Unbalanced Private Set Intersection from Homomorphic Encryption and Nested Cuckoo Hashing

Private Set Intersection (PSI) is a well-studied secure two-party computation problem in which a client and a server want to compute the intersection of their input sets without revealing additional information to the other party. With this work, we present nested Cuckoo hashing, a novel hashing approach that can be combined with additively homomorphic encryption (AHE) to construct an efficient PSI protocol for unbalanced input sets. We formally prove the security of our protocol against semi-honest adversaries in the standard model. Our protocol yields client computation and communication complexity that is sublinear in the server’s set size and is thus of interest to clients with limited resources. The implementation and empirical evaluation of our protocol using the exponential ElGamal and BGV/BFV encryption schemes attests to state-of-the-art practical performance

Faster Malicious 2-party Secure Computation with Online/Ofine Dual Execution

We describe a highly optimized protocol for general-purpose secure two-party computation (2PC) in the presence of malicious adversaries. Our starting point is a protocol of Kolesnikov \etal (TCC 2015). We adapt that protocol to the online/offline setting, where two parties repeatedly evaluate the same function (on possibly different inputs each time) and perform as much of the computation as possible in an offline preprocessing phase before their inputs are known. Along the way we develop several significant simplifications and optimizations to the protocol. We have implemented a prototype of our protocol and report on its performance. When two parties on Amazon servers in the same region use our implementation to securely evaluate the AES circuit 1024 times, the amortized cost per evaluation is \emph{5.1ms offline + 1.3ms online}. The total offline+online cost of our protocol is in fact less than the \emph{online} cost of any reported protocol with malicious security. For comparison, our protocol\u27s closest competitor (Lindell \& Riva, CCS 2015) uses 74ms offline + 7ms online in an identical setup. Our protocol can be further tuned to trade performance for leakage. As an example, the performance in the above scenario improves to \emph{2.4ms offline + 1.0ms online} if we allow an adversary to learn a single bit about the honest party\u27s input with probability $2^{-20}$ (but not violate any other security property, e.g. correctness)

Going Beyond Dual Execution: MPC for Functions with Efficient Verification

The dual execution paradigm of Mohassel and Franklin (PKC\u2706) and Huang, Katz and Evans (IEEE \u2712) shows how to achieve the notion of 1-bit leakage security at roughly twice the cost of semi-honest security for the special case of two-party secure computation. To date, there are no multi-party computation (MPC) protocols that offer such a strong trade-off between security and semi-honest performance. Our main result is to address this shortcoming by designing 1-bit leakage protocols for the multi-party setting, albeit for a special class of functions. We say that function f(x,y) is efficiently verifiable by g if the running time of g is always smaller than f and g(x,y,z)=1 if and only if f(x,y)=z. In the two-party setting, we first improve dual execution by observing that the ``second execution\u27\u27 can be an evaluation of g instead of f, and that by definition, the evaluation of g is asymptotically more efficient. Our main MPC result is to construct a 1-bit leakage protocol for such functions from any passive protocol for f that is secure up to additive errors and any active protocol for g. An important result by Genkin et al. (STOC \u2714) shows how the classic protocols by Goldreich et al. (STOC \u2787) and Ben-Or et al. (STOC \u2788) naturally support this property, which allows to instantiate our compiler with two-party and multi-party protocols. A key technical result we prove is that the passive protocol for distributed garbling due to Beaver et al. (STOC \u2790) is in fact secure up to additive errors against malicious adversaries, thereby, yielding another powerful instantiation of our paradigm in the constant-round multi-party setting. As another concrete example of instantiating our approach, we present a novel protocol for computing perfect matching that is secure in the 1-bit leakage model and whose communication complexity is less than the honest-but-curious implementations of textbook algorithms for perfect matching

Platform Property Certificate for Property-Based Attestation Model

Trusted Computing Group (TCG) provides a group of prominent computer manufacturers to improve a new technology called Trusted Computing (TC) which can provide a basis to the highest security level in hardware and software. The goal of TCG is to provide a mechanism for security and integrity of computing platforms. Remote attestation is one of the TC aspects which is the method that a system uses to authenticate to a remote party or for a remote party to verify the authenticity of the application. Among other methods of attestation, binary attestation is the TCG standard approach. However, binary attestation mechanism still lacks in flexibility, privacy and scalability and to overcome these problems Property-based Attestation was introduced. Two important issues should be considered in this context: the content of the property and the protocol that we should choose. We proposed Platform Property Certificate based on the current certificates of a system (AIK and SSLcertificates), in our study as the model's property. At the same time, we propose a client-server attestation protocol that can apply this property by using an online Trusted Third Party to verify the trustworthiness of the certificates and measurements of the system. Performance evaluation method in this study is implementation with existing specification and hardware of TC and the criteria that are evaluated are privacy, flexibility and scalability that are compared in the proposed model with the TCG binary attestation model. Comparison and analysis are based on an implemented binary attestation model that are designed to have the same input and output format of our own proposed model to check the results. Results shows that our property is efficient in the case of accepting and rejecting valid and invalid input and our property-based protocol overcomes the deficiencies of lack of flexibility, privacy and scalability in binary attestation mechanism. Therefore the model and the property fulfill the requirements of property-based attestation

Programming support for an integrated multi-party computation and MapReduce infrastructure

We describe and present a prototype of a distributed computational infrastructure and associated high-level programming language that allow multiple parties to leverage their own computational resources capable of supporting MapReduce [1] operations in combination with multi-party computation (MPC). Our architecture allows a programmer to author and compile a protocol using a uniform collection of standard constructs, even when that protocol involves computations that take place locally within each participant’s MapReduce cluster as well as across all the participants using an MPC protocol. The highlevel programming language provided to the user is accompanied by static analysis algorithms that allow the programmer to reason about the efficiency of the protocol before compiling and running it. We present two example applications demonstrating how such an infrastructure can be employed.This work was supported in part by NSF Grants: #1430145, #1414119, #1347522, and #1012798

When private set intersection meets big data : an efficient and scalable protocol

Large scale data processing brings new challenges to the design of privacy-preserving protocols: how to meet the increasing requirements of speed and throughput of modern applications, and how to scale up smoothly when data being protected is big. Efficiency and scalability become critical criteria for privacy preserving protocols in the age of Big Data. In this paper, we present a new Private Set Intersection (PSI) protocol that is extremely efficient and highly scalable compared with existing protocols. The protocol is based on a novel approach that we call oblivious Bloom intersection. It has linear complexity and relies mostly on efficient symmetric key operations. It has high scalability due to the fact that most operations can be parallelized easily. The protocol has two versions: a basic protocol and an enhanced protocol, the security of the two variants is analyzed and proved in the semi-honest model and the malicious model respectively. A prototype of the basic protocol has been built. We report the result of performance evaluation and compare it against the two previously fastest PSI protocols. Our protocol is orders of magnitude faster than these two protocols. To compute the intersection of two million-element sets, our protocol needs only 41 seconds (80-bit security) and 339 seconds (256-bit security) on moderate hardware in parallel mode