -robust PSM} (also known as ``non-interactive MPC\u27\u27).
We show that constructions in this setting for even simple functions (like AND or threshold) can be translated into non-trivial instances of program obfuscation (such as {\em point function obfuscation} and {\em fuzzy point function obfuscation}, respectively). We view these results as a negative indication that protocols with ``best possible security\u27\u27 are impossible to realize efficiently in the information-theoretic setting or require strong assumptions in the computational setting
Scalable and Secure Aggregation in Distributed Networks
We consider the problem of computing an aggregation function in a
\emph{secure} and \emph{scalable} way. Whereas previous distributed solutions
with similar security guarantees have a communication cost of , we
present a distributed protocol that requires only a communication complexity of
, which we prove is near-optimal. Our protocol ensures perfect
security against a computationally-bounded adversary, tolerates
malicious nodes for any constant (not
depending on ), and outputs the exact value of the aggregated function with
high probability
Enabling Interactive Analytics of Secure Data using Cloud Kotta
Research, especially in the social sciences and humanities, is increasingly
reliant on the application of data science methods to analyze large amounts of
(often private) data. Secure data enclaves provide a solution for managing and
analyzing private data. However, such enclaves do not readily support discovery
science---a form of exploratory or interactive analysis by which researchers
execute a range of (sometimes large) analyses in an iterative and collaborative
manner. The batch computing model offered by many data enclaves is well suited
to executing large compute tasks; however it is far from ideal for day-to-day
discovery science. As researchers must submit jobs to queues and wait for
results, the high latencies inherent in queue-based, batch computing systems
hinder interactive analysis. In this paper we describe how we have augmented
the Cloud Kotta secure data enclave to support collaborative and interactive
analysis of sensitive data. Our model uses Jupyter notebooks as a flexible
analysis environment and Python language constructs to support the execution of
arbitrary functions on private data within this secure framework.Comment: To appear in Proceedings of Workshop on Scientific Cloud Computing,
Washington, DC USA, June 2017 (ScienceCloud 2017), 7 page
- âŠ