1,096 research outputs found
A Flexible Privacy-preserving Framework for Singular Value Decomposition under Internet of Things Environment
The singular value decomposition (SVD) is a widely used matrix factorization
tool which underlies plenty of useful applications, e.g. recommendation system,
abnormal detection and data compression. Under the environment of emerging
Internet of Things (IoT), there would be an increasing demand for data analysis
to better human's lives and create new economic growth points. Moreover, due to
the large scope of IoT, most of the data analysis work should be done in the
network edge, i.e. handled by fog computing. However, the devices which provide
fog computing may not be trustable while the data privacy is often the
significant concern of the IoT application users. Thus, when performing SVD for
data analysis purpose, the privacy of user data should be preserved. Based on
the above reasons, in this paper, we propose a privacy-preserving fog computing
framework for SVD computation. The security and performance analysis shows the
practicability of the proposed framework. Furthermore, since different
applications may utilize the result of SVD operation in different ways, three
applications with different objectives are introduced to show how the framework
could flexibly achieve the purposes of different applications, which indicates
the flexibility of the design.Comment: 24 pages, 4 figure
Covert Security with Public Verifiability: Faster, Leaner, and Simpler
The notion of covert security for secure two-party computation serves as a compromise between the traditional semi-honest and malicious security definitions. Roughly, covert security ensures that cheating behavior is detected by the honest party with reasonable probability. It provides more realistic guarantees than semi-honest security with significantly less overhead than is required by malicious security.
The rationale for covert security is that it dissuades cheating by parties that care about their reputation and do not want to risk being caught. Further thought, however, shows that a much stronger disincentive is obtained if the honest party can generate a publicly verifiable certificate of misbehavior when cheating is detected. While the corresponding notion of publicly verifiable covert (PVC) security has been explored, existing PVC protocols are complex and less efficient than the best-known covert protocols, and have impractically large certificates.
We propose a novel PVC protocol that significantly improves on prior work. Our protocol uses only ``off-the-shelf\u27\u27 primitives (in particular, it avoids signed oblivious transfer) and, for
deterrence factor 1/2, has only 20-40% overhead (depending on the circuit size and network bandwidth) compared to state-of-the-art semi-honest protocols. Our protocol also has, for the first time, constant-size certificates of cheating (e.g., 354 bytes long at the 128-bit security level).
As our protocol offers strong security guarantees with low overhead, we suggest that it is the best choice for many practical applications of secure two-party computation
How to Circumvent the Two-Ciphertext Lower Bound for Linear Garbling Schemes
At EUROCRYPT 2015, Zahur et al.\ argued that all linear, and thus, efficient, garbling schemes need at least two -bit elements to garble an AND gate with security parameter . We show how to circumvent this lower bound, and propose an efficient garbling scheme which requires less than two -bit elements per AND gate for most circuit layouts. Our construction slightly deviates from the linear garbling model, and constitutes no contradiction to any claims in the lower-bound proof. With our proof of concept construction, we hope to spur new ideas for more practical garbling schemes.
Our construction can directly be applied to semi-private function evaluation by garbling XOR, XNOR, NAND, OR, NOR and AND gates in the same way, and keeping the evaluator oblivious of the gate function
Actively Secure Garbled Circuits with Constant Communication Overhead in the Plain Model
We consider the problem of constant-round secure two-party computation in the presence of active (malicious) adversaries. We present the first protocol that has only a constant multiplicative communication overhead compared to Yao\u27s protocol for passive adversaries, and can be implemented in the plain model by only making a black-box use of (parallel) oblivious transfer and a pseudo-random generator. This improves over the polylogarithmic overhead of the previous best protocol. A similar result could previously be obtained only in an amortized setting, using preprocessing, or by assuming bit-oblivious-transfer as an ideal primitive that has a constant cost.
We present two variants of this result, one which is aimed at minimizing the number of oblivious transfers and another which is aimed at optimizing concrete efficiency. Our protocols are based on a novel combination of previous techniques together with a new efficient protocol to certify that pairs of strings transmitted via oblivious transfer satisfy a global relation. Settling for ``security with correlated abort\u27\u27, the concrete communication complexity of the second variant of our protocol can beat the best previous protocols with the same kind of security even for realistic values of the circuit size and the security parameter. This variant is particularly attractive in the offline-online setting, where the online cost is dominated by a single evaluation of an authenticated garbled circuit, and can also be made non-interactive using the Fiat-Shamir heuristic
The Exact Round Complexity of Secure Computation
We revisit the exact round complexity of secure computation in the multi-party
and two-party settings. For the special case of two-parties without a
simultaneous message exchange channel, this question has been extensively
studied and resolved. In particular, Katz and Ostrovsky (CRYPTO \u2704) proved
that 5 rounds are necessary and sufficient for securely realizing every
two-party functionality where both parties receive the output. However, the
exact round complexity of general multi-party computation, as well as
two-party computation with a simultaneous message exchange channel, is not
very well understood.
