AI帮你理解科学

AI 生成解读视频

AI抽取解析论文重点内容自动生成视频


pub
生成解读视频

AI 溯源

AI解析本论文相关学术脉络


Master Reading Tree
生成 溯源树

AI 精读

AI抽取本论文的概要总结


微博一下
Our results show that these circuits are no longer large enough to serve as benchmark circuits for malicious 2PC

Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation.

CCS, pp.21-37, (2017)

被引用111|浏览312
EI
下载 PDF 全文
引用
微博一下

摘要

We propose a simple and efficient framework for obtaining efficient constant-round protocols for maliciously secure two-party computation. Our framework uses a function-independent preprocessing phase to generate authenticated information for the two parties; this information is then used to construct a single "authenticated" garbled circ...更多

代码

数据

简介
  • Protocols for secure two-party computation (2PC) allow two parties to compute an agreed-upon function of their inputs without revealing anything additional to each other.
  • In contrast to prior work, the parties in the protocol use this information in the online phase to generate a single “authenticated” garbled circuit.
重点内容
  • Protocols for secure two-party computation (2PC) allow two parties to compute an agreed-upon function of their inputs without revealing anything additional to each other
  • Our work shows that the performance penalty for maliciously secure two-party computation is much smaller than previously believed
  • We prove this by considering a sequence of experiments, the first of which corresponds to the execution of our protocol and the last of which corresponds to execution in the ideal world, and showing that successive experiments are computationally indistinguishable
  • Our evaluation focuses on two settings: LAN setting: Here we use two Amazon EC2 c4.8xlarge machines, both in the North Virginia region, with the link between them having 10 Gbps bandwidth and less than 1ms roundtrip time. WAN setting: Here we use two Amazon EC2 c4.8xlarge machines, one in North Virginia and one in Ireland
  • Our results show that these circuits are no longer large enough to serve as benchmark circuits for malicious 2PC
  • In Sections 8.4 and 8.5, we study the scalability of our protocol and compare its concrete communication complexity with prior work
结果
  • The authors' key insight is that if s00 is an authenticated bit known to PB, PA can locally compute the share LγA,00 := Lγ,0 ⊕ r00∆A ⊕ K[s00] from the information it has, and the other share LγB,00 = K[s00] ⊕ s00∆A is equal to the value M[s00] that PB holds!
  • The authors' protocol relies on a stateful ideal functionality Fabit for generating authenticated bits using uniform values of ∆A, ∆B ∈ {0, 1}κ that are preserved across executions [38, 39].
  • (Note that the parties can locally compute x1y1 and x2y2, respectively, and generate shares of (x1 ⊕ x2) ∧ (y1 ⊕ y2).) In Figure 5 the authors show a protocol that realizes FHaAND in the Fabit-hybrid model.
  • Functionality FHaAND Honest case: (1) Generate uniform [x1]A and [x2]B and send the respective shares to the two parties.
  • For evaluating a circuit of depth d and size l, the IPS protocol uses O (d ) rounds and a communication complexity of O (l) + poly(κ, d, log l) bits.
  • The authors compare with the protocol of Wang et al [47], which is based on circuit-level cut-and-choose and is tailored for the single-execution setting, as well as the protocol of Nielsen et al [38], which is based on gate-level cut-and-choose and is able to utilize function-independent preprocessing.
  • The concrete efficiency of the protocol is much better for several reasons: (1) the work is compatible with free-XOR and the authors do not suffer from any blowup in the size of the circuit being evaluated; (2) Lindell et al require five SPDZ-style multiplications per AND gate of the
  • It is somewhat difficult to compare protocols in the amortized setting, since relative performance depends on the setting (LAN or WAN), the number of executions being amortized over, and whether one chooses to focus on the total time or the online time.
结论
  • To explore the concrete performance of the protocol for circuits with different input, output, and circuit sizes, the authors study the effect on the total running time as each of these parameters is varied.
