Design of large scale applications of secure multiparty computation : secure linear programming

Secure multiparty computation is a basic concept of growing interest in modern cryptography. It allows a set of mutually distrusting parties to perform a computation on their private information in such a way that as little as possible is revealed about each private input. The early results of multiparty computation have only theoretical signi??cance since they are not able to solve computationally complex functions in a reasonable amount of time. Nowadays, e??ciency of secure multiparty computation is an important topic of cryptographic research. As a case study we apply multiparty computation to solve the problem of secure linear programming. The results enable, for example in the context of the EU-FP7 project SecureSCM, collaborative supply chain management. Collaborative supply chain management is about the optimization of the supply and demand con??guration of a supply chain. In order to optimize the total bene??t of the entire chain, parties should collaborate by pooling their sensitive data. With the focus on e??ciency we design protocols that securely solve any linear program using the simplex algorithm. The simplex algorithm is well studied and there are many variants of the simplex algorithm providing a simple and e??cient solution to solving linear programs in practice. However, the cryptographic layer on top of any variant of the simplex algorithm imposes restrictions and new complexity measures. For example, hiding the number of iterations of the simplex algorithm has the consequence that the secure implementations have a worst case number of iterations. Then, since the simplex algorithm has exponentially many iterations in the worst case, the secure implementations have exponentially many iterations in all cases. To give a basis for understanding the restrictions, we review the basic theory behind the simplex algorithm and we provide a set of cryptographic building blocks used to implement secure protocols evaluating basic variants of the simplex algorithm. We show how to balance between privacy and e??ciency; some protocols reveal data about the internal state of the simplex algorithm, such as the number of iterations, in order to improve the expected running times. For the sake of simplicity and e??ciency, the protocols are based on Shamir's secret sharing scheme. We combine and use the results from the literature on secure random number generation, secure circuit evaluation, secure comparison, and secret indexing to construct e??cient building blocks for secure simplex. The solutions for secure linear programming in this thesis can be split into two categories. On the one hand, some protocols evaluate the classical variants of the simplex algorithm in which numbers are truncated, while the other protocols evaluate the variants of the simplex algorithms in which truncation is avoided. On the other hand, the protocols can be separated by the size of the tableaus. Theoretically there is no clear winner that has both the best security properties and the best performance

Evidence-based discounting rule in subjective logic

We identify an inconsistency in Subjective Logic caused by the discounting operator ‘...’. We propose a new operator, ‘...’, which resolves all the consistency problems. The new algebra makes it possible to compute Subjective Logic trust values (reputations) in arbitrarily connected trust networks. The material presented here is an excerpt of [3]

Flow-based reputation with uncertainty: evidence-based subjective logic

The concept of reputation is widely used as a measure of trustworthiness based on ratings from members in a community. The adoption of reputation systems, however, relies on their ability to capture the actual trustworthiness of a target. Several reputation models for aggregating trust information have been proposed in the literature. The choice of model has an impact on the reliability of the aggregated trust information as well as on the procedure used to compute reputations. Two prominent models are flow-based reputation (e.g., EigenTrust, PageRank) and subjective logic-based reputation. Flow-based models provide an automated method to aggregate trust information, but they are not able to express the level of uncertainty in the information. In contrast, subjective logic extends probabilistic models with an explicit notion of uncertainty, but the calculation of reputation depends on the structure of the trust network and often requires information to be discarded. These are severe drawbacks. In this work, we observe that the ‘opinion discounting’ operation in subjective logic has a number of basic problems. We resolve these problems by providing a new discounting operator that describes the flow of evidence from one party to another. The adoption of our discounting rule results in a consistent subjective logic algebra that is entirely based on the handling of evidence. We show that the new algebra enables the construction of an automated reputation assessment procedure for arbitrary trust networks, where the calculation no longer depends on the structure of the network, and does not need to throw away any information. Thus, we obtain the best of both worlds: flow-based reputation and consistent handling of uncertainties. Keywords: Reputation systems; Evidence theory; Subjective logic; Flow-based reputation model

Flow-based reputation with uncertainty: evidence-based subjective logic

The concept of reputation is widely used as a measure of trustworthiness based on ratings from members in a community. The adoption of reputation systems, however, relies on their ability to capture the actual trustworthiness of a target. Several reputation models for aggregating trust information have been proposed in the literature. The choice of model has an impact on the reliability of the aggregated trust information as well as on the procedure used to compute reputations. Two prominent models are flow-based reputation (e.g., EigenTrust, PageRank) and subjective logic-based reputation. Flow-based models provide an automated method to aggregate trust information, but they are not able to express the level of uncertainty in the information. In contrast, subjective logic extends probabilistic models with an explicit notion of uncertainty, but the calculation of reputation depends on the structure of the trust network and often requires information to be discarded. These are severe drawbacks. In this work, we observe that the ‘opinion discounting’ operation in subjective logic has a number of basic problems. We resolve these problems by providing a new discounting operator that describes the flow of evidence from one party to another. The adoption of our discounting rule results in a consistent subjective logic algebra that is entirely based on the handling of evidence. We show that the new algebra enables the construction of an automated reputation assessment procedure for arbitrary trust networks, where the calculation no longer depends on the structure of the network, and does not need to throw away any information. Thus, we obtain the best of both worlds: flow-based reputation and consistent handling of uncertainties. Keywords: Reputation systems; Evidence theory; Subjective logic; Flow-based reputation model

Universally verifiable outsourcing and application to linear programming

In this chapter, we show how to guarantee correctness when applying multiparty computation in outsourcing scenarios. Specifically, we consider how to guarantee the correctness of the result when neither the parties supplying the input nor the parties performing the computation can be trusted. Generic techniques to achieve this are too slow to be of practical use. However, we show that it is possible to achieve practical performance for specific problems by exploiting the existence of certificates proving that a computation result is correct.</p

Performance comparison of secure comparison protocols

Secure multiparty computation (SMC) has gained tremendous importance with the growth of the Internet and e-commerce, where mutually untrusted parties need to jointly compute a function of their private inputs. However, SMC protocols usually have very high computational complexities, rendering them practically unusable. In this paper, we tackle the problem of comparing two input values in a secure distributed fashion. We propose efficient secure comparison protocols for both the homomorphic encryption and secret sharing schemes. We also give experimental results to show their practical relevance

Improved primitives for secure multiparty integer computation

We consider a collection of related multiparty computation protocols that provide core operations for secure integer and fixed-point computation. The higher-level protocols offer integer truncation and comparison, which are typically the main performance bottlenecks in complex applications. We present techniques and building blocks that allow to improve the efficiency of these protocols, in order to meet the performance requirements of a broader range of applications. The protocols can be constructed using different secure computation methods. We focus on solutions for multiparty computation using secret sharing

Secure comparison protocols in the semi-honest model

Due to high complexity, comparison protocols with secret inputs have been a bottleneck in the design of privacy-preserving cryptographic protocols. Different solutions based on homomorphic encryption, garbled circuits and secret sharing techniques have been proposed over the last few years, each claiming high efficiency. Unfortunately, a fair comparison of existing protocols in terms of run-time, bandwidth requirement and round complexity has been lacking so far. In this paper, we analyze the stateof- the-art comparison protocols for a two-party setting in the semihonest security protocol. We analyze their performances in three stages, namely initialization, pre-processing and online computation, by implementing them on a single platform. The results of our experiments provide a clear insight for the research community into the advantages and disadvantages of the various techniques. © 2015 IEEE