349 research outputs found
A min-entropy uncertainty relation for finite size cryptography
Apart from their foundational significance, entropic uncertainty relations
play a central role in proving the security of quantum cryptographic protocols.
Of particular interest are thereby relations in terms of the smooth min-entropy
for BB84 and six-state encodings. Previously, strong uncertainty relations were
obtained which are valid in the limit of large block lengths. Here, we prove a
new uncertainty relation in terms of the smooth min-entropy that is only
marginally less strong, but has the crucial property that it can be applied to
rather small block lengths. This paves the way for a practical implementation
of many cryptographic protocols. As part of our proof we show tight uncertainty
relations for a family of Renyi entropies that may be of independent interest.Comment: 5+6 pages, 1 figure, revtex. new version changed author's name from
Huei Ying Nelly Ng to Nelly Huei Ying Ng, for consistency with other
publication
Implementation of two-party protocols in the noisy-storage model
The noisy-storage model allows the implementation of secure two-party
protocols under the sole assumption that no large-scale reliable quantum
storage is available to the cheating party. No quantum storage is thereby
required for the honest parties. Examples of such protocols include bit
commitment, oblivious transfer and secure identification. Here, we provide a
guideline for the practical implementation of such protocols. In particular, we
analyze security in a practical setting where the honest parties themselves are
unable to perform perfect operations and need to deal with practical problems
such as errors during transmission and detector inefficiencies. We provide
explicit security parameters for two different experimental setups using weak
coherent, and parametric down conversion sources. In addition, we analyze a
modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030
considering practical aspects, v2: published version, title changed in
accordance with PRA guideline
Communication Lower Bounds for Statistically Secure MPC, with or without Preprocessing
We prove a lower bound on the communication complexity of unconditionally secure multiparty computation, both in the standard model with parties of which are corrupted, and in the preprocessing model with . In both cases, we show
that for any there exists a Boolean circuit with gates, where any secure protocol implementing must communicate bits,
even if only passive and statistical security is required.
The results easily extends to constructing similar circuits over any fixed finite field.
This shows that for all sizes of circuits, the overhead of all known protocols when is maximal is inherent. It also shows that security comes at a price: the circuit we consider could namely be computed among parties with communication only bits if no security was required.
Our results extend to the case where the threshold is suboptimal. For the honest majority case, this shows that the known optimizations via packed secret-sharing can only be obtained
if one accepts that the threshold is for a constant .
For the honest majority case, we also show an upper bound that matches the lower bound up to a constant factor (existing upper bounds are a factor off for Boolean circuits)
The Impossibility Of Secure Two-Party Classical Computation
We present attacks that show that unconditionally secure two-party classical
computation is impossible for many classes of function. Our analysis applies to
both quantum and relativistic protocols. We illustrate our results by showing
the impossibility of oblivious transfer.Comment: 10 page
A lower bound on the dimension of a quantum system given measured data
We imagine an experiment on an unknown quantum mechanical system in which the
system is prepared in various ways and a range of measurements are performed.
For each measurement M and preparation rho the experimenter can determine,
given enough time, the probability of a given outcome a: p(a|M,rho). How large
does the Hilbert space of the quantum system have to be in order to allow us to
find density matrices and measurement operators that will reproduce the given
probability distribution? In this note, we prove a simple lower bound for the
dimension of the Hilbert space. The main insight is to relate this problem to
the construction of quantum random access codes, for which interesting bounds
on Hilbert space dimension already exist. We discuss several applications of
our result to hidden variable, or ontological models, to Bell inequalities and
to properties of the smooth min-entropy.Comment: 8 pages, revtex, v2: improved presentation. To appear in Phys. Rev.
Turbospeedz: Double Your Online SPDZ! Improving SPDZ using Function Dependent Preprocessing
Secure multiparty computation allows a set of mutually distrusting parties to securely compute a function of their private inputs, revealing only the output, even if some of the parties are corrupt. Recent years have seen an enormous amount of work that drastically improved the concrete efficiency of secure multiparty computation protocols. Many secure multiparty protocols work in an ``offline-online model. In this model, the computation is split into two main phases: a relatively slow ``offline phase , which the parties execute before they know their input, and a fast ``online phase , which the parties execute after receiving their input.
One of the most popular and efficient protocols for secure multiparty computation working in this model is the SPDZ protocol (Damgaard et al., CRYPTO 2012). The SPDZ offline phase is function independent, i.e., does not requires knowledge of the computed function at the offline phase. Thus, a natural question is: can the efficiency of the SPDZ protocol be improved if the function is known at the offline phase?
In this work, we answer the above question affirmatively. We show that by using a function dependent preprocessing protocol, the online communication of the SPDZ protocol can be brought down significantly, almost by a factor of 2, and the online computation is often also significantly reduced. In scenarios where communication is the bottleneck, such as strong computers on low bandwidth networks, this could potentially almost double the online throughput of the SPDZ protocol, when securely computing the same circuit many times in parallel (on different inputs).