  • Note that for protocols based on cut-and-choose, the total communication required to send 40 garbled AES circuits is 8.7 MB, which is already higher than the total communication of the protocol in the single-execution setting.
表格
  • Table1: Constant-round 2PC protocols with malicious security. All timings are based on statistical security 2−40 and are benchmarked using Amazon EC2 c4.8xlarge instances over a LAN, averaged over 10 executions. Single-execution times do not include the base-OTs, which require the same time (∼20 ms) for all protocols. Timings for the semi-honest protocol are based on the same garbling code used in our protocol, and also do not include the base-OTs. See Section 8 for more details
  • Table2: Asymptotic complexity of constant-round 2PC protocols with malicious security. |C|, |I|, and |O| are the circuit size, input size, and output size respectively; low-order terms independent of these parameters are ignored. The statistical security parameter is ρ, the computational security parameter is κ, and τ is the number of protocol executions in the amortized setting. Communication (Comm.) is measured as the number of symmetric-key ciphertexts, and computation (Comp.) is measured as the number of symmetric-key operations
  • Table3: Our final construction of an authenticated garbled table for an AND gate
  • Table4: Fewest AND gates needed for bucketing, for different bucket sizes and statistical security parameters
  • Table5: Circuits used in our evaluation
  • Table6: Comparison in the single-execution setting
  • Table7: Comparison in the amortized setting. All experiments evaluate AES, with τ the number of executions being amortized over
  • Table8: Experimental results for larger circuits
  • Table9: Communication per execution for evaluating an AES circuit. Numbers presented are for the amount of data sent from garbler to evaluator; this reflects the speed in a duplex network. For a simplex network, the communication reported here and by Rindal and Rosulek [<a class="ref-link" id="c43" href="#r43">43</a>] should be doubled for a fair comparison
Download tables as Excel
基金
  • This material is based on work supported by NSF awards #1111599, #1563722, and #1564088
引用论文
  • Arash Afshar, Payman Mohassel, Benny Pinkas, and Ben Riva. 2014. NonInteractive Secure Computation Based on Cut-and-Choose. In Eurocrypt 2014 (LNCS), Vol. 844387–404.
    Google ScholarLocate open access versionFindings
  • Gilad Asharov, Yehuda Lindell, Thomas Schneider, and Michael Zohner. 2013. More efficient oblivious transfer and extensions for faster secure computation. In ACM CCS 2013. 535–548.
    Google ScholarLocate open access versionFindings
  • Donald Beaver. 1992. Efficient Multiparty Protocols Using Circuit Randomization. In Crypto’91 (LNCS), Vol. 576. 420–432.
    Google ScholarLocate open access versionFindings
  • Donald Beaver, Silvio Micali, and Phillip Rogaway. 1990. The Round Complexity of Secure Protocols. In ACM STOC. 503–513.
    Google ScholarLocate open access versionFindings
  • Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. 2013. Efficient Garbling from a Fixed-Key Blockcipher. In IEEE Symposium on Security & Privacy. 478–492.
    Google ScholarLocate open access versionFindings
  • Luís T. A. N. Brandão. 2013. Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique. In ASIACRYPT 2013, Part II (LNCS), Vol. 8270. 441–463.
    Google ScholarLocate open access versionFindings
  • Seung Geol Choi, Jonathan Katz, Alex J. Malozemoff, and Vassilis Zikas. 2014. Efficient Three-Party Computation from Cut-and-Choose. In Crypto 2014, Part II (LNCS), Vol. 861513–530.
    Google ScholarLocate open access versionFindings
  • Tung Chou and Claudio Orlandi. 2015. The Simplest Protocol for Oblivious Transfer. In LATINCRYPT 2015 (LNCS), Vol. 9230. 40–58.
    Google ScholarLocate open access versionFindings
  • Ivan Damgård and Yuval Ishai. 2005. Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator. In Crypto 2005 (LNCS), Vol. 3621. 378–394.
    Google ScholarLocate open access versionFindings
  • Ivan Damgård, Rasmus Lauritsen, and Tomas Toft. 2014. An Empirical Study and Some Improvements of the MiniMac Protocol for Secure Computation. In Intl. Conf. on Security and Cryptography for Networks (LNCS), Vol. 8642. 398–415.
