Crypto for PRAM from io (via Succinct Garbled PRAM)
|
|
- Lee Farmer
- 5 years ago
- Views:
Transcription
1 Crypto for PRAM from io (via Succinct Garbled PRAM) Kai-Min Chung Academia Sinica, Taiwan Joint work with: Yu-Chi Chen, Sherman S.M. Chow, Russell W.F. Lai, Wei-Kai Lin, Hong-Sheng Zhou
2 Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero Knowledge Proof (NIZK) Fully Homomorphic Enc. (FHE) Functional Encryption (FE) Delegation with Persistent Database Indistinguishability Obfuscation (io) Traditionally, modeled as circuits Feasibility in more powerful computation model?
3 Models of Computation Circuits Large description size Parallelizable Turing Machines Small description size AND, OR, NOT gates RAM Machines Random data access Parallel RAM Random data access Parallelizable
4 Efficiency Gap Problem Comp. Model Total Time Parallel Time Binary search (input size n) Circuit RAM Ω (n) O(log n) Sorting Keyword search/ Range query (output size m) Circuit RAM Circuit RAM PRAM O(log n) Ω (nlog n) Ω (n) O(log n) O(mlog n) Ω(mlog n) O(mlog n) O(log n)
5 Parallel Model in Practice Emerging frameworks to handle big data MapReduce, GraphLab, Spark, etc. Leverage massive parallelism & random data access Circuit & RAM are not expressive enough PRAM: clean & expressive model to capture efficiency (total & parallel time & space) of these frameworks
6 Feasibility via Succinct Garbling Succinct Garbling for Model X [GHRW14,CHJV15, BGLPT15,KLW15] Delegation for X w/ Persistent DB MPC for X NIZK for X Functional Enc. for X io for X
7 Succinct Garbling for Model X Π=(P,x) Garb(Π) Succinctness: Time( Garb(Π) ) = poly( Π ) Eval Efficiency: Complexity in Model X of Eval( Garb(Π) ) Eval(Π) (up to polylog overhead) Security: Π, Π same complexity & output Garb(Π) Garb(Π )
8 Feasibility via Succinct Garbling io for circuit + OWF [KLW15] Succinct Garbling for X = TM [GHRW14,CHJV15, BGLPT15,KLW15] Delegation for X w/ Persistent DB MPC for X NIZK for X Functional Enc. for X io for X
9 Our Contribution io for circuit + OWF Succinct Garbling for X = PRAM [GHRW14,CHJV15, BGLPT15,KLW15] Delegation for X w/ Persistent DB MPC for X NIZK for X Functional Enc. for X io for X
10 Concurrent Work [CH16] io for circuit + OWF Succinct Garbling for X = RAM Modular Proof [GHRW14,CHJV15, BGLPT15,KLW15] Delegation for X w/ Persistent DB MPC for X NIZK for X Functional Enc. for X io for X
11 Succinct Garbling for TM [KLW15]
12 Abstraction of [KLW15] io for circuit + OWF Authentication Step ST-Garbling for TM Same-Trace Garbling Succinct Garbling for TM Hiding Step
13 Same-Trace Garbling for TM/RAM Memory TM/CPU Program P Computation Trace = (initial-value), (st 1, addr 1, val 1 ), (st 2, addr 2, val 2 ), (st 3, addr 3, val 3 ), (st T-1, addr T-1, val T-1 ), (st T, addr T, val T ) Security: Π, Π same trace (so same inp/out, complexity) Garb(Π) Garb(Π )
14 Indistinguishability Obfuscation (io) [BGI+12,GGH+13] Scramble program to make it unintelligible P O(P) Maintain functionality: O(P)(x) = P(x) x Security: If P(x) = P (x) x & same size O(P) O(P )
15 ST-Garbling for TM Abstraction of [KLW15] io for circuit + OWF Authentication Step Succinct Garbling for TM Hiding Step ST-Garb(P, x) = (io(p auth ), x auth ) Only generate comp. trace of P(x) Garb(P, x) = (ST-Garb(P hide, x hide )) Hide memory/cpu state content & memory access pattern
16 Authentication & Hiding in [KLW15] Authentication step: ST-Garb(P, x) = (io(p auth ), x auth ) io-friendly authentication primitives Enable program switching step by step in hybrids P P P P P P state 0 state 1 state 2 state T-2 state T-1 state T P P P P P P
17 Authentication & Hiding in [KLW15] Authentication step: ST-Garb(P, x) = (io(p auth ), x auth ) io-friendly authentication primitives Enable program switching step by step in hybrids Hiding step: Garb(P, x) = (ST-Garb(P hide, x hide )) Hide content by encryption Hide access pattern by Oblivious TM [PF79] Allow erasing computation step by step in hybrids ct dummy ct 0 ct dummy ct 1 ct dummy ct 2 ct dummy ct T-2 ct dummy ct T-1 ct T ct dummy
18 Succinct Garbling for RAM
