Results 1  10
of
23
Salus: A System for ServerAided Secure Function Evaluation
"... Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work suggests that it can be made practical. Unfortunately, current protocols ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work suggests that it can be made practical. Unfortunately, current protocols and implementations have inherent limitations that are hard to overcome using standard and practical techniques. Among them are: (1) requiring participants to do work linear in the size of the circuit representation of the function; (2) requiring all parties to do the same amount of work; and (3) not being able to provide complete fairness. A promising approach for overcoming these limitations is to augment the SFE setting with a small set of untrusted servers that have no input to the computation and that receive no output, but that make their computational resources available to the parties. In this model, referred to as serveraided SFE, the goal is to tradeoff the parties ’ work at the expense of the servers. Motivated by the emergence of public cloud services such as Amazon EC2 and Microsoft Azure, recent work has explored the extent to which serveraided SFE can be achieved with a single server. In this work, we revisit the severaided setting from a practical perspective and design singleserveraided SFE protocols that are considerably more efficient than all previouslyknown protocols. We achieve this in part by introducing several new techniques for garbledcircuitbased protocols, including a new and efficient inputchecking mechanism for cutandchoose and a new pipelining technique that works in the presence of malicious adversaries. Furthermore, we extend the serveraided model to guarantee fairness which is an important property to achieve in practice. Finally, we implement and evaluate our constructions experimentally and show that our protocols (regardless of the number of parties involved) yield implementations that are 4 and 6 times faster than the most optimized twoparty SFE implementation when the server is assumed to be malicious and covert, respectively.
Hybridsecure MPC: trading informationtheoretic robustness for computational privacy
 PODC '10 Proceeding of the 29th ACM SIGACTSIGOPS symposium on Principles of distributed computing
, 2010
"... Most protocols for distributed, faulttolerant computation, or multiparty computation (MPC), provide security guarantees in an allornothing fashion. In contrast, a hybridsecure protocol provides different security guarantees depending on the set of corrupted parties and the computational power of ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Most protocols for distributed, faulttolerant computation, or multiparty computation (MPC), provide security guarantees in an allornothing fashion. In contrast, a hybridsecure protocol provides different security guarantees depending on the set of corrupted parties and the computational power of the adversary, without being aware of the actual adversarial setting. Thus, hybridsecure MPC protocols allow for graceful degradation of security. We present a hybridsecure MPC protocol that provides an optimal tradeoff between IT robustness and computational privacy: For any robustness parameter ρ < n, we 2 obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t < n, and 2 computationally secure with agreement on abort (privacy and correctness only) for up to t < n − ρ. Our construction is secure in the universal composability (UC) framework (based on a network of secure channels, a broadcast channel, and a common reference string). It achieves the bound on the tradeoff between robustness and privacy shown by Ishai et al. [CRYPTO’06] and Katz [STOC’07], the bound on fairness shown by Cleve [STOC’86], and the bound on IT security shown by Kilian [STOC’00], and is the first protocol that achieves all these bounds simultaneously.
Private and Oblivious Set and Multiset Operations ∗
"... Privacypreserving set operations and set intersection in particular are a popular research topic. Despite a large body of literature, the great majority of the available solutions are twoparty protocols and are not composable. In this work we design a comprehensive suite of secure multiparty prot ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Privacypreserving set operations and set intersection in particular are a popular research topic. Despite a large body of literature, the great majority of the available solutions are twoparty protocols and are not composable. In this work we design a comprehensive suite of secure multiparty protocols for set and multiset operations that are composable, do not assume any knowledge of the sets by the parties carrying out the secure computation, and can be used for secure outsourcing. All of our protocols have communication and computation complexity of O(m log m) for sets or multisets of size m, which compares favorably with prior work. Furthermore, we are not aware of any results that realize composable operations. Our protocols are secure in the information theoretic sense and are designed to minimize the round complexity.
