Linear Complexity Private Set Intersection for Secure Two-Party Protocols

In this paper, we propose a new private set intersection (PSI) protocol with bi-oblivious data transfer that computes the following functionality. One of the parties $P_1$ inputs a set of items $X$ and a set of data pairs $D_1 = \{ (d_0^j,d_1^j)\}$ and the other party $P_2$ inputs a set of items $Y$. While $P_1$ outputs nothing, $P_2$ outputs a set of data $D_2 = \{ d_{b_j}^j \mid b_j \in \{0,1\}\}$ dependent on the intersection of $X$ and $Y$. This functionality is generally required when the PSI protocol is used as a part of a larger secure two-party secure computation such as threshold PSI or any function of the whole intersecting set in general. Pinkas et al. presented a PSI protocol at Eurocrypt 2019 for this type of functionality, which has linear complexity only in communication. While there are PSI protocols with linear computation and communication complexities in the classical PSI setting where the intersection itself is revealed to one party, to the best of our knowledge, there is no PSI protocol, which outputs a function of the membership results and satisfies linear complexity in both communication and computation. We present the first PSI protocol that outputs only a function of the membership results with linear communication and computation complexities. While creating the protocol, as a side contribution, we provide a one-time batch oblivious programmable pseudo-random function based on garbled Bloom filters. We also implemented our protocol and provide performance results

Peer-to-Peer Secure Multi-Party Numerical Computation Facing Malicious Adversaries

We propose an efficient framework for enabling secure multi-party numerical computations in a Peer-to-Peer network. This problem arises in a range of applications such as collaborative filtering, distributed computation of trust and reputation, monitoring and other tasks, where the computing nodes is expected to preserve the privacy of their inputs while performing a joint computation of a certain function. Although there is a rich literature in the field of distributed systems security concerning secure multi-party computation, in practice it is hard to deploy those methods in very large scale Peer-to-Peer networks. In this work, we try to bridge the gap between theoretical algorithms in the security domain, and a practical Peer-to-Peer deployment. We consider two security models. The first is the semi-honest model where peers correctly follow the protocol, but try to reveal private information. We provide three possible schemes for secure multi-party numerical computation for this model and identify a single light-weight scheme which outperforms the others. Using extensive simulation results over real Internet topologies, we demonstrate that our scheme is scalable to very large networks, with up to millions of nodes. The second model we consider is the malicious peers model, where peers can behave arbitrarily, deliberately trying to affect the results of the computation as well as compromising the privacy of other peers. For this model we provide a fourth scheme to defend the execution of the computation against the malicious peers. The proposed scheme has a higher complexity relative to the semi-honest model. Overall, we provide the Peer-to-Peer network designer a set of tools to choose from, based on the desired level of security.Comment: Submitted to Peer-to-Peer Networking and Applications Journal (PPNA) 200

Improved Private Set Intersection against Malicious Adversaries

Private set intersection (PSI) refers to a special case of secure two-party computation in which the parties each have a set of items and compute the intersection of these sets without revealing any additional information. In this paper we present improvements to practical PSI providing security in the presence of {\em malicious} adversaries. Our starting point is the protocol of Dong, Chen \& Wen (CCS 2013) that is based on Bloom filters. We identify a bug in their malicious-secure variant and show how to fix it using a cut-and-choose approach that has low overhead while simultaneously avoiding one the main computational bottleneck in their original protocol. We also point out some subtleties that arise when using Bloom filters in malicious-secure cryptographic protocols. We have implemented our PSI protocols and report on its performance. Our improvements reduce the cost of Dong et al.\u27s protocol by a factor of $14-110\times$ on a single thread. When compared to the previous fastest protocol of De Cristofaro et al., we improve the running time by $8-24\times$. For instance, our protocol has an online time of 14 seconds and an overall time of 2.1 minutes to securely compute the intersection of two sets of 1 million items each

PSI from PaXoS: Fast, Malicious Private Set Intersection

We present a 2-party private set intersection (PSI) protocol which provides security against malicious participants, yet is almost as fast as the fastest known semi-honest PSI protocol of Kolesnikov et al. (CCS 2016). Our protocol is based on a new approach for two-party PSI, which can be instantiated to provide security against either malicious or semi-honest adversaries. The protocol is unique in that the only difference between the semi-honest and malicious versions is an instantiation with different parameters for a linear error-correction code. It is also the first PSI protocol which is concretely efficient while having linear communication and security against malicious adversaries, while running in the OT-hybrid model (assuming a non-programmable random oracle). State of the art semi-honest PSI protocols take advantage of cuckoo hashing, but it has proven a challenge to use cuckoo hashing for malicious security. Our protocol is the first to use cuckoo hashing for malicious-secure PSI. We do so via a new data structure, called a probe-and-XOR of strings (PaXoS), which may be of independent interest. This abstraction captures important properties of previous data structures, most notably garbled Bloom filters. While an encoding by a garbled Bloom filter is larger by a factor of $O(\lambda)$ than the original data, we describe a significantly improved PaXoS based on cuckoo hashing that achieves constant rate while being no worse in other relevant efficiency measures

Neuregulin Promotes Incomplete Autophagy of Prostate Cancer Cells That Is Independent of mTOR Pathway Inhibition