19 Challenge: Hiding Access Pattern Garb(P, x) = (ST-Garb(P hide, x hide )) Replace Oblivious TM by Oblivious RAM [GO96] Issue: Cannot use ORAM security ORAM is inherently randomized, security hold only when ORAM randomness is hidden Idea: Puncturing ORAM
20 Puncturing ORAM Use tree-based ORAM [SLSC11], which is puncturable t-th step access pattern is determined by single randomness r t if r t is punctured/erased from program, t-th step access pattern can be simulated by random Puncturing r t r t may appear multiple times (encrypted) in history Carefully erase r t backward in time step by step Modify program: erase r t after step s for s = t, t-1,,0 ct 0 ct 1 ct 2 ct T-2 ct T-1 ct T ct rt ct rt ct rt r T
21 Puncturing ORAM Use tree-based ORAM [SLSC11], which is puncturable t-th step access pattern is determined by single randomness r t if r t is punctured/erased from program, t-th step access pattern can be simulated by random Puncturing r t r t may appear multiple times (encrypted) in history Carefully erase r t backward in time step by step Modify program: erase r t after step s [CH16]: 2 tracks trick w/ modular & simpler proof
22 Succinct Garbling for PRAM
23 Challenge: Authenticate Memory ST-Garb(P, x) = (io(p auth ), x auth ) Memory authenticated by Merkle tree root stored in CPU state Locally updatable by given augment path Issue: Parallel CPU Parallel Update Require CPU-to-CPU communication Memory CPU 1 CPU 2 CPU m
24 Challenge: Authenticate Memory ST-Garb(P, x) = (io(p auth ), x auth ) Memory authenticated by Merkle tree root stored in CPU state Locally updatable by given augment path Issue: Parallel CPU Parallel Update Require CPU-to-CPU communication Issue: Cannot afford Ω(m) overhead in parallel time Otherwise, void the gain of parallelism
25 Parallel Update Problem addr 2 addr 3 addr 1 addr m addr 4 aug-path 2 aug-path 3 aug-path 4
26 Challenge: Authenticate Memory ST-Garb(P, x) = (io(p auth ), x auth ) Memory authenticated by Merkle tree root stored in CPU state Locally updatable by given augment path Issue: Parallel CPU Parallel Update Require CPU-to-CPU communication Issue: cannot afford Ω(m) overhead in parallel time Otherwise, void the gain of parallelism O(log 2 m) -round parallel algorithm Parallel update level-by-level from leaves to root
27 Security Issue: High Pebble Complexity Put pebble on node to switch program P P P P P P state 0 state 1 state 2 state T-2 state T-1 state T P P P P P P Put pebble on node require to hardwire input/output
28 Security Issue: High Pebble Complexity Can use 2m pebbles to traverse graph, but not better Need to hardwire Ω(m) information in P auth poly(m) overhead state 1, 0 state 1,1 state 1,2 state 1,T-2 state 1,T-1 state 1,T state 2, 0 state 2,1 state 2,2 state 2,T-2 state 2,T-1 state 2,T state 3, 0 state 3,1 state 3,2 state 3,T-2 state 3,T-1 state 3,T state 4, 0 state 4,1 state 4,2 state 4,T-2 state 4,T-1 state 4,T
29 Branch & Combine Emulation Change topology to reduce pebble complexity Combine m CPU states to 1 combined state Branch one step computation from it state 1,t state 1,t+1 int 1,t int 1,t+1 comb t-1 state 2,t comb t state 2,t+1 comb t+1 state 3,t state 3,t+1 int 2,t int 2,t+1 state 4,t state 4,t+1
30 Branch & Combine Emulation Change topology to reduce pebble complexity Combine m CPU states to 1 combined state Branch one step computation from it Claim: pebble complexity = O(log m) state 1,t state 1,t+1 int 1,t int 1,t+1 comb t-1 state 2,t comb t state 2,t+1 comb t+1 state 3,t state 3,t+1 int 2,t int 2,t+1 state 4,t state 4,t+1
31 Branch & Combine Emulation Change topology to reduce pebble complexity Combine m CPU states to 1 combined state Branch one step computation from it Claim: pebble complexity = O(log m) Combine step Build Merkle tree on CPU states Combined state = root Branch step Authentication & one step computation
32 Hiding Step for PRAM Garb(P, x) = (ST-Garb(P hide, x hide )) Replace ORAM by Oblivious PRAM [BCP16] also puncturable
33 Summary and Open Problems Feasibility of crypto for PRAM based on io via succinct garbled PRAM Adaptive succinct garbled (Paralle) RAM with persistent memory (next talk) [ACC+15,CCHR15] Open: FHE for RAM/PRAM? Open: Crypto for PRAM without io ABE for RAM/PRAM based on LWE? Other parallel model?