    Google ScholarLocate open access versionFindings
  • Ivan Damgård, Jesper Buus Nielsen, Michael Nielsen, and Samuel Ranellucci. 2017. The TinyTable protocol for 2-Party Secure Computation, or: Gate-scrambling Revisited. In Crypto 2017, Part I (LNCS), Vol. 10401. 167–187.
    Google ScholarLocate open access versionFindings
  • Ivan Damgård, Valerio Pastro, Nigel P. Smart, and Sarah Zakarias. 20Multiparty Computation from Somewhat Homomorphic Encryption. In Crypto 2012 (LNCS), Vol. 7417. 643–662.
    Google ScholarLocate open access versionFindings
  • Tore Kasper Frederiksen, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Peter Sebastian Nordholt, and Claudio Orlandi. 20MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions. In Eurocrypt 2013 (LNCS), Vol. 7881. 537–556.
    Google ScholarLocate open access versionFindings
  • Tore Kasper Frederiksen, Thomas P. Jakobsen, Jesper Buus Nielsen, and Roberto Trifiletti. 2015. TinyLEGO: An Interactive Garbling Scheme for Maliciously Secure Two-Party Computation. Cryptology ePrint Archive, Report 2015/309. (2015). http://eprint.iacr.org/2015/309.
    Findings
  • Oded Goldreich, Silvio Micali, and Avi Wigderson. 1987. How to Play any Mental Game, or A Completeness Theorem for Protocols with Honest Majority. In 19th ACM STOC. 218–229.
    Google ScholarLocate open access versionFindings
  • Carmit Hazay, Peter Scholl, and Eduardo Soria-Vazquez. 2017. Low Cost Constant Round MPC Combining BMR and Oblivious Transfer. Cryptology ePrint Archive, Report 2017/214. (2017). To appear in Asiacrypt 2017.
    Google ScholarFindings
  • Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 2011. Faster Secure Two-Party Computation Using Garbled Circuits. In USENIX Security 2011.
    Google ScholarLocate open access versionFindings
  • Yan Huang, Jonathan Katz, and David Evans. 2013. Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose. In Crypto 2013, Part II (LNCS), Vol. 8043. 18–35.
    Google ScholarLocate open access versionFindings
  • Yan Huang, Jonathan Katz, Vladimir Kolesnikov, Ranjit Kumaresan, and Alex J. Malozemoff. 2014. Amortizing Garbled Circuits. In Crypto 2014, Part II (LNCS), Vol. 8617. 458–475.
    Google ScholarLocate open access versionFindings
  • Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. 2009. Extracting Correlations. In IEEE FOCS. 261–270.
    Google ScholarLocate open access versionFindings
  • Yuval Ishai, Manoj Prabhakaran, and Amit Sahai. 2008. Founding Cryptography on Oblivious Transfer - Efficiently. In Crypto 2008 (LNCS), Vol. 5157. 572–591.
    Google ScholarLocate open access versionFindings
  • Stanislaw Jarecki and Vitaly Shmatikov. 2007. Efficient Two-Party Secure Computation on Committed Inputs. In Eurocrypt 2007 (LNCS), Vol. 4515. 97–114.
    Google ScholarLocate open access versionFindings
  • Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2015. Actively Secure OT Extension with Optimal Overhead. In Crypto 2015, Part I (LNCS), Vol. 9215. 724– 741.
    Google ScholarLocate open access versionFindings
  • Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2016. MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer. In ACM CCS 2016. 830–842.
    Google ScholarLocate open access versionFindings
  • Vladimir Kolesnikov, Payman Mohassel, and Mike Rosulek. 2014. FleXOR: Flexible Garbling for XOR Gates That Beats Free-XOR. In Crypto 2014, Part II (LNCS), Vol. 8617. 440–457.
    Google ScholarLocate open access versionFindings
  • Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, and Roberto Trifiletti. 2017. DUPLO: Unifying Cut-and-Choose for Garbled Circuits. In ACM CCS 2017.
    Google ScholarLocate open access versionFindings
  • Vladimir Kolesnikov and Thomas Schneider. 2008. Improved Garbled Circuit: Free XOR Gates and Applications. In ICALP 2008, Part II (LNCS), Vol. 5126. 486–498.
    Google ScholarLocate open access versionFindings
