Round Optimal Black-Box “Commit-and-Prove”

Motivatedbytheoreticalandpracticalconsiderations,anim- portant line of research is to design secure computation protocols that only make black-box use of cryptography. An important component in nearly all the black-box secure computation constructions is a black- box commit-and-prove protocol. A commit-and-prove protocol allows a prover to commit to a value and prove a statement about this value while guaranteeing that the committed value remains hidden. A black- box commit-and-prove protocol implements this functionality while only making black-box use of cryptography. In this paper, we build several tools that enable constructions of round- optimal, black-box commit and prove protocols. In particular, assuming injective one-way functions, we design the first round-optimal, black- box commit-and-prove arguments of knowledge satisfying strong privacy against malicious verifiers, namely: – Zero-knowledge in four rounds and, – Witness indistinguishability in three rounds. Prior to our work, the best known black-box protocols achieving commit- and-prove required more rounds. We additionally ensure that our protocols can be used, if needed, in the delayed-input setting, where the statement to be proven is decided only towards the end of the interaction. We also observe simple applications of our protocols towards achieving black-box four-round constructions of extractable and equivocal commitments. We believe that our protocols will provide a useful tool enabling several new constructions and easy round-efficient conversions from non-black- box to black-box protocols in the future

ADAMTS13 phenotype in plasma from normal individuals and patients with thrombotic thrombocytopenic purpura

The activity of ADAMTS13, the von Willebrand factor cleaving protease, is deficient in patients with thrombotic thrombocytopenic purpura (TTP). In the present study, the phenotype of ADAMTS13 in TTP and in normal plasma was demonstrated by immunoblotting. Normal plasma (n = 20) revealed a single band at 190 kD under reducing conditions using a polyclonal antibody, and a single band at 150 kD under non-reducing conditions using a monoclonal antibody. ADAMTS13 was not detected in the plasma from patients with congenital TTP (n = 5) by either antibody, whereas patients with acquired TTP (n = 2) presented the normal phenotype. Following immunoadsorption of immunoglobulins, the ADAMTS13 band was removed from the plasma of the patients with acquired TTP, but not from that of normal individuals. This indicates that ADAMTS13 is complexed with immunoglobulin in these patients. The lack of ADAMTS13 expression in the plasma from patients with hereditary TTP may indicate defective synthesis, impaired cellular secretion, or enhanced degradation in the circulation. This study differentiated between normal and TTP plasma, as well as between congenital and acquired TTP. This method may, therefore, be used as a complement in the diagnosis of TTP

Scalable Multi-Party Private Set-Intersection

In this work we study the problem of private set-intersection in the multi-party setting and design two protocols with the following improvements compared to prior work. First, our protocols are designed in the so-called star network topology, where a designated party communicates with everyone else, and take a new approach of leveraging the 2PC protocol of [FreedmanNP04]. This approach minimizes the usage of a broadcast channel, where our semi-honest protocol does not make any use of such a channel and all communication is via point-to-point channels. In addition, the communication complexity of our protocols scales with the number of parties. More concretely, (1) our first semi-honest secure protocol implies communication complexity that is linear in the input sizes, namely $O((\sum_{i=1}^n m_i)\cdot\kappa)$ bits of communication where $\kappa$ is the security parameter and $m_i$ is the size of $P_i$\u27s input set, whereas overall computational overhead is quadratic in the input sizes only for a designated party, and linear for the rest. We further reduce this overhead by employing two types of hashing schemes. (2) Our second protocol is proven secure in the malicious setting. This protocol induces communication complexity O((n^2 + nm_\maxx + nm_\minn\log m_\maxx)\kappa) bits of communication where m_\minn (resp. m_\maxx) is the minimum (resp. maximum) over all input sets sizes and $n$ is the number of parties

A New Approach to Practical Active-Secure Two-Party Computation

a

More Efficient Constant-Round Multi-Party Computation from BMR and SHE

We present a multi-party computation protocol in the case of dishonest majority which has very low round complexity. Our protocol sits philosophically between Gentry\u27s Fully Homomorphic Encryption based protocol and the SPDZ-BMR protocol of Lindell et al (CRYPTO 2015). Our protocol avoids various inefficiencies of the previous two protocols. Compared to Gentry\u27s protocol we only require Somewhat Homomorphic Encryption (SHE). Whilst in comparison to the SPDZ-BMR protocol we require only a quadratic complexity in the number of players (as opposed to cubic), we have fewer rounds, and we require less proofs of correctness of ciphertexts. Additionally, we present a variant of our protocol which trades the depth of the garbling circuit (computed using SHE) for some more multiplications in the offline and online phases

本邦倉庫の職能に就て

Designing an efficient cipher was always a delicate balance between linear and non-linear operations. This goes back to the design of DES, and in fact all the way back to the seminal work of Shannon. Here we focus, for the first time, on an extreme corner of the design space and initiate a study of symmetric-key primitives that minimize the multiplicative size and depth of their descriptions. This is motivated by recent progress in practical instantiations of secure multi-party computation (MPC), fully homomorphic encryption (FHE), and zero-knowledge proofs (ZK) where linear computations are, compared to non-linear operations, essentially ``free\u27\u27. We focus on the case of a block cipher, and propose the family of block ciphers ``LowMC\u27\u27, beating all existing proposals with respect to these metrics. As examples, we give concrete instatiations for 80-bit, 128-bit, and 256-bit security. We sketch several applications for such ciphers and give implementation comparisons suggesting that when encrypting larger amounts of data the new design strategy translates into improvements in computation and communication complexity by up to a factor of 5 compared to AES-128, which incidentally is one of the most competitive classical designs. Furthermore, we identify cases where ``free XORs\u27\u27 can no longer be regarded as such but represent a bottleneck, hence refuting this commonly held belief with a practical example