34 Thank you! Questions? 34
Cryptography for Parallel RAM via Indistinguishability Obfuscation
Cryptography for Parallel RM via Indistinguishability Obfuscation Yu-Chi Chen Sherman S. M. Chow Kai-Min Chung Russell W. F. Lai Wei-Kai Lin Hong-Sheng Zhou ugust 22, 2015 bstract Since many cryptographic
More informationLectures 6+7: Zero-Leakage Solutions
Lectures 6+7: Zero-Leakage Solutions Contents 1 Overview 1 2 Oblivious RAM 1 3 Oblivious RAM via FHE 2 4 Oblivious RAM via Symmetric Encryption 4 4.1 Setup........................................ 5 4.2
More informationfrom circuits to RAM programs in malicious-2pc
from circuits to RAM programs in malicious-2pc Abstract: Secure 2-party computation (2PC) is becoming practical in some domains However, most approaches are limited by the fact that the desired functionality
More informationCryptography with Updates
Cryptography with Updates Slides and research in collaboration with: Prabhanjan Ananth UCLA Aloni Cohen MIT Abhishek Jain JHU Garbled Circuits C Offline: slow Online: fast x C(x) Garbled Circuits C Offline:
More informationAdaptively Secure Succinct Garbled RAM with Persistent Memory
Adaptively Secure Succinct Garbled RAM with Persistent Memory Ran Canetti, Yilei Chen, Justin Holmgren, Mariana Raykova DIMACS workshop MIT Media Lab June 8~10, 2016 1 : June 11, 2016, Boston, heavy snow.
More informationSearchable Encryption Using ORAM. Benny Pinkas
Searchable Encryption Using ORAM Benny Pinkas 1 Desiderata for Searchable Encryption Security No leakage about the query or the results Functionality Variety of queries that are supported Performance 2
More informationBetter 2-round adaptive MPC
Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: adversary adversary can decide can decide who to who corrupt to corrupt adaptively
More informationCSC 5930/9010 Cloud S & P: Cloud Primitives
CSC 5930/9010 Cloud S & P: Cloud Primitives Professor Henry Carter Spring 2017 Methodology Section This is the most important technical portion of a research paper Methodology sections differ widely depending
More informationMulti-Theorem Preprocessing NIZKs from Lattices
Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems
More informationApplication to More Efficient Obfuscation
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation (io)
More informationSomewhat Homomorphic Encryption
Somewhat Homomorphic Encryption Craig Gentry and Shai Halevi June 3, 2014 China Summer School on Lattices and Cryptography Part 1: Homomorphic Encryption: Background, Applications, Limitations Computing
More informationSecure Multiparty RAM Computation in Constant Rounds,
Secure Multiparty RAM Computation in Constant Rounds, Sanjam Garg 1, Divya Gupta 1, Peihan Miao 1, and Omkant Pandey 2 1 University of California, Berkeley {sanjamg,divyagupta2016,peihan}@berkeley.edu
More informationOnion ORAM: Constant Bandwidth ORAM Using Additively Homomorphic Encryption Ling Ren
Onion ORAM: Constant Bandwidth ORAM Using Additively Homomorphic Encryption Ling Ren Joint work with: Chris Fletcher, Srini Devadas, Marten van Dijk, Elaine Shi, Daniel Wichs Oblivious RAM (ORAM) Client
More informationAsymptotically Tight Bounds for Composing ORAM with PIR
Asymptotically Tight Bounds for Composing ORAM with PIR Ittai Abraham 1, Christopher W. Fletcher 2, Kartik Nayak 3, Benny Pinkas 4, and Ling Ren 5 1 VMware Research, Israel iabraham@vmware.com, 2 University
