Embed Size (px)
Citation preview
Secure Computation and theCombinatorics of Hidden Diversity
Juan Garay (AT&T Research)David Johnson (AT&T Research) Aggelos Kiayias (U. Athens) Moti Yung (Google)
Hidden Diversity and Secure Multiparty Computation
Resource-based Corruptions Adversaries corrupt parties...
…for FREE!
Prover Verifier
Hidden Diversity and Secure Multiparty Computation
Resource-based Corruptions (cont’d)
How much does corruption cost?• Different parties may require different “resources” to get
corrupted
Can “anonymity” be used to raise those costs?
Our new questions:
A focal point : Corruption diversity
Given that corruptions happen in different ways and based on different parameters, they can require a different amount of resources
How to model corruption diversity?
Resource-based corruptions
s1s2
s3
s4
s5
Budget b(with “tokens”)
Adversary’s
Goal :
Hidden Diversity and IndistinguishabilitySuppose different parties require different resources for
corruption but externally appear the same
s2
s3s4
s5
s1
?Adversary will need to waste more resources for subverting the system!
A Combinatorial Game
GIVEN: Set B1, B2, …, Bn of buckets, with bucket Bi having non-negative integer size si, and a target fraction α, 0 < α < 1.
GOAL: Fill αn of the buckets using as few balls as possible, where a bucket of size si is filled if it receives si balls.
Hidden Diversity and Secure Multiparty Computation
n = 5, α = ½, αn = 3
Balls and Buckets (cont’d)
Hidden Diversity and Secure Multiparty Computation
Only Feedback from Placing a Ball: “Bucket Now Full” or
“Bucket Not Yet Full”
Balls and Buckets (cont’d)
Hidden Diversity and Secure Multiparty Computation
How many balls?
Hidden Diversity and Secure Multiparty Computation
In this work Framework for realization of above abstraction
• Computational corruptions Sufficient conditions for abstraction
• Information-Effort-Preserving (IEP) functions
• Hardness Indistinguishability
• Exact Hardness
Hidden Diversity and Secure Multiparty Computation
Candidate Functions Random oracle Exponentiation
• f : Zq → S; q: λ-bit prime number; S: (generic) multiplicative group
Multiplication
• fmult : Pλ x Pλ → N
Hidden Diversity and Secure Multiparty Computation
In this work Framework for realization of above abstraction
• Computational corruptions Sufficient conditions for abstraction
• Information-Effort-Preserving (IEP) functions
• Hardness Indistinguishability
• Exact Hardness
Much is to be gained : MPC
• Security: unbounded additional adversarial effort
• Efficiency: force corruption threshold to drop from 1/2 to 1/3, and run information-theoretic MPC protocol
Thanks!
