Information-Theoretic Secure Outsourced Computation in Distributed Systems

Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir\u27s secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design

Cryptographic Shuffles and Their Applications

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2012. 8. 천정희.For anonymization purposes, one can use a mix-net. A mix-net is a multi-party protocol to shuffle elements so that neither of the parties knows the permutation linking the input and output. One way to construct a mix-net is to let a set of mixers, so called mix-servers, take turns in permuting and re-encrypting or decrypting the inputs. If at least one of the mixers is honest, the input data and the output data can no longer be linked. In this role, shuffling constitutes an important building block in anonymization protocols and voting schemes. The problem is that the standard shuffle requires anyone who shuffles the input messages to keep his random permutation and randomizers secret. The assumption of a party keeping the secret information may be in some ways quite strong. Secondly, for this anonymization guarantee to hold we do need to ensure that all mixers act according to the protocol. In general, zero-knowledge proofs (ZKPs) are used for this purpose. However, ZKPs requires the expensive cost in the light of computation and communication. In TCC 2007, Adida and Wikstr\"{o}m proposed a novel approach to shuffle, called a public shuffle, in which a shuffler can perform shuffle publicly without needing information kept secret. Their scheme uses an encrypted permutation matrix to shuffle ciphertexts publicly. This approach significantly reduces the cost of constructing a mix-net to verifiable joint decryption. Though their method is successful in making shuffle to be a public operation, their scheme still requires that some trusted parties should choose a permutation to be encrypted and construct zero-knowledge proofs on the well-formedness of this permutation. In this dissertation, we study a method to construct a public shuffle without relying on permutations generated privately: Given an $n$-tuple of ciphertext $(c_1,\dots,c_n)$, our shuffle algorithm computes $f_i(c_1,\dots,c_n)$ for $i=1,\dots,\ell$ where each $f_i(x_1,\dots,x_n)$ is a symmetric polynomial in $x_1,\dots,x_n$. Depending on the symmetric polynomials we use, we propose two concrete constructions. One is to use ring homomorphic encryption with a constant ciphertext complexity and the other is to use simple ElGamal encryption with a linear ciphertext complexity in the number of users. Both constructions are free of zero-knowledge proofs and publicly verifiable.Abstract i 1 Introduction 1 1.1 ABriefHistoryofShuffles .................... 1 1.2 WhyShufflinginPublicHard?.................. 2 1.3 CryptographicShuffleSchemes.................. 4 1.4 ContributionsofThisWork ................... 6 1.4.1 OurDefinitionalApproach................ 6 1.4.2 OurConstructions .................... 6 1.5 Organization ........................... 8 2 Preliminaries 9 2.1 Basics ............................... 9 2.2 PublicKeyEncryption...................... 10 2.2.1 IND-CPASecurity .................... 11 2.2.2 IND-CCASecurity .................... 14 2.3 HomomorphicPublic-keyEncryption . . . . . . . . . . . . . . 15 2.4 Zero-KnowledgeProofs...................... 18 2.4.1 Zero-KnowledgeVariants................. 19 2.4.2 ProofofKnowledge.................... 20 2.5 Public-KeyObfuscation ..................... 21 3 Verifiable Secret Shuffles: A Review 24 3.1 Introduction............................ 24 3.2 NotationandDefinitions..................... 25 3.3 Security .............................. 27 3.3.1 VerifiabilityforSecretShuffles.............. 27 3.3.2 UnlinkabilityExperiments ................ 28 3.4 SelectedPriorWork ....................... 29 3.4.1 Furukawa-SakoProtocol ................. 30 3.4.2 GrothProtocol ...................... 31 3.5 PublicShuffleswithPrivatePermutation . . . . . . . . . . . . 33 3.5.1 Introduction........................ 33 3.5.2 AdidaandWikstro ̈mProtocol.............. 33 4 Verifiable Public Shuffles 36 4.1 Introduction............................ 36 4.2 GeneralizedShuffle ........................ 38 4.2.1 SyntaxofGeneralizedShuffle .............. 38 4.2.2 SecurityModel ...................... 39 4.2.3 CryptographicAssumption................ 43 4.3 Constructions from Ring Homomorphic Encryption . . . . . . 44 4.3.1 Construction from (n,n−1)-E . . . . . . . . . . 44 4.3.2 Construction from (1,n)-E ................ 45 4.4 Constructions from Group Homomorphic Encryption . . . . . 47 4.4.1 BuildingBlocks...................... 47 4.4.2 A Generalized Public Shuffle Scheme Based on Poly- nomialFactorization ................... 50 4.4.3 A Generalized Public Shuffle Scheme Based on Integer Factorization ....................... 58 5 Conclusion and Further Work 63 Abstract (in Korean) 72 Acknowledgement (in Korean) 74Docto

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed