72 research outputs found
The Crypto-democracy and the Trustworthy
In the current architecture of the Internet, there is a strong asymmetry in
terms of power between the entities that gather and process personal data
(e.g., major Internet companies, telecom operators, cloud providers, ...) and
the individuals from which this personal data is issued. In particular,
individuals have no choice but to blindly trust that these entities will
respect their privacy and protect their personal data. In this position paper,
we address this issue by proposing an utopian crypto-democracy model based on
existing scientific achievements from the field of cryptography. More
precisely, our main objective is to show that cryptographic primitives,
including in particular secure multiparty computation, offer a practical
solution to protect privacy while minimizing the trust assumptions. In the
crypto-democracy envisioned, individuals do not have to trust a single physical
entity with their personal data but rather their data is distributed among
several institutions. Together these institutions form a virtual entity called
the Trustworthy that is responsible for the storage of this data but which can
also compute on it (provided first that all the institutions agree on this).
Finally, we also propose a realistic proof-of-concept of the Trustworthy, in
which the roles of institutions are played by universities. This
proof-of-concept would have an important impact in demonstrating the
possibilities offered by the crypto-democracy paradigm.Comment: DPM 201
Practical and Foundational Aspects of Secure Computation
Il y a des problemes qui semblent impossible a resoudre sans l'utilisation d'un tiers parti
honnete. Comment est-ce que deux millionnaires peuvent savoir qui est le plus riche sans dire a l'autre la valeur de ses biens ? Que peut-on faire pour prevenir les collisions de satellites quand
les trajectoires sont secretes ? Comment est-ce que les chercheurs peuvent apprendre les liens
entre des medicaments et des maladies sans compromettre les droits prives du patient ? Comment
est-ce qu'une organisation peut ecmpecher le gouvernement d'abuser de l'information
dont il dispose en sachant que l'organisation doit n'avoir aucun acces a cette information ?
Le Calcul multiparti, une branche de la cryptographie, etudie comment creer des protocoles
pour realiser de telles taches sans l'utilisation d'un tiers parti honnete.
Les protocoles doivent etre prives, corrects, efficaces et robustes. Un protocole est prive
si un adversaire n'apprend rien de plus que ce que lui donnerait un tiers parti honnete. Un
protocole est correct si un joueur honnete recoit ce que lui donnerait un tiers parti honnete.
Un protocole devrait bien sur etre efficace. Etre robuste correspond au fait qu'un protocole
marche meme si un petit ensemble des joueurs triche. On demontre que sous l'hypothese d'un
canal de diusion simultane on peut echanger la robustesse pour la validite et le fait d'etre
prive contre certains ensembles d'adversaires.
Le calcul multiparti a quatre outils de base : le transfert inconscient, la mise en gage, le
partage de secret et le brouillage de circuit. Les protocoles du calcul multiparti peuvent etre
construits avec uniquements ces outils. On peut aussi construire les protocoles a partir d'hypoth
eses calculatoires. Les protocoles construits a partir de ces outils sont souples et peuvent
resister aux changements technologiques et a des ameliorations algorithmiques. Nous nous
demandons si l'efficacite necessite des hypotheses de calcul. Nous demontrons que ce n'est
pas le cas en construisant des protocoles efficaces a partir de ces outils de base.
Cette these est constitue de quatre articles rediges en collaboration avec d'autres chercheurs.
Ceci constitue la partie mature de ma recherche et sont mes contributions principales
au cours de cette periode de temps. Dans le premier ouvrage presente dans cette these, nous
etudions la capacite de mise en gage des canaux bruites. Nous demontrons tout d'abord une
limite inferieure stricte qui implique que contrairement au transfert inconscient, il n'existe
aucun protocole de taux constant pour les mises en gage de bit. Nous demontrons ensuite que,
en limitant la facon dont les engagements peuvent etre ouverts, nous pouvons faire mieux et
meme un taux constant dans certains cas. Ceci est fait en exploitant la notion de cover-free
families . Dans le second article, nous demontrons que pour certains problemes, il existe un
echange entre robustesse, la validite et le prive. Il s'effectue en utilisant le partage de secret
veriable, une preuve a divulgation nulle, le concept de fantomes et une technique que nous
appelons les balles et les bacs. Dans notre troisieme contribution, nous demontrons qu'un
grand nombre de protocoles dans la litterature basee sur des hypotheses de calcul peuvent
etre instancies a partir d'une primitive appelee Transfert Inconscient Veriable, via le concept
de Transfert Inconscient Generalise. Le protocole utilise le partage de secret comme outils de
base. Dans la derniere publication, nous counstruisons un protocole efficace avec un nombre
constant de rondes pour le calcul a deux parties. L'efficacite du protocole derive du fait qu'on
remplace le coeur d'un protocole standard par une primitive qui fonctionne plus ou moins
bien mais qui est tres peu couteux. On protege le protocole contre les defauts en utilisant le
concept de privacy amplication .There are seemingly impossible problems to solve without a trusted third-party. How can
two millionaires learn who is the richest when neither is willing to tell the other how rich
he is? How can satellite collisions be prevented when the trajectories are secret? How can
researchers establish correlations between diseases and medication while respecting patient
confidentiality? How can an organization insure that the government does not abuse the
knowledge that it possesses even though such an organization would be unable to control
that information? Secure computation, a branch of cryptography, is a eld that studies how
to generate protocols for realizing such tasks without the use of a trusted third party. There
are certain goals that such protocols should achieve. The rst concern is privacy: players
should learn no more information than what a trusted third party would give them. The
second main goal is correctness: players should only receive what a trusted third party would
give them. The protocols should also be efficient. Another important property is robustness,
the protocols should not abort even if a small set of players is cheating.
