Revisiting LEGOs: Optimizations, Analysis, and their Limit

The Cut-and-choose paradigm gives by far the most popular and efficient secure two-party computation protocols in the standard malicious model, able to offer s bits of security with only s copies of garbled circuits in the one-time execution scenario. Nielsen and Orlandi et al. have even proposed the seminal idea of LEGO-style cut-and-choose to further reduce the number of circuit copies to less than s while still keep constant round complexity. However, a substantial gap still exists between the theoretical idea of LEGO cut-and-choose and a practical implementation, e.g., LEGO is not compatible with free-XOR and uses expensive asymmetric key operations for soldering, while MiniLEGO leaves the important building-block of soldering unspecified. In this work, we introduce XOR-Homomorphic Interactive Hash and propose an efficient implementation of this primitive by combining Reed-Solomon encoding and k-out-of-n oblivious transfers. We show how to apply this primitive to solve the performance-critical wire-soldering problem and propose a new LEGO-style cut-and-choose protocol. Comparing to previous LEGO-style protocols, ours only requires a single (as opposed to “a majority of”) correctly garbled gate in each bucket to guarantee security against malicious adversaries. Plus, through integrating Half-Gates garbling, we double the chance a “bad” gate being detected in the check stage (compared to MiniLEGO). Our construction is more bandwidth-efficient than Lindell (CRYPTO, 2013) either when the circuit size N is sufficiently large, or when N is larger than a threshold solely determined by the ratio between the input and circuit sizes. E.g., we use less bandwidth for computing most linear and sub-linear functions. Deploying a LEGO-style cut-and-choose protocol involves convoluted protocol parameter selection. To this end, we give a thorough analysis of the relations among all protocol parameters and propose efficient algorithms that automate the search for the optimal parameter configuration based on a requirement specification (i.e., the security parameters s,k and application parameter N) with provable accuracy. Last, we formally prove a tight bound on the benefit of LEGO-style secure computation protocols, in the sense that the circuit duplication factor $\kappa$ has to be larger than 2 and any $\kappa > 2$ is indeed achievable. This corrects a common mistake of claiming LEGO cut-and-choose can reduce $\kappa$ to $O(sk/ \log N)$ since $2 \not\in O(sk/\log N)$

Efficient Privacy-Preserving General Edit Distance and Beyond

Edit distance is an important non-linear metric that has many applications ranging from matching patient genomes to text-based intrusion detection. Depends on the application, related string-comparison metrics, such as weighted edit distance, Needleman-Wunsch distance, longest common subsequences, and heaviest common subsequences, can usually fit better than the basic edit distance. When these metrics need to be calculated on sensitive input strings supplied by mutually distrustful parties, it is more desirable but also more challenging to compute them in privacy-preserving ways. In this paper, we propose efficient secure computation protocols for private edit distance as well as several generalized applications including weighted edit distance (with potentially content-dependent weights), longest common subsequence, and heaviest common subsequence. Our protocols run 20+ times faster and use an order-of-magnitude less bandwidth than their best previous counterparts. Along- side, we propose a garbling scheme that allows free arithmetic addition, free multiplication with constants, and low-cost comparison/minimum for inputs of restricted relative-differences. Moreover, the encodings (i.e. wire-labels) in our garbling scheme can be converted from and to encodings used by traditional binary circuit garbling schemes with light to moderate costs. Therefore, while being extremely efficient on certain kinds of computations, the new garbling scheme remains composable and capable of handling generic computational tasks

Practical MPC+FHE with Applications in Secure Multi-PartyNeural Network Evaluation

The theoretical idea of using FHE to realize MPC has been therefor over a decade. Existing threshold (and multi-key) FHE schemes were constructed by modifying and analyzing a traditional single-keyFHE in a case-by-case manner, thus technically highly-demanding.This work explores a new approach to build threshold FHE (therebyMPC schemes) through tailoring generic MPC protocols to the base FHE scheme while requiring no effort in FHE redesign. We applied our approach to two representative Ring-LWE-based FHE schemes: CKKS and GHS, producing GMPFHE-CKKS and GMPFHE-GHS. We developed MPC protocols based on GMPFHE-CKKS and GMPFHE-GHS which are secure against any number of passive but colluding adversaries. The online cost of our MPC protocol is $O(|C|)$, as opposed to $O(|C|·n^2)$ for existing MPC protocols, and our offline cost is independent of $|C|$. We experimentally show that the GMPFHE-CKKS-based MPC protocol offers unparalleled amortized performance on multi-party neural network evaluation

