67 research outputs found
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
Spin-the-bottle Sort and Annealing Sort: Oblivious Sorting via Round-robin Random Comparisons
We study sorting algorithms based on randomized round-robin comparisons.
Specifically, we study Spin-the-bottle sort, where comparisons are
unrestricted, and Annealing sort, where comparisons are restricted to a
distance bounded by a \emph{temperature} parameter. Both algorithms are simple,
randomized, data-oblivious sorting algorithms, which are useful in
privacy-preserving computations, but, as we show, Annealing sort is much more
efficient. We show that there is an input permutation that causes
Spin-the-bottle sort to require expected time in order to
succeed, and that in time this algorithm succeeds with high
probability for any input. We also show there is an implementation of Annealing
sort that runs in time and succeeds with very high probability.Comment: Full version of a paper appearing in ANALCO 2011, in conjunction with
SODA 201
The Meeting Businessmen Problem: Requirements and Limitations
Let us assume that some businessmen wish to have a meeting. For this to happen, they usually have to meet somewhere. If they cannot meet physically, then they can take part in a video (or audio) conference to discuss whatever needs to be discussed. But what if their meeting is meant to be private? In this case they need a cryptographic protocol that allows them to exchange their ideas remotely, while keeping them secure from any potential eavesdropper. In this paper we list all the necessary requirements that a cryptographic protocol must have in order to allow several businessmen to exchange their ideas securely over the Internet. Moreover, and based on the standard taxonomy of cryptographic pro- tocols, we suggest several approaches on how to design cryptographic protocols that enable us to achieve our aim. Finally, we propose the design of a protocol that solves the meeting businessmen problem
Protocols for The Meeting Businessmen Problem
Assume that some businessmen wish to have a meeting. For this to occur, they usuallyhave to meet somewhere. If they cannot meet physically, then they can take part in a video (oraudio) conference to discuss whatever needs to be discussed. But what if their meeting is meant tobe private? In this case they need a cryptographic protocol that allows them to exchange their ideasremotely, while keeping them secure from any potential eavesdropper. In this paper we list all thenecessary requirements that a cryptographic protocol must have in order to allow several businessmento exchange their ideas securely over the Internet. Moreover, and based on the standard taxonomy ofcryptographic protocols, we suggest several approaches on how to design cryptographic protocols thatenable us to achieve our aim. Finally, we propose the design of a protocol that solves the meetingbusinessmen problem
Optimal Contracts for Outsourced Computation
While expensive cryptographically verifiable computation aims at defeating malicious agents, many civil purposes of outsourced computation tolerate a weaker notion of security, i.e., “lazy-but-honest” contractors. Targeting this type of agents, we develop optimal contracts for outsourcing of computational tasks via appropriate use of rewards, punishments, auditing rate, and “redundancy”. Our contracts provably minimize the expense of the outsourcer (principal) while guaranteeing correct computation. Furthermore, we incorporate practical restrictions of the maximum enforceable fine, limited and/or costly auditing, and bounded budget of the outsourcer. By examining the optimal contracts, we provide insights on how resources should be utilized when auditing capacity and enforceability are limited. Finally, we present a light-weight cryptographic implementation of the contracts and discuss a comparison across different implementations of auditing in outsourced computation
- …