Rational Multiparty Computation

The field of rational cryptography considers the design of cryptographic protocols in the presence of rational agents seeking to maximize local utility functions. This departs from the standard secure multiparty computation setting, where players are assumed to be either honest or malicious. ^ We detail the construction of both a two-party and a multiparty game theoretic framework for constructing rational cryptographic protocols. Our framework specifies the utility function assumptions necessary to realize the privacy, correctness, and fairness guarantees for protocols. We demonstrate that our framework correctly models cryptographic protocols, such as rational secret sharing, where existing work considers equilibrium concepts that yield unreasonable equilibria. Similarly, we demonstrate that cryptography may be applied to the game theoretic domain, constructing an auction market not realizable in the original formulation. Additionally, we demonstrate that modeling players as rational agents allows us to design a protocol that destabilizes coalitions. Thus, we establish a mutual benefit from combining the two fields, while demonstrating the applicability of our framework to real-world market environments.^ We also give an application of game theory to adversarial interactions where cryptography is not necessary. Specifically, we consider adversarial machine learning, where the adversary is rational and reacts to the presence of a data miner. We give a general extension to classification algorithms that returns greater expected utility for the data miner than existing classification methods

On the information ratio of non-perfect secret sharing schemes

The final publication is available at Springer via http://dx.doi.org/10.1007/s00453-016-0217-9A secret sharing scheme is non-perfect if some subsets of players that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes and the construction of efficient linear non-perfect secret sharing schemes. To this end, we extend the known connections between matroids, polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information on the secret value that is obtained by each subset of players. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, access functions whose values depend only on the number of players, generalize the threshold access structures. The optimal information ratio of the uniform access functions with rational values has been determined by Yoshida, Fujiwara and Fossorier. By using the tools that are described in our work, we provide a much simpler proof of that result and we extend it to access functions with real values.Peer ReviewedPostprint (author's final draft

Ideal Secret Sharing Schemes with Share Selectability

Abstract. In this paper, we investigate a new concept, called share selectable secret sharing, where no unauthorized set can obtain information of the secret (in the information-theoretic sense) even if shares are selectable as arbitrary values which are independent of the secret. We propose two totally selectable (i.e., all users' shares are selectable) secret sharing schemes with unanimous structure. We also propose a quasiselectable (i.e., a part of each user's share is selectable) secret sharing scheme with certain hierarchical structures which contains special cases of the hierarchical threshold structures introduced by Tamir Tassa in TCC2004 (or its full version (J. Cryptology2007)). If all selectable shares are randomly chosen, then our schemes are perfect. Finally, we discuss the effect of the leakage information of the secret if a weak secret is indicated as a selectable share

On Fairness in Secure Computation

Secure computation is a fundamental problem in modern cryptography in which multiple parties join to compute a function of their private inputs without revealing anything beyond the output of the function. A series of very strong results in the 1980's demonstrated that any polynomial-time function can be computed while guaranteeing essentially every desired security property. The only exception is the fairness property, which states that no player should receive their output from the computation unless all players receive their output. While it was shown that fairness can be achieved whenever a majority of players are honest, it was also shown that fairness is impossible to achieve in general when half or more of the players are dishonest. Indeed, it was proven that even boolean XOR cannot be computed fairly by two parties The fairness property is both natural and important, and as such it was one of the first questions addressed in modern cryptography (in the context of signature exchange). One contribution of this thesis is to survey the many approaches that have been used to guarantee different notions of partial fairness. We then revisit the topic of fairness within a modern security framework for secure computation. We demonstrate that, despite the strong impossibility result mentioned above, certain interesting functions can be computed fairly, even when half (or more) of the parties are malicious. We also provide a new notion of partial fairness, demonstrate feasibility of achieving this notion for a large class of functions, and show impossibility for certain functions outside this class. We consider fairness in the presence of rational adversaries, and, finally, we further study the difficulty of achieving fairness by exploring how much external help is necessary for enabling fair secure computation

Enforcing Input Correctness via Certification in Garbled Circuit Evaluation

Secure multi-party computation allows a number of participants to securely evaluate a function on their private inputs and has a growing number of applications. Two standard adversarial models that treat the participants as semi-honest or malicious, respectively, are normally considered for showing security of constructions in this framework. In this work, we go beyond the standard security model in the presence of malicious participants and treat the problem of enforcing correct inputs to be entered into the computation. We achieve this by having a certification authority certify user’s information, which is consequently used in secure two-party computation based on garbled circuit evaluation. The focus of this work on enforcing correctness of garbler’s inputs via certification, as prior work already allows one to achieve this goal for circuit evaluator’s input. Thus, in this work, we put forward a novel approach for certifying user’s input and tying certification to garbler’s input used during secure function evaluation based on garbled circuits. Our construction achieves notable performance of adding only one (standard) signature verification and O(nρ) symmetric key/hash operations to the cost of garbled circuit evaluation in the malicious model via cut-and-choose, in which ρ circuits are garbled and n is the length of the garbler’s input in bits. Security of our construction is rigorously proved in the standard model

