6,697 research outputs found
Compositional closure for Bayes Risk in probabilistic noninterference
We give a sequential model for noninterference security including probability
(but not demonic choice), thus supporting reasoning about the likelihood that
high-security values might be revealed by observations of low-security
activity. Our novel methodological contribution is the definition of a
refinement order and its use to compare security measures between
specifications and (their supposed) implementations. This contrasts with the
more common practice of evaluating the security of individual programs in
isolation.
The appropriateness of our model and order is supported by our showing that
our refinement order is the greatest compositional relation --the compositional
closure-- with respect to our semantics and an "elementary" order based on
Bayes Risk --- a security measure already in widespread use. We also relate
refinement to other measures such as Shannon Entropy.
By applying the approach to a non-trivial example, the anonymous-majority
Three-Judges protocol, we demonstrate by example that correctness arguments can
be simplified by the sort of layered developments --through levels of
increasing detail-- that are allowed and encouraged by compositional semantics
Lower Bounds for Oblivious Near-Neighbor Search
We prove an lower bound on the dynamic
cell-probe complexity of statistically
approximate-near-neighbor search () over the -dimensional
Hamming cube. For the natural setting of , our result
implies an lower bound, which is a quadratic
improvement over the highest (non-oblivious) cell-probe lower bound for
. This is the first super-logarithmic
lower bound for against general (non black-box) data structures.
We also show that any oblivious data structure for
decomposable search problems (like ) can be obliviously dynamized
with overhead in update and query time, strengthening a classic
result of Bentley and Saxe (Algorithmica, 1980).Comment: 28 page
Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values
Two-party secure function evaluation (SFE) has become significantly more
feasible, even on resource-constrained devices, because of advances in
server-aided computation systems. However, there are still bottlenecks,
particularly in the input validation stage of a computation. Moreover, SFE
research has not yet devoted sufficient attention to the important problem of
retaining state after a computation has been performed so that expensive
processing does not have to be repeated if a similar computation is done again.
This paper presents PartialGC, an SFE system that allows the reuse of encrypted
values generated during a garbled-circuit computation. We show that using
PartialGC can reduce computation time by as much as 96% and bandwidth by as
much as 98% in comparison with previous outsourcing schemes for secure
computation. We demonstrate the feasibility of our approach with two sets of
experiments, one in which the garbled circuit is evaluated on a mobile device
and one in which it is evaluated on a server. We also use PartialGC to build a
privacy-preserving "friend finder" application for Android. The reuse of
previous inputs to allow stateful evaluation represents a new way of looking at
SFE and further reduces computational barriers.Comment: 20 pages, shorter conference version published in Proceedings of the
2014 ACM SIGSAC Conference on Computer and Communications Security, Pages
582-596, ACM New York, NY, US
Complete Insecurity of Quantum Protocols for Classical Two-Party Computation
A fundamental task in modern cryptography is the joint computation of a
function which has two inputs, one from Alice and one from Bob, such that
neither of the two can learn more about the other's input than what is implied
by the value of the function. In this Letter, we show that any quantum protocol
for the computation of a classical deterministic function that outputs the
result to both parties (two-sided computation) and that is secure against a
cheating Bob can be completely broken by a cheating Alice. Whereas it is known
that quantum protocols for this task cannot be completely secure, our result
implies that security for one party implies complete insecurity for the other.
Our findings stand in stark contrast to recent protocols for weak coin tossing,
and highlight the limits of cryptography within quantum mechanics. We remark
that our conclusions remain valid, even if security is only required to be
approximate and if the function that is computed for Bob is different from that
of Alice.Comment: v2: 6 pages, 1 figure, text identical to PRL-version (but reasonably
formatted
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
Communication-efficient distributed oblivious transfer
AbstractDistributed oblivious transfer (DOT) was introduced by Naor and Pinkas (2000) [31], and then generalized to (k,ℓ)-DOT-(n1) by Blundo et al. (2007) [8] and Nikov et al. (2002) [34]. In the generalized setting, a (k,ℓ)-DOT-(n1) allows a sender to communicate one of n secrets to a receiver with the help of ℓ servers. Specifically, the transfer task of the sender is distributed among ℓ servers and the receiver interacts with k out of the ℓ servers in order to retrieve the secret he is interested in. The DOT protocols we consider in this work are information-theoretically secure. The known (k,ℓ)-DOT-(n1) protocols require linear (in n) communication complexity between the receiver and servers. In this paper, we construct (k,ℓ)-DOT-(n1) protocols which only require sublinear (in n) communication complexity between the receiver and servers. Our constructions are based on information-theoretic private information retrieval. In particular, we obtain both a specific reduction from (k,ℓ)-DOT-(n1) to polynomial interpolation-based information-theoretic private information retrieval and a general reduction from (k,ℓ)-DOT-(n1) to any information-theoretic private information retrieval. The specific reduction yields (t,τ)-private (k,ℓ)-DOT-(n1) protocols of communication complexity O(n1/⌊(k−τ−1)/t⌋) between a semi-honest receiver and servers for any integers t and τ such that 1⩽t⩽k−1 and 0⩽τ⩽k−1−t. The general reduction yields (t,τ)-private (k,ℓ)-DOT-(n1) protocols which are as communication-efficient as the underlying private information retrieval protocols for any integers t and τ such that 1⩽t⩽k−2 and 0⩽τ⩽k−1−t
- …