Secure computation has four basic building blocks : Oblivious Transfer, secret sharing,
commitment schemes, and garbled circuits. Protocols can be built based only on these building
blocks or alternatively, they can be constructed from specific computational assumptions.
Protocols constructed solely from these primitives are
flexible and are not as vulnerable to
technological or algorithmic improvements. Many protocols are nevertheless based on computational
assumptions. It is important to ask if efficiency requires computational assumptions.
We show that this is not the case by building efficient protocols from these primitives. It is
the conclusion of this thesis that building protocols from black-box primitives can also lead
to e cient protocols.
This thesis is a collection of four articles written in collaboration with other researchers.
This constitutes the mature part of my investigation and is my main contributions to the
field during that period of time. In the first work presented in this thesis we study the commitment
capacity of noisy channels. We first show a tight lower bound that implies that in
contrast to Oblivious Transfer, there exists no constant rate protocol for bit commitments.
We then demonstrate that by restricting the way the commitments can be opened, we can
achieve better efficiency and in particular cases, a constant rate. This is done by exploiting
the notion of cover-free families. In the second article, we show that for certain problems,
there exists a trade-off between robustness, correctness and privacy. This is done by using
verifiable secret sharing, zero-knowledge, the concept of ghosts and a technique which we call
\balls and bins". In our third contribution, we show that many protocols in the literature
based on specific computational assumptions can be instantiated from a primitive known as
Verifiable Oblivious Transfer, via the concept of Generalized Oblivious Transfer. The protocol
uses secret sharing as its foundation. In the last included publication, we construct a
constant-round protocol for secure two-party computation that is very efficient and only uses
black-box primitives. The remarkable efficiency of the protocol is achieved by replacing the
core of a standard protocol by a faulty but very efficient primitive. The fault is then dealt
with by a non-trivial use of privacy amplification
Constant-round secure two-party computation from a linear number of oblivious transfer
We construct a protocol for constant round Two-Party Secure Function Evaluation in the standard model which improves previous protocols in several ways. We are able to reduce the number of calls to Oblivious Transfer by a factor proportional to the security parameter. In addition to being more efficient than previous instantiations, our protocol only requires black box calls to OT and Commitment. This is achieved by the use of a faulty variant of the Cut-and-Choose OT. The concepts of Garbling Schemes, faulty Cut-and-Choose Oblivious Transfer and Privacy Amplification are combined using the Cut-and-Choose paradigm to obtain the final protocol
Mastery, Maladaptive Learning Behaviour, and Academic Achievement: An Intervention Approach
The effects of three interventions designed to boost academic achievement among mastery-oriented students were evaluated on interest-based studying, social desirability, and perceived goal difficulty. Undergraduate students (N = 177) completed relevant self-report measures at the beginning and the end of the semester and were randomly assigned to one of three brief, web-based intervention conditions or a control condition. Multiple regression analyses showed the intervention conditions to consistently predict lower levels of interest-based studying, with these effects moderated by studentsâ prior achievement and mastery-approach goals. Qualitative analyses provide insight into the motivationally relevant processes elicited by the interventions
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation
We propose a simple and efficient framework for obtaining efficient constant-round protocols for maliciously secure two-party computation. Our framework uses a function-independent preprocessing phase to generate authenticated information for the two parties; this information is then used to construct a single ``authenticated\u27\u27 garbled circuit which is transmitted and evaluated.
We also show how to efficiently instantiate the preprocessing phase by designing a highly optimized version of the TinyOT
protocol by Nielsen et al. Our overall protocol outperforms existing work in both the single-execution and amortized settings, with or without preprocessing:
- In the single-execution setting, our protocol evaluates an AES circuit with malicious security in 37 ms with an online time of just 1 ms. Previous work with the best online time (also 1 ms) requires 124 ms in total; previous work with the best total time requires 62 ms (with 14 ms online time).
- If we amortize the computation over 1024 executions, each AES computation requires just 6.7 ms with roughly the same online
time as above. The best previous work in the amortized setting has roughly the same total time but does not support function-independent preprocessing.
