Overlaying Circuit Clauses for Secure Computation

Given a set S = {C_1,...,C_k } of Boolean circuits, we show how to construct a universal for S circuit C_0, which is much smaller than Valiant’s universal circuit or a circuit incorporating all C_1,...,C_k. Namely, given C_1,...,C_k and viewing them as directed acyclic graphs (DAGs) D_1,...,D_k, we embed them in a new graph D_0. The embedding is such that a GC garbling of any of C_1,...,C_k could be implemented by a corresponding garbling of a circuit corresponding to D_0. We show how to improve Garbled Circuit (GC) and GMW-based secure function evaluation (SFE) of circuits with if/switch clauses using such S-universal circuit. The most interesting case here is the application to the GMW approach. We provide a novel observation that in GMW the cost of processing a gate is almost the same for 5 (or more) Boolean inputs, as it is for the usual case of 2 Boolean inputs. While we expect this observation to greatly improve general GMW-based computation, in our context this means that GMW gates can be programmed almost for free, based on the secret-shared programming of the clause. Our approach naturally and cheaply supports nested clauses. Our algorithm is a heuristic; we show that solving the circuit embedding problem is NP-hard. Our algorithms are in the semi-honest model and are compatible with Free-XOR. We report on experimental evaluations and discuss achieved performance in detail. For 32 diverse circuits in our experiment, our construction results 6.1x smaller circuit than prior techniques

There Is Always an Exception: Controlling Partial Information Leakage in Secure Computation

Private Function Evaluation (PFE) enables two parties to jointly execute a computation such that one of them provides the input while the other chooses the function to compute. According to the traditional security requirements, a PFE protocol should leak no more information, neither about the function nor the input, than what is revealed by the output of the computation. Existing PFE protocols inherently restrict the scope of computable functions to a certain function class with given output size, thus ruling out the direct evaluation of such problematic functions as the identity map, which would entirely undermine the input privacy requirement. We observe that when not only the input $x$ is confidential but certain partial information $g(x)$ of it as well, standard PFE fails to provide meaningful input privacy if $g$ and the function $f$ to be computed fall into the same function class. Our work investigates the question whether it is possible to achieve a reasonable level of input and function privacy simultaneously even in the above cases. We propose the notion of Controlled PFE (CPFE) with different flavours of security and answer the question affirmatively by showing simple, generic realizations of the new notions. Our main construction, based on functional encryption (FE), also enjoys strong reusability properties enabling, e.g. fast computation of the same function on different inputs. To demonstrate the applicability of our approach, we show a concrete instantiation of the FE-based protocol for inner product computation that enables secure statistical analysis (and more) under the standard Decisional Diffie--Hellman assumption

Embedded System Design

A unique feature of this open access textbook is to provide a comprehensive introduction to the fundamental knowledge in embedded systems, with applications in cyber-physical systems and the Internet of things. It starts with an introduction to the field and a survey of specification models and languages for embedded and cyber-physical systems. It provides a brief overview of hardware devices used for such systems and presents the essentials of system software for embedded systems, including real-time operating systems. The author also discusses evaluation and validation techniques for embedded systems and provides an overview of techniques for mapping applications to execution platforms, including multi-core platforms. Embedded systems have to operate under tight constraints and, hence, the book also contains a selected set of optimization techniques, including software optimization techniques. The book closes with a brief survey on testing. This fourth edition has been updated and revised to reflect new trends and technologies, such as the importance of cyber-physical systems (CPS) and the Internet of things (IoT), the evolution of single-core processors to multi-core processors, and the increased importance of energy efficiency and thermal issues

Improvements for Gate-Hiding Garbled Circuits

Garbled circuits have been highly optimized for practice over the last several years. Today\u27s most efficient constructions treat different types of gates (e.g., AND vs XOR) differently; as such, they leak the type of each gate. In many applications of garbled circuits, the circuit itself is public, so such leakage is tolerable. In other settings, however, it is desirable to hide the type of each gate. In this paper we consider optimizing garbled circuits for the gate-hiding case. We observe that the best state-of-the-art constructions support only a limited class of gate functions, which turns out to undermine their improvements in several settings. These state-of-the-art constructions also require a non-minimal hardness assumption. We introduce two new gate-hiding constructions of garbled circuits. Both constructions achieve the same communication complexity as the best state-of-the-art schemes, but support a more useful class of boolean gates and use only the minimal assumption of a secure PRF

Distributed Concurrent Persistent Languages: An Experimental Design and Implementation