  • Benjamin Kreuter, Abhi Shelat, and Chih-Hao Shen. 2012. Billion-Gate Secure Computation with Malicious Adversaries. In USENIX Security 2012.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell. 2013. Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries. In Crypto 2013, Part II (LNCS), Vol. 8043. 1–17.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell and Benny Pinkas. 2007. An Efficient Protocol for Secure TwoParty Computation in the Presence of Malicious Adversaries. In Eurocrypt 2007 (LNCS), Vol. 4515. 52–78.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell and Benny Pinkas. 2011. Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer. In TCC 2011 (LNCS), Vol. 6597. 329–346.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell, Benny Pinkas, Nigel P. Smart, and Avishay Yanai. 2015. Efficient Constant Round Multi-party Computation Combining BMR and SPDZ. In Crypto 2015, Part II (LNCS), Vol. 9216. 319–338.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell and Ben Riva. 2014. Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings. In Crypto 2014, Part II (LNCS), Vol. 8617. 476–494.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell and Ben Riva. 2015. Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries. In ACM CCS 2015. 579–590.
    Google ScholarLocate open access versionFindings
  • Yehuda Lindell, Nigel P. Smart, and Eduardo Soria-Vazquez. 2016. More Efficient Constant-Round Multi-party Computation from BMR and SHE. In TCC 2016-B, Part I (LNCS), Vol. 9985. 554–581.
    Google ScholarLocate open access versionFindings
  • Dahlia Malkhi, Noam Nisan, Benny Pinkas, and Yaron Sella. 2004. Fairplay—A Secure Two-Party Computation System. In USENIX Security 2004.
    Google ScholarLocate open access versionFindings
  • Payman Mohassel, Ostap Orobets, and Ben Riva. 2016. Efficient Server-Aided 2PC for Mobile Phones. Proc. Privacy Enhancing Technologies 2 (2016), 82–99.
    Google ScholarLocate open access versionFindings
  • Jesper Nielsen, Thomas Schneider, and Roberto Trifiletti. 2017. Constant-Round
    Google ScholarFindings
  • Jesper Buus Nielsen, Peter Sebastian Nordholt, Claudio Orlandi, and Sai Sheshank Burra. 2012. A New Approach to Practical Active-Secure Two-Party Computation. In Crypto 2012 (LNCS), Vol. 7417. 681–700.
    Google ScholarLocate open access versionFindings
  • Jesper Buus Nielsen and Claudio Orlandi. 2009. LEGO for Two-Party Secure Computation. In TCC 2009 (LNCS), Vol. 5444. 368–386.
    Google ScholarLocate open access versionFindings
  • Jesper Buus Nielsen and Claudio Orlandi. 2016. Cross and Clean: Amortized Garbled Circuits with Constant Overhead. In TCC 2016-B, Part I (LNCS), Vol. 9985. 582–603.
    Google ScholarLocate open access versionFindings
  • Benny Pinkas, Thomas Schneider, Nigel P. Smart, and Stephen C. Williams. 2009. Secure Two-Party Computation Is Practical. In ASIACRYPT 2009 (LNCS), Vol. 5912. 250–267.
    Google ScholarLocate open access versionFindings
  • Peter Rindal and Mike Rosulek. 2016. Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution. In USENIX Security 2016.
    Google ScholarLocate open access versionFindings
  • Abhi Shelat and Chih-Hao Shen. 2011. Two-Output Secure Computation with Malicious Adversaries. In Eurocrypt 2011 (LNCS), Vol. 6632. 386–405.
    Google ScholarLocate open access versionFindings
  • Abhi Shelat and Chih-Hao Shen. 2013. Fast Two-Party Secure Computation with Minimal Assumptions. In ACM CCS 2013. 523–534.
    Google ScholarLocate open access versionFindings
  • Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2016. EMP-Toolkit: Efficient Multiparty Computation Toolkit. https://github.com/emp-toolkit. (2016).
    Findings
  • Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2017. Faster Secure TwoParty Computation in the Single-Execution Setting. In Eurocrypt 2017, Part II (LNCS), Vol. 10211. 399–424.
    Google ScholarLocate open access versionFindings
  • Xiao Wang, Samuel Ranellucci, and Jonathan Katz. 2017. Global-Scale Secure Multiparty Computation. In ACM CCS 2017.
    Google ScholarLocate open access versionFindings
  • Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets. In IEEE FOCS. 162–167.
    Google ScholarLocate open access versionFindings
  • Samee Zahur, Mike Rosulek, and David Evans. 2015. Two Halves Make a Whole— Reducing Data Transfer in Garbled Circuits Using Half Gates. In Eurocrypt 2015, Part II (LNCS), Vol. 9057. 220–2
    Google ScholarLocate open access versionFindings
您的评分 :
0

 

标签
评论
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科