We present two versions of our protocol: Our first version uses the SPDZ offline phase protocol as a black-box, which achieves the improved online communication at the cost of slightly increasing the offline communication. Our second version works by modifying the state-of-the-art SPDZ preprocessing protocol, Overdrive (Keller et al., Eurocrypt 2018). This version improves the overall communication over the state-of-the-art SPDZ when the function is known at the offline phase
Data-Oblivious Graph Algorithms in Outsourced External Memory
Motivated by privacy preservation for outsourced data, data-oblivious
external memory is a computational framework where a client performs
computations on data stored at a semi-trusted server in a way that does not
reveal her data to the server. This approach facilitates collaboration and
reliability over traditional frameworks, and it provides privacy protection,
even though the server has full access to the data and he can monitor how it is
accessed by the client. The challenge is that even if data is encrypted, the
server can learn information based on the client data access pattern; hence,
access patterns must also be obfuscated. We investigate privacy-preserving
algorithms for outsourced external memory that are based on the use of
data-oblivious algorithms, that is, algorithms where each possible sequence of
data accesses is independent of the data values. We give new efficient
data-oblivious algorithms in the outsourced external memory model for a number
of fundamental graph problems. Our results include new data-oblivious
external-memory methods for constructing minimum spanning trees, performing
various traversals on rooted trees, answering least common ancestor queries on
trees, computing biconnected components, and forming open ear decompositions.
None of our algorithms make use of constant-time random oracles.Comment: 20 page
On Multiparty Garbling of Arithmetic Circuits
We initiate a study of garbled circuits that contain both Boolean and arithmetic gates in secure multiparty computation. In particular, we incorporate the garbling gadgets for arithmetic circuits recently presented by Ball, Malkin, and Rosulek (ACM CCS 2016) into the multiparty garbling paradigm initially introduced by Beaver, Micali, and Rogaway (STOC \u2790). This is the first work that studies arithmetic garbled circuits in the multiparty setting. Using mixed Boolean-arithmetic circuits allows more efficient secure computation of functions that naturally combine Boolean and arithmetic computations. Our garbled circuits are secure in the semi-honest model, under the same hardness assumptions as Ball et al., and can be efficiently and securely computed in constant rounds assuming an honest majority.
We first extend free addition and multiplication by a constant to the multiparty setting.
We then extend to the multiparty setting efficient garbled multiplication gates. The garbled multiplication gate construction we show was previously achieved only in the two-party setting and assuming a random oracle.
We further present a new garbling technique, and show how this technique can improve efficiency in garbling selector gates. Selector gates compute a simple ``if statement in the arithmetic setting: the gate selects the output value from two input integer values, according to a Boolean selector bit; if the bit is the output equals the first value, and if the bit is the output equals the second value. Using our new technique, we show a new and designated garbled selector gate that reduces by approximately the evaluation time, for any number of parties, from the best previously known constructions that use existing techniques and are secure based on the same hardness assumptions.
On the downside, we find that testing equality and computing exponentiation by a constant are significantly more complex to garble in the multiparty setting than in the two-party setting
Crowd Verifiable Zero-Knowledge and End-to-end Verifiable Multiparty Computation
Auditing a secure multiparty computation (MPC) protocol entails the validation of the protocol transcript by a third party that is otherwise untrusted. In this work, we introduce the concept of end-to-end verifiable MPC (VMPC), that requires the validation to provide a correctness guarantee even in the setting that all servers, trusted setup primitives and all the client systems utilized by the input-providing users of the MPC protocol are subverted by an adversary. To instantiate VMPC, we introduce a new concept in the setting of zero-knowlegde protocols that we term crowd verifiable zero-knowledge (CVZK). A CVZK protocol enables a prover to convince a set of verifiers about a certain statement, even though each one individually contributes a small amount of entropy for verification and some of them are adversarially controlled. Given CVZK, we present a VMPC protocol that is based on discrete-logarithm related assumptions. At the high level of adversity that VMPC is meant to withstand, it is infeasible to ensure perfect correctness, thus we investigate the classes of functions and verifiability relations that are feasible in our framework, and present a number of possible applications the underlying functions of which can be implemented via VMPC
On the Computational Overhead of MPC with Dishonest Majority
We consider the situation where a large number of players want to securely compute a large function with security against an adaptive, malicious adversary which might corrupt of the parties for some given . In other words, only some arbitrarily small constant fraction of the parties are assumed to be honest. For any fixed , we consider the asymptotic complexity as and the size of grows. We are in particular interested in the computational overhead, defined as the total computational complexity of all parties divided by the size of .
We show that it is possible to achieve poly-logarithmic computational overhead for all .
Prior to our result it was only known how to get poly-logarithmic overhead for .
We therefore significantly extend the area where we can do secure multiparty computation with poly-logarithmic overhead. Since we allow that more than half the parties are corrupted, we can only get security with abort, i.e., the adversary might make the protocol abort before all parties learn their outputs.
We can, however, for all make a protocol for which there exists such that if at most parties are actually corrupted in a given execution, then the protocol will not abort. Our result is solely of theoretical interest
- …