Secure Computation on Floating Point Numbers
"... Secure computation undeniably received a lot of attention in the recent years, with the shift toward cloud computing offering a new incentive for secure computation and outsourcing. Surprisingly little attention, however, has been paid to computation with noninteger data types. To narrow this gap, ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Secure computation undeniably received a lot of attention in the recent years, with the shift toward cloud computing offering a new incentive for secure computation and outsourcing. Surprisingly little attention, however, has been paid to computation with noninteger data types. To narrow this gap, in this work we develop efficient solutions for computation with real numbers in floating point representation, as well as more complex operations such as square root, logarithm, and exponentiation. Our techniques are informationtheoretically secure, do not use expensive cryptographic techniques, and can be applied to a variety of settings. Our experimental results also show that the techniques exhibit rather fast performance and in some cases outperform operations on integers. 1
J.S.: On the use of Shamir’s secret sharing against sidechannel analysis
 To Appear in the Proceedings of Cardis 2012
, 2012
"... Abstract. At CHES 2011 Goubin and Martinelli described a new countermeasure against sidechannel analysis for AES based on Shamir’s secretsharing scheme. In the present paper, we exhibit a flaw in this scheme and we show that it is always theoretically broken by a firstorder sidechannel analysis ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. At CHES 2011 Goubin and Martinelli described a new countermeasure against sidechannel analysis for AES based on Shamir’s secretsharing scheme. In the present paper, we exhibit a flaw in this scheme and we show that it is always theoretically broken by a firstorder sidechannel analysis. As a consequence of this attack, only a slight adaptation of the scheme proposed by BenOr et al. at STOC in 1988 can securely process multiplications on data shared with Shamir’s technique. In the second part of this paper, we propose an improvement of this scheme that leads to a complexity Õ(d2) instead of O(d3), where d is the number of shares per data. 1
NearLinear UnconditionallySecure Multiparty Computation with a Dishonest Minority
"... Abstract. Secure multiparty computation (MPC) allows a set of n players to compute any public function, given as an arithmetic circuit, on private inputs, so that privacy of the inputs as well as correctness of the output are guaranteed. Of special importance both in cryptography and in complexity t ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Secure multiparty computation (MPC) allows a set of n players to compute any public function, given as an arithmetic circuit, on private inputs, so that privacy of the inputs as well as correctness of the output are guaranteed. Of special importance both in cryptography and in complexity theory is the setting of informationtheoretic MPC, where (dishonest) players are unbounded, and no cryptographic assumptions are used. In this setting, it was known since the 1980’s that an honest majority of players is both necessary and sufficient to achieve privacy and correctness. The main open question that was left in this area is to establish the exact communication complexity of MPC protocols that can tolerate malicious behavior of a minority of dishonest players. In all works, there was a large gap between the communication complexity of the best known protocols in the malicious setting and the “honestbutcurious ” setting, where players do not deviate from the protocol. In this paper, we show, for the first time, an MPC protocol that can tolerate dishonest minority of malicious players that matches the communication complexity of the best known MPC protocol in the honestbutcurious setting. More specifically, we present a new nplayer multiparty computation protocol that is secure against a computationallyunbounded active and malicious adversary that can adaptively corrupt up to a minority t < n/2 of the players. For polynomiallylarge binary circuits that are not too unshaped, our protocol
P3CA: Private Anomaly Detection Across ISP Networks
"... Abstract. Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, stateoftheart anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, stateoftheart anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacypreserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a wellproven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacypreserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling largerscale cooperation across ISPs in the presence of privacy concerns. 1
From Passive to Covert Security at Low Cost
"... Abstract. Aumann and Lindell defined security against covert attacks, where the adversary is malicious, but is only caught cheating with a certain probability, where the idea is that in many realworld cases, a large probability of being caught is sufficient to prevent the adversary from trying to c ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. Aumann and Lindell defined security against covert attacks, where the adversary is malicious, but is only caught cheating with a certain probability, where the idea is that in many realworld cases, a large probability of being caught is sufficient to prevent the adversary from trying to cheat. In this paper, we show how to compile a passively secure protocol for honest majority into one that is secure against covert attacks, again for honest majority and catches cheating with probability 1/4. The cost of the modified protocol is essentially twice that of the original plus an overhead that only depends on the number of inputs. 1
Quorums Quicken Queries: Efficient Asynchronous Secure Multiparty Computation
"... We describe an asynchronous algorithm to solve secure multiparty computation (MPC) over n players, when strictly less than a 1/8 fraction of the players are controlled by a static adversary. For any function f that can be computed by a circuit with m gates, our algorithm requires each n+m player to ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
We describe an asynchronous algorithm to solve secure multiparty computation (MPC) over n players, when strictly less than a 1/8 fraction of the players are controlled by a static adversary. For any function f that can be computed by a circuit with m gates, our algorithm requires each n+m player to send a number of bits and perform an amount of computation that is Õ( n + √ n). This significantly improves over traditional algorithms, which require each player to both send a number of messages and perform computation that is Ω(nm). Contact: Varsha Dani,
Secure Multiparty Computation Minimizing Online Rounds
"... Abstract. Multiparty secure computations are general important procedures to compute any function while keeping the security of private inputs. In this work we ask whether preprocessing can allow low latency (that is, small round) secure multiparty protocols that are universallycomposable (UC). I ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. Multiparty secure computations are general important procedures to compute any function while keeping the security of private inputs. In this work we ask whether preprocessing can allow low latency (that is, small round) secure multiparty protocols that are universallycomposable (UC). In particular, we allow any polynomial time preprocessing as long as it is independent of the exact circuit and actual inputs of the specific instance problem to solve, with only a bound k on the number of gates in the circuits known. To address the question, we first define the model of “MultiParty Computation on Encrypted Data ” (MPCED), implicitly described in [FH96,JJ00,CDN01,DN03]. In this model, computing parties establish a threshold public key in a preprocessing stage, and only then private data, encrypted under the shared public key, is revealed. The computing parties then get the computational circuit they agree upon and evaluate the circuit on the encrypted data. The MPCED model is interesting since it is well suited for modern computing environments, where many repeated computations on overlapping data are performed.