More Efficient MPC from Improved Triple Generation and Authenticated Garbling

Recent works on distributed garbling have provided highly efficient solutions for constant-round MPC tolerating an arbitrary number of corruptions. In this work, we improve upon state-of-the-art protocols in this paradigm for further performance gain. First, we propose a new protocol for generating authenticated AND triples, which is a key building block in many recent works. -- We propose a new authenticated bit protocol in the two-party and multi-party settings from bare IKNP OT extension, allowing us to reduce the communication by about 24% and eliminate many computation bottlenecks. We further improve the computational efficiency for multi-party authenticated AND triples with cheaper and fewer consistency checks and fewer hash function calls. -- We implemented our triple generation protocol and observe around 4x to 5x improvement compared to the best prior protocol in most settings. For example, in the two-party setting with 10 Gbps network and 8 threads, our protocol can generate more than 4 million authenticated triples per second, while the best prior implementation can only generate 0.8 million triples per second. In the multi-party setting, our protocol can generate more than 37000 triples per second over 80 parties, while the best prior protocol can only generate the same number of triples per second over 16 parties. We also improve the state-of-the-art multi-party authenticated garbling protocol. -- We take the first step towards applying half-gates in the multi-party setting, which enables us to reduce the size of garbled tables by 2\kappa bits per gate per garbler, where \kappa is the computational security parameter. This optimization is also applicable in the semi-honest multi-party setting. -- We further reduce the communication of circuit authentication from 4\rho bits to 1 bit per gate, using a new multi-party batched circuit authentication, where \rho is the statistical security parameter. Prior solution with similar efficiency is only applicable in the two-party setting. For example, in the three-party setting, our techniques can lead to roughly a 35% reduction in the size of a distributed garbled circuit

Social Capital and Self-Rated Health: Empirical Evidence from China

This study assesses the relationship between social capital and self-reported health (SRH) by comparing different genders and ages. It utilizes data from the 2016 China Family Panel Study data with a sample of 30,657 adult individuals from 25 provincial-level administrative regions in China. This was a cross-sectional study conducted with computer-assisted face-to-face interviews to assess social capital and self-rated health among Chinese adults. A multi-level Poisson regression model is employed to model social capital-related dependent variables using the independent variable of fair/poor health status. In terms of social relations, mobile phone use can improve men’s health. However, this effect is insignificant for women. Moreover, gender and age interact with the relationship between social capital and individual health. The relationship between trust and self-rated health is not significantly different between men and women. The frequency of feeling lonely and the lack of feelings for the community in which they live have a negative impact on self-rated health, but there are no obvious differences in terms of gender. The number of meals per week with family members is negatively correlated with men’s SRH, but there is no correlation with adult women 41 and above. Lack of help from neighbors is negatively correlated with men’s health, but not with that of adult women 40 and below. Being a member of the Chinese Communist Party or a member of the Chinese Communist Youth League is positively correlated with SRH for women 60 and above

La Autoantigen Induces Ribosome Binding Protein 1 (RRBP1) Expression through Internal Ribosome Entry Site (IRES)-Mediated Translation during Cellular Stress Condition

The function of ribosome binding protein 1 (RRBP1) is regulating the transportation and secretion of some intracellular proteins in mammalian cells. Transcription of RRBP1 is induced by various cytokines. However, few studies focused on the process of RRPB1 mRNA translation. The RRBP1 mRNA has a long 5′ untranslated region that potentially formed a stable secondary structure. In this study, we show that the 5′ UTR of RRBP1 mRNA contains an internal ribosome entry site (IRES). Moreover, the RRBP1 expression is induced by chemotherapeutic drug paclitaxel or adriamycin in human hepatocellular carcinoma cells and accompanied with the increased expression of La autoantigen (La), which binds to RRBP1 IRES element and facilitates translation initiation. Interestingly, we found IRES-mediated RRBP1 translation is also activated during serum-starvation condition which can induce cytoplasmic localization of La. After mapping the entire RRBP1 5′ UTR, we determine the core IRES activity is located between nt-237 and -58. Furthermore, two apical GARR loops within the functional RRBP1 IRES elements may be important for La binding. These results strongly suggest an important role for IRES-dependent translation of RRBP1 mRNA in hepatocellular carcinoma cells during cellular stress conditions