1,364 research outputs found
Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes
Cryptographic primitives are essential for constructing privacy-preserving
communication mechanisms. There are situations in which two parties that do not
know each other need to exchange sensitive information on the Internet. Trust
management mechanisms make use of digital credentials and certificates in order
to establish trust among these strangers. We address the problem of choosing
which credentials are exchanged. During this process, each party should learn
no information about the preferences of the other party other than strictly
required for trust establishment. We present a method to reach an agreement on
the credentials to be exchanged that preserves the privacy of the parties. Our
method is based on secure two-party computation protocols for set intersection.
Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM
International Workshop on Data Privacy Management (DPM 2013
Robust Coin Flipping
Alice seeks an information-theoretically secure source of private random
data. Unfortunately, she lacks a personal source and must use remote sources
controlled by other parties. Alice wants to simulate a coin flip of specified
bias , as a function of data she receives from sources; she seeks
privacy from any coalition of of them. We show: If , the
bias can be any rational number and nothing else; if , the bias
can be any algebraic number and nothing else. The proof uses projective
varieties, convex geometry, and the probabilistic method. Our results improve
on those laid out by Yao, who asserts one direction of the case in his
seminal paper [Yao82]. We also provide an application to secure multiparty
computation.Comment: 22 pages, 1 figur
Rational Fair Consensus in the GOSSIP Model
The \emph{rational fair consensus problem} can be informally defined as
follows. Consider a network of (selfish) \emph{rational agents}, each of
them initially supporting a \emph{color} chosen from a finite set .
The goal is to design a protocol that leads the network to a stable
monochromatic configuration (i.e. a consensus) such that the probability that
the winning color is is equal to the fraction of the agents that initially
support , for any . Furthermore, this fairness property must
be guaranteed (with high probability) even in presence of any fixed
\emph{coalition} of rational agents that may deviate from the protocol in order
to increase the winning probability of their supported colors. A protocol
having this property, in presence of coalitions of size at most , is said to
be a \emph{whp\,--strong equilibrium}. We investigate, for the first time,
the rational fair consensus problem in the GOSSIP communication model where, at
every round, every agent can actively contact at most one neighbor via a
\emph{pushpull} operation. We provide a randomized GOSSIP protocol that,
starting from any initial color configuration of the complete graph, achieves
rational fair consensus within rounds using messages of
size, w.h.p. More in details, we prove that our protocol is a
whp\,--strong equilibrium for any and, moreover, it
tolerates worst-case permanent faults provided that the number of non-faulty
agents is . As far as we know, our protocol is the first solution
which avoids any all-to-all communication, thus resulting in message
complexity.Comment: Accepted at IPDPS'1
Multi-Party Threshold Private Set Intersection with Sublinear Communication
In multi-party threshold private set intersection (PSI), parties each with a private set wish to compute the intersection of their sets if the intersection is sufficiently large. Previously, Ghosh and Simkin (CRYPTO 2019) studied this problem for the two-party case and demonstrated interesting lower and upper bounds on the communication complexity. In this work, we investigate the communication complexity of the multi-party setting . We consider two functionalities for multi-party threshold PSI. In the first, parties learn the intersection if each of their sets and the intersection differ by at most . In the second functionality, parties learn the intersection if the union of all their sets and the intersection differ by at most .
For both functionalities, we show that any protocol must have communication complexity . We build protocols with a matching upper bound of communication complexity for both functionalities assuming threshold FHE. We also construct a computationally more efficient protocol for the second functionality with communication complexity under a weaker assumption of threshold additive homomorphic encryption. As a direct implication, we solve one of the open problems in the work of Ghosh and Simkin (CRYPTO 2019) by designing a two-party protocol with communication cost from assumptions weaker than FHE.
As a consequence of our results, we achieve the first ``regular\u27\u27 multi-party PSI protocol where the communication complexity only grows with the size of the set difference and does not depend on the size of the input sets
The Communication Complexity of Threshold Private Set Intersection
Threshold private set intersection enables Alice and Bob who hold sets and of size to compute the intersection if the sets do not differ by more than some threshold parameter .
In this work, we investigate the communication complexity of this problem and we establish the first upper and lower bounds.
We show that any protocol has to have a communication complexity of .
We show that an almost matching upper bound of can be obtained via fully homomorphic encryption.
We present a computationally more efficient protocol based on weaker assumptions, namely additively homomorphic encryption, with a communication complexity of .
We show how our protocols can be extended to the multiparty setting.
For applications like biometric authentication, where a given fingerprint has to have a large intersection with a fingerprint from a database, our protocols may result in significant communication savings.
We, furthermore, show how to extend all of our protocols to the multiparty setting.
Prior to this work, all previous protocols had a communication complexity of .
Our protocols are the first ones with communication complexities that mainly depend on the threshold parameter and only logarithmically on the set size
- …