Efficient MPC with a Mixed Adversary

Over the past 20 years, the efficiency of secure multi-party protocols has been greatly improved. While the seminal protocols from the late 80’s require a communication of Ω(n⁶) field elements per multiplication among n parties, recent protocols offer linear communication complexity. This means that each party needs to communicate a constant number of field elements per multiplication, independent of n. However, these efficient protocols only offer active security, which implies that at most t<n/3 (perfect security), respectively t<n/2 (statistical or computational security) parties may be corrupted. Higher corruption thresholds (i.e., t≥ n/2) can only be achieved with degraded security (unfair abort), where one single corrupted party can prevent honest parties from learning their outputs. The aforementioned upper bounds (t<n/3 and t<n/2) have been circumvented by considering mixed adversaries (Fitzi et al., Crypto' 98), i.e., adversaries that corrupt, at the same time, some parties actively, some parties passively, and some parties in the fail-stop manner. It is possible, for example, to achieve perfect security even if 2/3 of the parties are faulty (three quarters of which may abort in the middle of the protocol, and a quarter may even arbitrarily misbehave). This setting is much better suited to many applications, where the crash of a party is more likely than a coordinated active attack. Surprisingly, since the presentation of the feasibility result for the mixed setting, no progress has been made in terms of efficiency: the state-of-the-art protocol still requires a communication of Ω(n⁶) field elements per multiplication. In this paper, we present a perfectly-secure MPC protocol for the mixed setting with essentially the same efficiency as the best MPC protocols for the active-only setting. For the first time, this allows to tolerate faulty majorities, while still providing optimal efficiency. As a special case, this also results in the first fully-secure MPC protocol secure against any number of crashing parties, with optimal (i.e., linear in n) communication. We provide simulation-based proofs of our construction.ISSN:1868-896

Service Systems, Smart Service Systems and Cyber- Physical Systems—What’s the difference? Towards a Unified Terminology

As businesses and their networks transform towards co-creation, several concepts describing the resulting systems emerge. During the past years, we can observe a rise of the concepts Service Systems, Smart Service Systems and Cyber-Physical Systems. However, distinct definitions are either very broad or contradict each other. As a result, several characteristics appear around these terms, which also miss distinct allocations and relationships to the underlying concepts. Previous research only describes these concepts and related characteristics in an isolated manner. Thus, we perform an inter-disciplinary structured literature review to relate and define the concepts of Service Systems, Smart Service Systems and Cyber-Physical Systems as well as related characteristics. This article can, therefore, serve as a basis for future research endeavors as it delivers a unified terminology

From Partial to Global Asynchronous Reliable Broadcast

Broadcast is a fundamental primitive in distributed computing. It allows a sender to consistently distribute a message among n recipients. The seminal result of Pease et al. [JACM\u2780] shows that in a complete network of synchronous bilateral channels, broadcast is achievable if and only if the number of corruptions is bounded by t < n/3. To overcome this bound, a fascinating line of works, Fitzi and Maurer [STOC\u2700], Considine et al. [JC\u2705], and Raykov [ICALP\u2715], proposed strengthening the communication network by assuming partial synchronous broadcast channels, which guarantee consistency among a subset of recipients. We extend this line of research to the asynchronous setting. We consider reliable broadcast protocols assuming a communication network which provides each subset of b parties with reliable broadcast channels. A natural question is to investigate the trade-off between the size b and the corruption threshold t. We answer this question by showing feasibility and impossibility results: - A reliable broadcast protocol ?_{RBC} that: - For 3 ? b ? 4, is secure up to t < n/2 corruptions. - For b > 4 even, is secure up to t < ((b-4)/(b-2) n + 8/(b-2)) corruptions. - For b > 4 odd, is secure up to t < ((b-3)/(b-1) n + 6/(b-1)) corruptions. - A nonstop reliable broadcast ?_{nRBC}, where parties are guaranteed to obtain output as in reliable broadcast but may need to run forever, secure up to t < (b-1)/(b+1) n corruptions. - There is no protocol for (nonstop) reliable broadcast secure up to t ? (b-1)/(b+1) n corruptions, implying that ?_{RBC} is an asymptotically optimal reliable broadcast protocol, and ?_{nRBC} is an optimal nonstop reliable broadcast protocol

Enabling Inter-organizational Analytics in Business Networks Through Meta Machine Learning

Successful analytics solutions that provide valuable insights often hinge on the connection of various data sources. While it is often feasible to generate larger data pools within organizations, the application of analytics within (inter-organizational) business networks is still severely constrained. As data is distributed across several legal units, potentially even across countries, the fear of disclosing sensitive information as well as the sheer volume of the data that would need to be exchanged are key inhibitors for the creation of effective system-wide solutions -- all while still reaching superior prediction performance. In this work, we propose a meta machine learning method that deals with these obstacles to enable comprehensive analyses within a business network. We follow a design science research approach and evaluate our method with respect to feasibility and performance in an industrial use case. First, we show that it is feasible to perform network-wide analyses that preserve data confidentiality as well as limit data transfer volume. Second, we demonstrate that our method outperforms a conventional isolated analysis and even gets close to a (hypothetical) scenario where all data could be shared within the network. Thus, we provide a fundamental contribution for making business networks more effective, as we remove a key obstacle to tap the huge potential of learning from data that is scattered throughout the network.Comment: Preprint, forthcoming at Information Technology and Managemen