A universal persistent object store is a logical space of persistent objects whose localities span over machines reachable over networks. It provides a conceptual framework in which, on one hand, the distribution of data is transparent to application programmers and, on the other, store semantics of conventional languages is preserved. This means the manipulation of persistent objects on remote machines is both syntactically and semantically the same as in the case of local data. Consequently, many aspects of distributed programming in which computation tasks cooperate over different processors and different stores can be addressed within the confines of persistent programming. The work reported in this thesis is a logical generalization of the notion of persistence in the context of distribution. The concept of a universal persistent store is founded upon a universal addressing mechanism which augments existing addressing mechanisms. The universal addressing mechanism is realized based upon remote pointers which although containing more locality information than ordinary pointers, do not require architectural changes. Moreover, these remote pointers are transparent to the programmers. A language, Distributed PS-algol, is designed to experiment with this idea. The novel features of the language include: lightweight processes with a flavour of distribution, mutexes as the store-based synchronization primitive, and a remote procedure call mechanism as the message-based interprocess communication mechanism. Furthermore, the advantages of shared store programming and network architecture are obtained with the introduction of the programming concept of locality in an unobtrusive manner. A characteristic of the underlying addressing mechanism is that data are never copied to satisfy remote demands except where efficiency can be attained without compromising the semantics of data. A remote store operation model is described to effect remote updates. It is argued that such a choice is the most natural given that remote store operations resemble remote procedure calls

Embedded System Design

A unique feature of this open access textbook is to provide a comprehensive introduction to the fundamental knowledge in embedded systems, with applications in cyber-physical systems and the Internet of things. It starts with an introduction to the field and a survey of specification models and languages for embedded and cyber-physical systems. It provides a brief overview of hardware devices used for such systems and presents the essentials of system software for embedded systems, including real-time operating systems. The author also discusses evaluation and validation techniques for embedded systems and provides an overview of techniques for mapping applications to execution platforms, including multi-core platforms. Embedded systems have to operate under tight constraints and, hence, the book also contains a selected set of optimization techniques, including software optimization techniques. The book closes with a brief survey on testing. This fourth edition has been updated and revised to reflect new trends and technologies, such as the importance of cyber-physical systems (CPS) and the Internet of things (IoT), the evolution of single-core processors to multi-core processors, and the increased importance of energy efficiency and thermal issues

Optimizing Secure Computation Programs with Private Conditionals

Secure multiparty computation platforms are often provided with a programming language that allows to write privacy-preserving applications without thinking of the underlying cryptography. The control flow of these programs is expensive to hide, hence they typically disallow branching on private values. The application programmers have to specify their programs in terms of allowed constructions, either using ad-hoc methods to avoid such branchings, or the general methodology of executing all branches and obliviously selecting the effects of one at the end. There may be compiler support for the latter. The execution of all branches introduces significant computational overhead. If the branches perform similar private operations, then it may make sense to compute repeating patterns only once, even though the necessary bookkeeping also has overheads. In this paper, we propose a program optimization doing exactly that, allowing the overhead of private conditionals to be reduced. The optimization is quite general, and can be applied to various privacy-preserving platforms

Tõhus peit- ja aktiivse ründaja vastu kaitstud turvaline ühisarvutus

Turvaline ühisarvutus on tänapäevase krüptograafia üks tähtsamaid kasutusviise, mis koondab elegantsed matemaatilised lahendused praktiliste rakenduste ehitamiseks, võimaldades mitmel erineval andmeomanikul sooritada oma andmetega suvalisi ühiseid arvutusi, ilma neid andmeid üksteisele avaldamata. Passiivse ründaja vastu turvalised protokollid eeldavad, et kõik osapooled käituvad ausalt. Aktiivse ründaja vastu turvalised protokollid ei lekita privaatseid andmeid sõltumata ründaja käitumisest. Käesolevas töös esitatakse üldine meetod, mis teisendab passiivse ründaja vastu turvalised ühisarvutusprotokollid turvaliseks aktiivse ründaja vastu. Meetod on optimeeritud kolme osapoolega arvutusteks üle algebraliste ringide; praktikas on see väga efektiivne mudel, mis teeb reaalse maailma rakendused teostatavateks. Meetod lisab esialgsele arvutusprotokollile täitmisjärgse verifitseerimisfaasi, mis muudab valesti käitunud osapooltel vahelejäämise vältimise tõenäosuse kaduvväikseks, säilitades esialgse protokolli turvagarantiid. Lisaks uurib käesolev töö rünnete uut eesmärki, mis seisneb mingi ausa osapoole vaate manipuleerimises sellisel viisil, et ta saaks midagi teada teise ausa osapoole privaatsete andmete kohta. Ründaja ise ei tarvitse seda infot üldse teada saada. Sellised ründed on olulised, sest need kohustavad ausat osapoolt tühjendama oma süsteemi teiste osapoolte andmetest, kuid see ülesanne võib olla päris mittetriviaalne. Eelnevalt pakutud verifitseerimismehhanisme täiendatakse nii, et privaatsed andmed oleksid kaitstud ka ausate osapoolte eest. Paljud ühisarvutusplatvormid on varustatud programmeerimiskeelega, mis võimaldab kirjutada privaatsust säilitavaid rakendusi ilma allolevale krüptograafiale mõtlemata. Juhul, kui programm sisaldab tingimuslauseid, kus arvutusharu valik sõltub privaatsetest andmetest, ei tohi ükski osapool haru valikust midagi teada, nii et üldjuhul peavad osapooled täitma kõik harud. Harude suure arvu kor-ral võib arvutuslik lisakulu olla ülisuur, sest enamik vahetulemustest visatakse ära. Käesolevas töös pakutakse selliseid lisakulusid vähendavat optimeerimist.Secure multiparty computation is one of the most important employments of modern cryptography, bringing together elegant mathematical solutions to build up useful practical applications. It allows several distinct data owners to perform arbitrary collaborative computation on their private data without leaking any information to each other. Passively secure protocols assume that all parties follow the protocol rules. Actively secure protocols do not leak private data regardless of the attacker’s behaviour. This thesis presents a generic method for turning passively secure multiparty protocols to actively secure ones. The method is optimized for three party computation over algebraic rings, which has proven to be quite an efficient model, making large real-world applications feasible. Our method adds to the protocol a post-execution verification phase that allows a misbehaving party to escape detection only with negligible probability. It preserves the privacy guarantees of the original protocol. In this thesis, we also study a new adversarial goal in multiparty protocols. The goal is to manipulate the view of some honest party in such a way, that this honest party learns the private data of some other honest party. The adversary itself might not learn this data at all. Such attacks are significant because they create a liability to the first honest party to clean its systems from the second honest party’s data, which may be a highly non-trivial task in practice. We check the security of our verification mechanism in this new model, and we propose some minor modifications that ensure data protection also from the honest parties. Many secure multiparty computation platforms come with a programming language that allows the developer to write privacy-preserving applications without thinking of the underlying cryptography. If a program contains conditional statements where the choice of the computational branch depends on private data, then no party should know which branch has been executed, so in general the parties need to execute all of them. If the number of branches is large, the computational overhead may be enormous, as most of the intermediate results are just discarded. In this thesis, we propose an automatic optimization that reduces this overhead

