Cryptographic Group and Semigroup Actions

We consider actions of a group or a semigroup on a set, which generalize the setup of discrete logarithm based cryptosystems. Such cryptographic group actions have gained increasing attention recently in the context of isogeny-based cryptography. We introduce generic algorithms for the semigroup action problem and discuss lower and upper bounds. Also, we investigate Pohlig-Hellman type attacks in a general sense. In particular, we consider reductions provided by non-invertible elements in a semigroup, and we deal with subgroups in the case of group actions

Efficient Recovery of a Shared Secret via Cooperation: Applications to SDMM and PIR

This work considers the problem of privately outsourcing the computation of a matrix product over a finite field $\mathbb{F}_q$ to $N$ helper servers. These servers are considered to be honest but curious, i.e., they behave according to the protocol but will try to deduce information about the user's data. Furthermore, any set of up to $X$ servers is allowed to share their data. Previous works considered this collusion a hindrance and the download cost of the schemes increases with growing $X$. We propose to utilize such linkage between servers to the user's advantage by allowing servers to cooperate in the computational task. This leads to a significant gain in the download cost for the proposed schemes. The gain naturally comes at the cost of increased communication load between the servers. Hence, the proposed cooperative scheme can be understood as outsourcing both computational cost and communication cost. While the present work exemplifies the proposed server cooperation in the case of a specific secure distributed matrix multiplication (SDMM) scheme, the same idea applies to many other use cases as well. For instance, other SDMM schemes as well as linear private information retrieval (PIR) as a special case of SDMM are instantly covered.Comment: 10 pages, 2 figure

Private Information Retrieval Schemes for Coded Data with Arbitrary Collusion Patterns

In Private Information Retrieval (PIR), one wants to download a file from a database without revealing to the database which file is being downloaded. Much attention has been paid to the case of the database being encoded across several servers, subsets of which can collude to attempt to deduce the requested file. With the goal of studying the achievable PIR rates in realistic scenarios, we generalize results for coded data from the case of all subsets of servers of size $t$ colluding, to arbitrary subsets of the servers. We investigate the effectiveness of previous strategies in this new scenario, and present new results in the case where the servers are partitioned into disjoint colluding groups.Comment: Updated with a corrected statement of Theorem

Invariants of Quadratic Forms and applications in Design Theory

The study of regular incidence structures such as projective planes and symmetric block designs is a well established topic in discrete mathematics. Work of Bruck, Ryser and Chowla in the mid-twentieth century applied the Hasse-Minkowski local-global theory for quadratic forms to derive non-existence results for certain design parameters. Several combinatorialists have provided alternative proofs of this result, replacing conceptual arguments with algorithmic ones. In this paper, we show that the methods required are purely linear-algebraic in nature and are no more difficult conceptually than the theory of the Jordan Canonical Form. Computationally, they are rather easier. We conclude with some classical and recent applications to design theory, including a novel application to the decomposition of incidence matrices of symmetric designs.Comment: 23 page

Straggler- and Adversary-Tolerant Secure Distributed Matrix Multiplication Using Polynomial Codes

Large matrix multiplications commonly take place in large-scale machine-learning applications. Often, the sheer size of these matrices prevent carrying out the multiplication at a single server. Therefore, these operations are typically offloaded to a distributed computing platform with a master server and a large amount of workers in the cloud, operating in parallel. For such distributed platforms, it has been recently shown that coding over the input data matrices can reduce the computational delay by introducing a tolerance against straggling workers, i.e., workers for which execution time significantly lags with respect to the average. In addition to exact recovery, we impose a security constraint on both matrices to be multiplied. Specifically, we assume that workers can collude and eavesdrop on the content of these matrices. For this problem, we introduce a new class of polynomial codes with fewer non-zero coefficients than the degree +1. We provide closed-form expressions for the recovery threshold and show that our construction improves the recovery threshold of existing schemes in the literature, in particular for larger matrix dimensions and a moderate to large number of colluding workers. In the absence of any security constraints, we show that our construction is optimal in terms of recovery threshold

Straggler- and Adversary-Tolerant Secure Distributed Matrix Multiplication Using Polynomial Codes

Large matrix multiplications commonly take place in large-scale machine-learning applications. Often, the sheer size of these matrices prevent carrying out the multiplication at a single server. Therefore, these operations are typically offloaded to a distributed computing platform with a master server and a large amount of workers in the cloud, operating in parallel. For such distributed platforms, it has been recently shown that coding over the input data matrices can reduce the computational delay by introducing a tolerance against straggling workers, i.e., workers for which execution time significantly lags with respect to the average. In addition to exact recovery, we impose a security constraint on both matrices to be multiplied. Specifically, we assume that workers can collude and eavesdrop on the content of these matrices. For this problem, we introduce a new class of polynomial codes with fewer non-zero coefficients than the degree +1. We provide closed-form expressions for the recovery threshold and show that our construction improves the recovery threshold of existing schemes in the literature, in particular for larger matrix dimensions and a moderate to large number of colluding workers. In the absence of any security constraints, we show that our construction is optimal in terms of recovery threshold