Our work shows that the performance penalty for maliciously
secure two-party computation (as compared to semi-honest security) is much smaller than previously believed
Exploring Relations between Teachersâ Beliefs, Instructional Practices, and Studentsâ Beliefs in Statistics
We examined the epistemic climate of statistics classrooms across two different classrooms by measuring teachersâ espoused beliefs about teaching statistics and observing their teaching practices. We then explored whether studentsâ beliefs became more aligned with the epistemic climate of the classroom over time. Post-secondary studentsâ beliefs were measured at the beginning and end of the semester. To measure the epistemic climate, teachers completed self-reports of their beliefs about teaching and learning, and participated in two semi-structured interviews at the beginning and end of the semester. Moreover, several classroom observations were conducted over the course of the semester. Analyses of the data revealed that for one group of students in one class, their beliefs were well aligned with the classroom climate and remained stable over time whereas for the other group of students, their beliefs shifted over time to align with the classroom climate
Security of Linear Secret-Sharing Schemes against Mass Surveillance
Following the line of work presented recently by Bellare, Paterson and Rogaway, we formalize and investigate the resistance of linear secret-sharing schemes to mass surveillance. This primitive is widely used to design IT systems in the modern computer world, and often it is implemented by a proprietary code that the provider (âbig brotherâ) could manipulate to covertly violate the privacy of the users (by implementing Algorithm-Substitution Attacks or ASAs). First, we formalize the security notion that expresses the goal of big brother and prove that for any linear secret-sharing scheme there exists an undetectable subversion of it that efficiently allows surveillance. Second, we formalize the security notion that assures that a sharing scheme is secure against ASAs and construct the first sharing scheme that meets this notion. This work could serve as an important building block towards constructing systems secure against mass surveillance
The Conceptualization of Costs and Barriers of a Teaching Career Among Latino Preservice Teachers
We investigated the perceived costs and barriers of a teaching career among Latino preservice
teachers and how these men conceptualized costs relative to their race-ethnic identity, gender identity, and planned persistence in the profession from an expectancy-value perspective. We used a mixed-method approach that included a content analysis of open-ended survey responses to identify salient costs and barriers and non-metric multidimensional scaling (MDS) of participantsâ responses to quantitative scales to capture phenomenological meaning of perceived costs, collective identity constructs, and planned persistence in the profession. Participants identified a range of drawbacks and barriers of a teaching career including concerns about job demands, work conditions, teacher preparation demands, emotional costs, social status, and salary, among other concerns. The MDS map for the whole sample suggested race-ethnic and gender identity were closely associated with status, salary, and morale; maps also provided insight into phenomenological meanings of different types of costs and cost measures. MDS maps for individual students demonstrated substantial diversity in individual meanings that are lost in group-level analyses. Results are discussed with attention to theoretical and practical implications for understanding and supporting men of color entering the teaching profession
The Role of Calibration Bias and Performance Feedback in Achievement Goal Regulation
Do achievement goals change across time in response to performance feedback? Does goal orientation relate to calibration of estimated to actual achievement? We studied these issues over three tasks spanning a semester-long course where ninety-nine undergraduates received feedback about performance on each task. Learners were consistently and quite substantially biased in estimating performance with bias inversely related to actual performance. Goal orientation was not stable across time as a function of task, and it varied in some tasks in relation to calibration accuracy. These findings demonstrate goal orientations are sensitive to task and feedback. Moreover, goal orientation had varying and sometimes no relation to achievement, with calibration bias mediating most of the relations. In an authentic setting where learners experience multiple tasks over time, it is important to consider individualsâ calibration bias for performance on specific tasks. Calibration bias may be a key factor in learnersâ regulation of achievement goals
Global-Scale Secure Multiparty Computation
We propose a new, constant-round protocol for multi-party computation of boolean circuits that is secure against an arbitrary number of malicious corruptions. At a high level, we extend and generalize recent work of Wang et al. in the two-party setting and design an efficient preprocessing phase that allows the parties to generate authenticated information; we then show how to use this information to distributively construct a single ``authenticated\u27\u27 garbled circuit that is evaluated by one party.
Our resulting protocol improves upon the state-of-the-art both asymptotically and concretely. We validate these claims via several experiments demonstrating both the efficiency and scalability of our protocol:
- Efficiency: For three-party computation over a LAN, our protocol requires only 95 ms to evaluate AES. This is roughly a 700 improvement over the best prior work, and only 2.5 slower than the best known result in the two-party setting. In general, for parties our protocol improves upon prior work (which was never implemented) by a factor of more than , e.g., an improvement of 3 orders of magnitude for 5-party computation.
- Scalability: We successfully executed our protocol with a large number of parties located all over the world, computing (for example) AES with 128 parties across 5 continents in under 3 minutes. Our work represents the largest-scale demonstration of secure computation to date
- âŠ