These questions are intimately connected to the round complexity of
non-malleable commitments. Indeed, the exact relationship between the round
complexities of non-malleable commitments and secure multi-party computation
has also not been explored.
In this work, we revisit these questions and obtain several new results.
First, we establish the following main results. Suppose that there exists a
k-round non-malleable commitment scheme, and let k\u27 = max(4, k + 1); then,
– (Two-party setting with simultaneous message transmission): there exists a
k\u27-round protocol for securely realizing every two-party functionality;
– (Multi-party setting):there exists a k\u27-round protocol for securely
realizing the multi-party coin-flipping functionality.
As a corollary of the above results, by instantiating them with existing
non-malleable commitment protocols (from the literature), we establish that
four rounds are both necessary and sufficient for both the results above.
Furthermore, we establish that, for every multi-party functionality five
rounds are sufficient. We actually obtain a variety of results offering trade-offs between rounds and the cryptographic assumptions used, depending upon the particular instantiations of underlying protocols
Optimizing Authenticated Garbling for Faster Secure Two-Party Computation
Wang et al. (CCS 2017) recently proposed a protocol for malicious secure two-party computation that represents the state-of-the- art with regard to concrete efficiency in both the single-execution and amortized settings, with or without preprocessing. We show here several optimizations of their protocol that result in a significant improvement in the overall communication and running time. Specifically:
- We show how to make the “authenticated garbling” at the heart of their protocol compatible with the half-gate optimization of Zahur et al. (Eurocrypt 2015). We also show how to avoid sending an information-theoretic MAC for each garbled row. These two optimizations give up to a 2.6x improvement in communication, and make the communication of the online phase essentially equivalent to that of state-of-the-art semi-honest secure computation.
- We show various optimizations to their protocol for generating AND triples that, overall, result in a 1.5x improvement in the communication and a 2x improvement in the computation for that step
Determination of electromagnetic medium from the Fresnel surface
We study Maxwell's equations on a 4-manifold where the electromagnetic medium
is described by an antisymmetric -tensor . In this setting,
the Tamm-Rubilar tensor density determines a polynomial surface of fourth order
in each cotangent space. This surface is called the Fresnel surface and acts as
a generalisation of the light-cone determined by a Lorentz metric; the Fresnel
surface parameterises electromagnetic wave-speed as a function of direction.
Favaro and Bergamin have recently proven that if has only a principal
part and if the Fresnel surface of coincides with the light cone for a
Lorentz metric , then is proportional to the Hodge star operator of
. That is, under additional assumptions, the Fresnel surface of
determines the conformal class of . The purpose of this paper is
twofold. First, we provide a new proof of this result using Gr\"obner bases.
Second, we describe a number of cases where the Fresnel surface does not
determine the conformal class of the original -tensor . For
example, if is invertible we show that and have
the same Fresnel surfaces.Comment: 23 pages, 1 figur
Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting)
We study the concrete security of high-performance implementations of half-gates garbling, which all rely on (hardware-accelerated)~AES. We find that current instantiations using -bit wire labels can be completely broken---in the sense that the circuit evaluator learns all the inputs of the circuit garbler---in time , where is the total number of (non-free) gates that are garbled, possibly across multiple independent executions. The attack can be applied to existing circuit-garbling libraries using when , and would require 267 machine-months and cost about USD 3500 to implement on the Google Cloud Platform. Since the attack can be entirely parallelized, the attack could be carried out in about a month using machines.
With this as our motivation, we seek a way to instantiate the hash function in the half-gates scheme so as to achieve better
concrete security. We present a construction based on AES that achieves optimal security in the single-instance setting (when only a single circuit is garbled). We also show how to modify the half-gates scheme so that its concrete security does not degrade in the
multi-instance setting. Our modified scheme is as efficient as prior work in networks with up to 2 Gbps bandwidth
Efficient noninteractive certification of RSA moduli and beyond
In many applications, it is important to verify that an RSA public key (N; e) speci es a
permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated
public keys. We design and implement a simple and e cient noninteractive zero-knowledge
protocol (in the random oracle model) for this task. Applications concerned about adversarial
key generation can just append our proof to the RSA public key without any other modi cations
to existing code or cryptographic libraries. Users need only perform a one-time veri cation of
the proof to ensure that raising to the power e is a permutation of the integers modulo N. For
typical parameter settings, the proof consists of nine integers modulo N; generating the proof
and verifying it both require about nine modular exponentiations.
We extend our results beyond RSA keys and also provide e cient noninteractive zero-
knowledge proofs for other properties of N, which can be used to certify that N is suitable
for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to
the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for
similar languages, our protocols are more e cient and do not require interaction, which enables
a broader class of applications.https://eprint.iacr.org/2018/057First author draf
- …