Robust network design under polyhedral traffic uncertainty

Ankara : The Department of Industrial Engineering and The Institute of Engineering and Science of Bilkent Univ., 2007.Thesis (Ph.D.) -- Bilkent University, 2007.Includes bibliographical references leaves 160-166.In this thesis, we study the design of networks robust to changes in demand estimates. We consider the case where the set of feasible demands is defined by an arbitrary polyhedron. Our motivation is to determine link capacity or routing configurations, which remain feasible for any realization in the corresponding demand polyhedron. We consider three well-known problems under polyhedral demand uncertainty all of which are posed as semi-infinite mixed integer programming problems. We develop explicit, compact formulations for all three problems as well as alternative formulations and exact solution methods. The first problem arises in the Virtual Private Network (VPN) design field. We present compact linear mixed-integer programming formulations for the problem with the classical hose traffic model and for a new, less conservative, robust variant relying on accessible traffic statistics. Although we can solve these formulations for medium-to-large instances in reasonable times using off-the-shelf MIP solvers, we develop a combined branch-and-price and cutting plane algorithm to handle larger instances. We also provide an extensive discussion of our numerical results. Next, we study the Open Shortest Path First (OSPF) routing enhanced with traffic engineering tools under general demand uncertainty with the motivation to discuss if OSPF could be made comparable to the general unconstrained routing (MPLS) when it is provided with a less restrictive operating environment. To the best of our knowledge, these two routing mechanisms are compared for the first time under such a general setting. We provide compact formulations for both routing types and show that MPLS routing for polyhedral demands can be computed in polynomial time. Moreover, we present a specialized branchand-price algorithm strengthened with the inclusion of cuts as an exact solution tool. Subsequently, we compare the new and more flexible OSPF routing with MPLS as well as the traditional OSPF on several network instances. We observe that the management tools we use in OSPF make it significantly better than the generic OSPF. Moreover, we show that OSPF performance can get closer to that of MPLS in some cases. Finally, we consider the Network Loading Problem (NLP) under a polyhedral uncertainty description of traffic demands. After giving a compact multicommodity formulation of the problem, we prove an unexpected decomposition property obtained from projecting out the flow variables, considerably simplifying the resulting polyhedral analysis and computations by doing away with metric inequalities, an attendant feature of most successful algorithms on NLP. Under the hose model of feasible demands, we study the polyhedral aspects of NLP, used as the basis of an efficient branch-and-cut algorithm supported by a simple heuristic for generating upper bounds. We provide the results of extensive computational experiments on well-known network design instances.Altın, AyşegülPh.D

Ground fault current: Calculation of magnitude and its distribution in the neutral and ground paths

This thesis focuses on the ground fault current distribution and presents a method that enables a high accuracy in its calculation: starting from the model based on multi-conductor representation developed in Matlab, simulations are carried out to analyse which parameters influence the current distribution. These simulations, applied even on the portion of a real network, are also carried out on the commercial software Neplan and OpenDSS to validate the model