New Protocols for Secure Linear Algebra: Pivoting-Free Elimination and Fast Block-Recursive Matrix Decomposition

Cramer and Damg\aa{}rd were the first to propose a constant-rounds protocol for securely solving a linear system of unknown rank over a finite field in multiparty computation (MPC). For $m$ linear equations and $n$ unknowns, and for the case $m\leq n$, the computational complexity of their protocol is $O(n^5)$. Follow-up work (by Cramer, Kiltz, and Padró) proposes another constant-rounds protocol for solving this problem, which has complexity $O(m^4+n^2 m)$. For certain applications, such asymptotic complexities might be prohibitive. In this work, we improve the asymptotic computational complexity of solving a linear system over a finite field, thereby sacrificing the constant-rounds property. We propose two protocols: (1) a protocol based on pivoting-free Gaussian elimination with computational complexity $O(n^3)$ and linear round complexity, and (2) a protocol based on block-recursive matrix decomposition, having $O(n^2)$ computational complexity (assuming ``cheap\u27\u27 secure inner products as in Shamir\u27s secret-sharing scheme) and $O(n^{1.585})$ (super-linear) round complexity

Fast secure comparison for medium-sized integers and its application in binarized neural networks

In 1994, Feige, Kilian, and Naor proposed a simple protocol for secure 3-way comparison of integers a and b from the range [0, 2]. Their observation is that for p=7, the Legendre symbol (x∣p) coincides with the sign of x for x=a−b∈[−2,2], thus reducing secure comparison to secure evaluation of the Legendre symbol. More recently, in 2011, Yu generalized this idea to handle secure comparisons for integers from substantially larger ranges [0, d], essentially by searching for primes for which the Legendre symbol coincides with the sign function on [−d,d]. In this paper, we present new comparison protocols based on the Legendre symbol that additionally employ some form of error correction. We relax the prime search by requiring that the Legendre symbol encodes the sign function in a noisy fashion only. Practically, we use the majority vote over a window of 2k+1 adjacent Legendre symbols, for small positive integers k. Our technique significantly increases the comparison range: e.g., for a modulus of 60 bits, d increases by a factor of 2.8 (for k=1) and 3.8 (for k=2) respectively. We give a practical method to find primes with suitable noisy encodings.We demonstrate the practical relevance of our comparison protocol by applying it in a secure neural network classifier for the MNIST dataset. Concretely, we discuss a secure multiparty computation based on the binarized multi-layer perceptron of Hubara et al., using our comparison for the second and third layers.</p

The Spammed Code Offset Method

Helper data schemes are a security primitive used for privacy-preserving biometric databases and Physical Unclonable Functions. One of the oldest known helper data schemes is the Code Offset Method (COM). We propose an extension of the COM: the helper data is accompanied by many instances of fake helper data that is drawn from the same distribution as the real one. While the adversary has no way to distinguish between them, the legitimate party has more information and can see the difference. We use an LDPC code in order to improve the efficiency of the legitimate party’s selection procedure. Our construction provides a new kind of trade-off: more effective use of the source entropy, at the price of increased helper data storage. We give a security analysis in terms of Shannon entropy and order-2 Rényi entropy

Quantization in Continuous-Source Zero Secrecy Leakage Helper Data Schemes

A Helper Data Scheme (HDS) is a cryptographic primitive that extracts a high-entropy noise-free string from noisy data. Helper Data Schemes are used for preserving privacy in biometric databases and for Physical Unclonable Functions. HDSs are known for the guided quantization of continuous-valued biometrics as well as for repairing errors in discrete-valued (digitized) extracted values. We refine the theory of Helper Data Schemes with the Zero Leakage (ZL) property, i.e., the mutual information between the helper data and the extracted secret is zero. We focus on quantization and prove that ZL necessitates particular properties of the helper data generating function: (i) the existence of “sibling points”, enrollment values that lead to the same helper data but different secrets; (ii) quantile helper data. We present an optimal reconstruction algorithm for our ZL scheme, that not only minimizes the reconstruction error rate but also yields a very efficient implementation of the verification. We compare the error rate to schemes that do not have the ZL property

Fast secure comparison for medium-sized integers and its application in binarized neural networks

\u3cp\u3eIn 1994, Feige, Kilian, and Naor proposed a simple protocol for secure 3-way comparison of integers a and b from the range [0, 2]. Their observation is that for (Formula Presented), the Legendre symbol (Formula Presented) coincides with the sign of x for (Formula Presented), thus reducing secure comparison to secure evaluation of the Legendre symbol. More recently, in 2011, Yu generalized this idea to handle secure comparisons for integers from substantially larger ranges [0, d], essentially by searching for primes for which the Legendre symbol coincides with the sign function on (Formula Presented). In this paper, we present new comparison protocols based on the Legendre symbol that additionally employ some form of error correction. We relax the prime search by requiring that the Legendre symbol encodes the sign function in a noisy fashion only. Practically, we use the majority vote over a window of (Formula Presented) adjacent Legendre symbols, for small positive integers k. Our technique significantly increases the comparison range: e.g., for a modulus of 60 bits, d increases by a factor of 2.8 (for (Formula Presented)) and 3.8 (for (Formula Presented)) respectively. We give a practical method to find primes with suitable noisy encodings. We demonstrate the practical relevance of our comparison protocol by applying it in a secure neural network classifier for the MNIST dataset. Concretely, we discuss a secure multiparty computation based on the binarized multi-layer perceptron of Hubara et al., using our comparison for the second and third layers.\u3c/p\u3

Information leakage of continuous-source zero secrecy leakage helper data schemes

A Helper Data Scheme is a cryptographic primitive that extracts a high-entropy noise-free string from noisy data. Helper Data Schemes are used for privacy-preserving databases and for Physical Unclonable Functions. We refine the theory of Helper Data schemes with Zero Secrecy Leakage (ZSL), i.e. the mutual information between the helper data and the extracted secret is zero. We prove that ZSL necessitates particular properties of the helper data generating function, which also allows us to show the existence of `Sibling Points'. In the special case that our generated secret is uniformly distributed (Fuzzy Extractors) our results coincide with the continuum limit of a recent construction by Verbiskiy et al. Yet our results cover secure sketches as well. Moreover we present an optimal reconstruction algorithm for this scheme, that not only provides the lowest possible reconstruction error rate but also yields an attractive, simple implementation of the verification. Further, we introduce Diagnostic Category Leakage (DCL), which quantifies what an attacker can infer from helper data about a particular medical indication of the enrolled user, or reversely what probabilistic knowledge of a diagnose can leak about the secret. If the attacker has a priori knowledge about the enrolled user (medical indications, race, gender), then the ZSL property does not guarantee that there is no secrecy leakage from the helper data. However, this effect is typically very small