Adaptively Secure Broadcast

A broadcast protocol allows a sender to distribute a message through a point-to-point network to a set of parties, such that (i) all parties receive the same message, even if the sender is corrupted, and (ii) this is the sender\u27s message, if he is honest. Broadcast protocols satisfying these properties are known to exist if and only if $t<n/3$, where $n$ denotes the total number of parties, and $t$ denotes the maximal number of corruptions. When a setup allowing signatures is available to the parties, then such protocols exist even for $t<n$. Broadcast is the probably most fundamental primitive in distributed cryptography, and is used in almost any cryptographic (multi-party) protocol. However, a broadcast protocol ``only\u27\u27 satisfying the above properties might be insecure when being used in the context of another protocol. In order to be safely usable within other protocols, a broadcast protocol must satisfy a simulation-based security notion, which is secure under composition. In this work, we show that most broadcast protocols in the literature do not satisfy a (natural) simulation-based security notion. We do not know of any broadcast protocol which could be securely invoked in a multi-party computation protocol in the secure-channels model. The problem is that existing protocols for broadcast do not preserve the secrecy of the message while being broadcasted, and in particular allow the adversary to corrupt the sender (and change the message), depending on the message being broadcasted. For example, when every party should broadcast a random bit, the adversary could corrupt those parties that want to broadcast 0, and make them broadcast 1. More concretely, we show that simulatable broadcast in a model with secure channels is possible if and only if $t<n/3$, respectively $t \le n/2$ when a signature setup is available. The positive results are proven by constructing secure broadcast protocols

Efficient Multiparty Computations with Dishonest Minority

We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the secure channels model, where a broadcast channel is given and a non-zero error probability is allowed. In this model Rabin and Ben-Or proposed VSS and MPC protocols, secure against an adversary that can corrupt any minority of the players. In this paper, we rst observe that a subprotocol of theirs, known as weak secret sharing (WSS), is not secure against an adaptive adversary, contrary to what was believed earlier. We then propose new and adaptively secure protocols for WSS, VSS and MPC that are substantially more efficient than the original ones. Our protocols generalize easily to provide security against general Q2 adversaries

Mutual Validation of GNSS Height Measurements and High-precision Geometric-astronomical Leveling

The method of geometric-astronomical leveling is presented as a suited technique for the validation of GNSS (Global Navigation Satellite System) heights. In geometric-astronomical leveling, the ellipsoidal height differences are obtained by combining conventional spirit leveling and astronomical leveling. Astronomical leveling with recently developed digital zenith camera systems is capable of providing the geometry of equipotential surfaces of the gravity field accurate to a few 0.1 mm per km. This is comparable to the accuracy of spirit leveling. Consequently, geometric-astronomical leveling yields accurate ellipsoidal height differences that may serve as an independent check on GNSS height measurements at local scales. A test was performed in a local geodetic network near Hanover. GPS observations were simultaneously carried out at five stations over a time span of 48 h and processed considering state-of-the-art techniques and sophisticated new approaches to reduce station-dependent errors. The comparison of GPS height differences with those from geometric-astronomical leveling shows a promising agreement of some millimeters. The experiment indicates the currently achievable accuracy level of GPS height measurements and demonstrates the practical applicability of the proposed approach for the validation of GNSS height measurements as well as the evaluation of GNSS height processing strategies

Beyond the second order magnetic anisotropy tensor: Higher-order components due to oriented magnetite exsolutions in pyroxenes, and implications for paleomagnetic and structural interpretations

Exsolved iron oxides in silicate minerals can be nearly ideal paleomagnetic recorders, due to their single-domain-like behaviour and the protection from chemical alteration by their surrounding silicate host. Because their geometry is crystallographically controlled by the host silicate, these exsolutions possess a shape preferred orientation that is ultimately controlled by the mineral fabric of the silicates. This leads to potentially significant anisotropic acquisition of remanence, which necessitates correction to make accurate interpretations in paleodirectional and paleointensity studies. Here, we investigate the magnetic shape anisotropy carried by magnetite exsolutions in pyroxene single crystals, and in pyroxene-bearing rocks based on torque measurements and rotational hysteresis data. Image analysis is used to characterize the orientation distribution of oxides, from which the observed anisotropy can be modelled. Both the high-field torque signal and corresponding models contain components of higher order, which cannot be accurately described by second order tensors usually employed to describe magnetic fabrics. Conversely, low-field anisotropy data do not show this complexity and can be adequately described with second-order tensors. Hence, magnetic anisotropy of silicate-hosted exsolutions is field-dependent and this should be taken into account when interpreting isolated ferromagnetic fabrics, and in anisotropy corrections