24,879 research outputs found
Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values
Two-party secure function evaluation (SFE) has become significantly more
feasible, even on resource-constrained devices, because of advances in
server-aided computation systems. However, there are still bottlenecks,
particularly in the input validation stage of a computation. Moreover, SFE
research has not yet devoted sufficient attention to the important problem of
retaining state after a computation has been performed so that expensive
processing does not have to be repeated if a similar computation is done again.
This paper presents PartialGC, an SFE system that allows the reuse of encrypted
values generated during a garbled-circuit computation. We show that using
PartialGC can reduce computation time by as much as 96% and bandwidth by as
much as 98% in comparison with previous outsourcing schemes for secure
computation. We demonstrate the feasibility of our approach with two sets of
experiments, one in which the garbled circuit is evaluated on a mobile device
and one in which it is evaluated on a server. We also use PartialGC to build a
privacy-preserving "friend finder" application for Android. The reuse of
previous inputs to allow stateful evaluation represents a new way of looking at
SFE and further reduces computational barriers.Comment: 20 pages, shorter conference version published in Proceedings of the
2014 ACM SIGSAC Conference on Computer and Communications Security, Pages
582-596, ACM New York, NY, US
Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications
We present Chameleon, a novel hybrid (mixed-protocol) framework for secure
function evaluation (SFE) which enables two parties to jointly compute a
function without disclosing their private inputs. Chameleon combines the best
aspects of generic SFE protocols with the ones that are based upon additive
secret sharing. In particular, the framework performs linear operations in the
ring using additively secret shared values and nonlinear
operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson
protocol. Chameleon departs from the common assumption of additive or linear
secret sharing models where three or more parties need to communicate in the
online phase: the framework allows two parties with private inputs to
communicate in the online phase under the assumption of a third node generating
correlated randomness in an offline phase. Almost all of the heavy
cryptographic operations are precomputed in an offline phase which
substantially reduces the communication overhead. Chameleon is both scalable
and significantly more efficient than the ABY framework (NDSS'15) it is based
on. Our framework supports signed fixed-point numbers. In particular,
Chameleon's vector dot product of signed fixed-point numbers improves the
efficiency of mining and classification of encrypted data for algorithms based
upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer
convolutional deep neural network shows 133x and 4.2x faster executions than
Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively
ARM2GC: Succinct Garbled Processor for Secure Computation
We present ARM2GC, a novel secure computation framework based on Yao's
Garbled Circuit (GC) protocol and the ARM processor. It allows users to develop
privacy-preserving applications using standard high-level programming languages
(e.g., C) and compile them using off-the-shelf ARM compilers (e.g., gcc-arm).
The main enabler of this framework is the introduction of SkipGate, an
algorithm that dynamically omits the communication and encryption cost of the
gates whose outputs are independent of the private data. SkipGate greatly
enhances the performance of ARM2GC by omitting costs of the gates associated
with the instructions of the compiled binary, which is known by both parties
involved in the computation. Our evaluation on benchmark functions demonstrates
that ARM2GC not only outperforms the current GC frameworks that support
high-level languages, it also achieves efficiency comparable to the best prior
solutions based on hardware description languages. Moreover, in contrast to
previous high-level frameworks with domain-specific languages and customized
compilers, ARM2GC relies on standard ARM compiler which is rigorously verified
and supports programs written in the standard syntax.Comment: 13 page
Lying Your Way to Better Traffic Engineering
To optimize the flow of traffic in IP networks, operators do traffic
engineering (TE), i.e., tune routing-protocol parameters in response to traffic
demands. TE in IP networks typically involves configuring static link weights
and splitting traffic between the resulting shortest-paths via the
Equal-Cost-MultiPath (ECMP) mechanism. Unfortunately, ECMP is a notoriously
cumbersome and indirect means for optimizing traffic flow, often leading to
poor network performance. Also, obtaining accurate knowledge of traffic demands
as the input to TE is elusive, and traffic conditions can be highly variable,
further complicating TE. We leverage recently proposed schemes for increasing
ECMP's expressiveness via carefully disseminated bogus information ("lies") to
design COYOTE, a readily deployable TE scheme for robust and efficient network
utilization. COYOTE leverages new algorithmic ideas to configure (static)
traffic splitting ratios that are optimized with respect to all (even
adversarially chosen) traffic scenarios within the operator's "uncertainty
bounds". Our experimental analyses show that COYOTE significantly outperforms
today's prevalent TE schemes in a manner that is robust to traffic uncertainty
and variation. We discuss experiments with a prototype implementation of
COYOTE
Composable Security in the Bounded-Quantum-Storage Model
We present a simplified framework for proving sequential composability in the
quantum setting. In particular, we give a new, simulation-based, definition for
security in the bounded-quantum-storage model, and show that this definition
allows for sequential composition of protocols. Damgard et al. (FOCS '05,
CRYPTO '07) showed how to securely implement bit commitment and oblivious
transfer in the bounded-quantum-storage model, where the adversary is only
allowed to store a limited number of qubits. However, their security
definitions did only apply to the standalone setting, and it was not clear if
their protocols could be composed. Indeed, we first give a simple attack that
shows that these protocols are not composable without a small refinement of the
model. Finally, we prove the security of their randomized oblivious transfer
protocol in our refined model. Secure implementations of oblivious transfer and
bit commitment then follow easily by a (classical) reduction to randomized
oblivious transfer.Comment: 21 page
Pandora's Box Problem with Order Constraints
The Pandora's Box Problem, originally formalized by Weitzman in 1979, models
selection from set of random, alternative options, when evaluation is costly.
This includes, for example, the problem of hiring a skilled worker, where only
one hire can be made, but the evaluation of each candidate is an expensive
procedure. Weitzman showed that the Pandora's Box Problem admits an elegant,
simple solution, where the options are considered in decreasing order of
reservation value,i.e., the value that reduces to zero the expected marginal
gain for opening the box. We study for the first time this problem when order -
or precedence - constraints are imposed between the boxes. We show that,
despite the difficulty of defining reservation values for the boxes which take
into account both in-depth and in-breath exploration of the various options,
greedy optimal strategies exist and can be efficiently computed for tree-like
order constraints. We also prove that finding approximately optimal adaptive
search strategies is NP-hard when certain matroid constraints are used to
further restrict the set of boxes which may be opened, or when the order
constraints are given as reachability constraints on a DAG. We complement the
above result by giving approximate adaptive search strategies based on a
connection between optimal adaptive strategies and non-adaptive strategies with
bounded adaptivity gap for a carefully relaxed version of the problem
- …