Programmeerimiskeeled turvalise ühisarvutuse rakenduste arendamiseks

Turvaline ühisarvutus on tehnoloogia, mis lubab mitmel sõltumatul osapoolel oma andmeid koos töödelda neis olevaid saladusi avalikustamata. Kui andmed on esitatud krüpteeritud kujul, tähendab see, et neid ei dekrüpteerita arvutuse käigus kordagi. Turvalise ühisarvutuse teoreetilised konstruktsioonid on teada olnud juba alates kaheksakümnendatest, kuid esimesed praktilised teostused ja rakendused, mis päris andmeid töötlesid, ilmusid alles natuke enam kui kümme aastat tagasi. Nüüdseks on turvalist ühisarvutust kasutatud mitmes praktilises rakenduses ning sellest on kujunenud oluline andmekaitsetehnoloogia. Turvalise ühisarvutuse rakenduste arendamine on keerukas. Vahendid, mis aitavad kaasa arendusprotsessile, on veel väga uued, ning raamistikud on sageli liiga aeglased praktiliste rakenduste jaoks. Rakendusi on endiselt võimelised arendama ainult krüptograafiaeksperdid. Käesoleva töö eesmärk on teha turvalise ühisarvutuse raamistikke paremaks ning muuta ühisarvutusrakenduste arendamist kergemaks. Väidame, et valdkon- naspetsiifiliste programmeerimiskeelte kasutamine võimaldab turvalise ühisarvu- tuse rakenduste ja raamistike ehitamist, mis on samaaegselt lihtsasti kasutatavad, hea jõudlusega, hooldatavad, usaldusväärsed ja võimelised suuri andmemahtusid töötlema. Peamise tulemusena esitleme kahte uut programmeerimiskeelt, mis on mõeldud turvalise ühisarvutuse jaoks. SecreC 2 on mõeldud turvalise ühisarvutuse rakendus- te arendamise lihtsustamiseks ja aitab kaasa sellele, et rakendused oleks turvalised ja efektiivsed. Teine keel on loodud turvalise ühisarvutuse protokollide arenda- miseks ning selle eesmärk on turvalise ühisarvutuse raamistikke paremaks muuta. Protokollide keel teeb raamistikke kiiremaks ja usaldusväärsemaks ning lihtsustab protokollide arendamist ja haldamist. Kirjeldame mõlemad keeled nii formaalselt kui mitteformaalselt. Näitame, kuidas mitmed rakendused ja prototüübid saavad neist keeltest kasu.Secure multi-party computation is a technology that allows several independent parties to cooperatively process their private data without revealing any secrets. If private inputs are given in encrypted form then the results will also be encrypted, and at no stage during processing are values ever decrypted. As a theoretical concept, the technology has been around since the 1980s, but the first practical implementations arose a bit more than a decade ago. Since then, secure multi-party computation has been used in practical applications, and has been established as an important method of data protection. Developing applications that use secure multi-party computation is challenging. The tools that help with development are still very young and the frameworks are often too slow for practical applications. Currently only experts in cryptography are able to develop secure multi-party applications. In this thesis we look how to improve secure multy-party computation frame- works and make the applications easier to develop. We claim that domain-specific programming languages enable to build secure multi-party applications and frame- works that are at the same time usable, efficient, maintainable, trustworthy, and practically scalable. The contribution of this thesis is the introduction of two new programming languages for secure multi-party computation. The SecreC 2 language makes secure multi-party computation application development easier, ensuring that the applications are secure and enabling them to be efficient. The second language is for developing low-level secure computation protocols. This language was created for improving secure multi-party computation frameworks. It makes the frameworks faster and more trustworthy, and protocols easier to develop and maintain. We give give both a formal and an informal overview of the two languages and see how they benefit multi-party applications and prototypes

Secure transformation of cryptographic protocols

Over decades of active research, MPC has grown into a rich and complex topic, with many incomparable flavors and numerous protocols and techniques. The diversity of models and questions forms a wide spectrum of possible tradeoffs between functionality, security, and efficiency, which partially explains the massive amount of research in the area. Meanwhile, several important results actually rely on “protocol transformations,” whereby protocols from one model of MPC are transformed to protocols from another model. Motivated by simplifying and unifying results in the area of MPC, our first goal is to formalize a general notion of black-box protocol transformations that captures previous transformations from the literature as special cases, and present several new transformations. In addition to the simplification of known feasibility results, we then push our study of protocol transformations by presenting several results regarding security augmentation and efficiency leveraging. On the other hand, we prove the impossibility of two simple types of black-box protocol transformations. Next, we initiate the study of bottleneck complexity as a new communication efficiency measure for secure multiparty computation (MPC). Roughly, the bottleneck complexity of an MPC protocol is defined as the maximum communication complexity required by any party within the protocol execution. While achieving O(n) bottleneck complexity (where n is the number of parties) is straightforward, we show that: (1) achieving sublinear bottleneck complexity is not always possible, even when no security is required. (2) On the other hand, several useful classes of functions do have o(n) bottleneck complexity, when no security is required. Then our main positive result regarding bottleneck complexity is a compiler that transforms any (possibly insecure) efficient protocol with a fixed communication-pattern for computing any functionality into a secure MPC protocol while preserving the bottleneck complexity of the underlying protocol (up to security parameter overhead). Given our compiler, an efficient protocol for any function f with sublinear bottleneck complexity can be transformed into an MPC protocol for f with the same bottleneck complexity. Along the way, we build cryptographic primitives – incremental fully-homomorphic encryption, succinct non-interactive arguments of knowledge with ID-based simulation-extractability property and verifiable protocol execution – that may be of independent interest