Growth factors activating the ErbB receptors have been described in prostate tumors. The androgen dependent prostate cancer cell line, LNCaP, expresses the ErbB-1, ErbB-2 and ErbB-3 receptor tyrosine kinases. Previously, it was demonstrated that NRG activates ErbB-2/ErbB-3 heterodimers to induce LNCaP cell death, whereas, EGF activates ErbB-1/ErbB-1 or ErbB-1/ErbB-2 dimers to induce cell growth and survival. It was also demonstrated that PI3K inhibitors repressed this cell death suggesting that in androgen deprived LNCaP cells, NRG activates a PI3K-dependent pathway associated with cell death.In the present study we demonstrate that NRG induces autophagy in LNCaP cells, using LC3 as a marker. However, the autophagy induced by NRG may be incomplete since p62 levels elevate. We also demonstrated that NRG- induced autophagy is independent of mammalian target of rapamycin (mTOR) inhibition since NRG induces Akt and S6K activation. Interestingly, inhibition of reactive oxygen species (ROS) by N-acetylcysteine (NAC), inhibited NRG-induced autophagy and cell death. Our study also identified JNK and Beclin 1 as important components in NRG-induced autophagy and cell death. NRG induced elevation in JNK phosphorylation that was inhibited by NAC. Moreover, inhibitor of JNK inhibited NRG-induced autophagy and cell death. Also, in cells overexpressing Bcl-2 or cells expressing sh-RNA against Beclin 1, the effects of NRG, namely induction of autophagy and cell death, were inhibited.Thus, in LNCaP cells, NRG-induces incomplete autophagy and cell death that depend on ROS levels. These effects of NRG are mediated by signaling pathway that activates JNK and Beclin 1, but is independent of mTOR inhibition

Secret Shared Shuffle

Generating secret shares of a shuffled dataset - such that neither party knows the order in which it is permuted - is a fundamental building block in many protocols, such as secure collaborative filtering, oblivious sorting, and secure function evaluation on set intersection. Traditional approaches to this problem either involve expensive public-key based crypto or using symmetric crypto on permutation networks. While public-key based solutions are bandwidth efficient, they are computation-bound. On the other hand, permutation network based constructions are communication-bound, especially when the elements are long, for example feature vectors in an ML context. We design a new 2-party protocol for this task of computing secret shares of shuffled data, which we refer to as secret-shared shuffle. Our protocol is secure against static semi-honest adversary. At the heart of our approach is a new method of obtaining two sets of pseudorandom shares which are ``correlated via the permutation\u27\u27, which can be implemented with low communication using GGM puncturable PRFs. This gives a new protocol for secure shuffle which is concretely more efficient than the existing techniques in the literature. In particular, we are three orders of magnitude faster than public key based approach and one order of magnitude faster compared to the best known symmetric-key cryptography approach based on permutation network when the elements are moderately large

Combining Private Set-Intersection with Secure Two-Party Computation

Private Set-Intersection (PSI) is one of the most popular and practically relevant secure two-party computation (2PC) tasks. Therefore, designing special-purpose PSI protocols (which are more efficient than generic 2PC solutions) is a very active line of research. In particular, a recent line of work has proposed PSI protocols based on oblivious transfer (OT) which, thanks to recent advances in OT-extension techniques, is nowadays a very cheap cryptographic building block. Unfortunately, these protocols cannot be plugged into larger 2PC applications since in these protocols one party (by design) learns the output of the intersection. Therefore, it is not possible to perform secure post-processing of the output of the PSI protocol. In this paper we propose a novel and efficient OT-based PSI protocol that produces an encrypted output that can therefore be later used as an input to other 2PC protocols. In particular, the protocol can be used in combination with all common approaches to 2PC including garbled circuits, secret sharing and homomorphic encryption. Thus, our protocol can be combined with the right 2PC techniques to achieve more efficient protocols for computations of the form $z=f(X\cap Y)$ for arbitrary functions $f$

Phosphorylation of the ErbB3 binding protein Ebp1 by p21-activated kinase 1 in breast cancer cells

The ErbB3 binding protein (Ebp1) is a transcriptional corepressor that inhibits the activity of proliferation-associated genes and the growth of human breast cancer cell lines. Treatment of breast cancer cells with the ErbB3 ligand heregulin (HRG) results in increased phosphorylation of Ebp1 and transcriptional repression. The p21-activated serine/threonine kinase 1 (PAK1), which plays an important role in breast cancer progression and resistance to the anti-oestrogen tamoxifen, is also activated by HRG. We therefore examined the ability of PAK1 to phosphorylate and regulate the function of Ebp1. We found that PAK1 phosphorylated Ebp1 in vitro and mapped the phosphorylation site to threonine 261. Both HRG treatment and expression of a constitutively activated PAK1 in MCF-7 breast cancer cells enhanced threonine phosphorylation of Ebp1. In MCF-7 cells, ectopically expressed Ebp1 bound endogenous PAK1 and this association was enhanced by treatment with HRG. Mutation of the PAK1 phosphorylation site to glutamic acid, mimicking a phosphorylated state, completely abrogated the ability of Ebp1 to repress transcription, inhibit growth of breast cancer cell lines and contribute to tamoxifen sensitivity. These studies demonstrate for the first time that Ebp1 is a substrate of PAK1 and the importance of the PAK1 phosphorylation site for the functional activity of Ebp1 in breast cancer cells

How to Circumvent the Two-Ciphertext Lower Bound for Linear Garbling Schemes

At EUROCRYPT 2015, Zahur et al.\ argued that all linear, and thus, efficient, garbling schemes need at least two $k$-bit elements to garble an AND gate with security parameter $k$. We show how to circumvent this lower bound, and propose an efficient garbling scheme which requires less than two $k$-bit elements per AND gate for most circuit layouts. Our construction slightly deviates from the linear garbling model, and constitutes no contradiction to any claims in the lower-bound proof. With our proof of concept construction, we hope to spur new ideas for more practical garbling schemes. Our construction can directly be applied to semi-private function evaluation by garbling XOR, XNOR, NAND, OR, NOR and AND gates in the same way, and keeping the evaluator oblivious of the gate function