More informationHOP: Hardware makes Obfuscation Practical
HOP: Hardware makes Obfuscation Practical Kartik Nayak 1, Christopher W. Fletcher 2, Ling Ren 3, Nishanth Chandran 4, Satya Lokam 4, Elaine Shi 5, and Vipul Goyal 4 1 UMD kartik@cs.umd.edu 2 UIUC cwfletch@illinois.edu
More informationSQL on Structurally-Encrypted Databases
SQL on Structurally-Encrypted Databases Seny Kamara Tarik Moataz Q: What is a relational database? 2 Relational DB Table or relation Column or attribute Att 1 Att 2 Att 3 Att 4 Att5 Att 6 Att 7 DB = Row
More informationCache-Oblivious and Data-Oblivious Sorting and Applications
Cache-Oblivious and Data-Oblivious Sorting and Applications T-H. Hubert Chan, Yue Guo, Wei-Kai Lin, and Elaine Shi Jan, 2018 External Memory Model Cache efficiency: # of blocks Time: # of words Memory
More informationFully Succinct Garbled RAM
Fully Succinct Garbled RAM Ran Canetti Tel-Aviv University and Boston University canetti@bu.edu Justin Holmgren MIT holmgren@csail.mit.edu ABSTRACT We construct the first fully succinct garbling scheme
More informationProtecting Private Data in the Cloud: A Path Oblivious RAM Protocol
Protecting Private Data in the Cloud: A Path Oblivious RAM Protocol Nathan Wolfe and Ethan Zou Mentors: Ling Ren and Xiangyao Yu Fourth Annual MIT PRIMES Conference May 18, 2014 Outline 1. Background 2.
More informationUsable PIR. Network Security and Applied. Cryptography Laboratory.
Network Security and Applied Cryptography Laboratory http://crypto.cs.stonybrook.edu Usable PIR NDSS '08, San Diego, CA Peter Williams petertw@cs.stonybrook.edu Radu Sion sion@cs.stonybrook.edu ver. 2.1
More informationTWORAM: Efficient Oblivious RAM in Two Rounds with Applications to Searchable Encryption
TWORAM: Efficient Oblivious RAM in Two Rounds with Applications to Searchable Encryption Sanjam Garg 1, Payman Mohassel 2, and Charalampos Papamanthou 3 1 University of California, Berkeley 2 Yahoo! Labs
More informationKnowledge Preserving Interactive Coding
Knowledge Preserving Interactive Coding Sidharth Telang (Cornell University) Joint work with Kai-min Chung (Academia Sinica) and Rafael Pass (Cornell U, Ithaca & NYC) To appear in FOCS 2013 Error-resilient
More informationVERIFIABLE SYMMETRIC SEARCHABLE ENCRYPTION
VERIFIABLE SYMMETRIC SEARCHABLE ENCRYPTION DATE 09/03/2016 SÉMINAIRE EMSEC - RAPHAEL BOST Searchable Encryption Outsource data securely keep search functionalities Generic Solutions We can use generic
More informationSecurity and Privacy through Modern Cryptography
Security and Privacy through Modern Cryptography David Wu Stanford University Cryptography in the 1970s How can two users who have never met before communicate securely with each other? m secrecy integrity
More informationAscend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7b Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
More informationEfficient Maliciously Secure Multiparty Computation for RAM
Efficient Maliciously Secure Multiparty Computation for RAM Marcel Keller and Avishay Yanai M.Keller@bristol.ac.uk Bristol University Ay.Yanay@gmail.com Bar-Ilan University Abstract. A crucial issue, that
More informationActively Secure Private Function Evaluation
Actively Secure Private Function Evaluation Payman Mohassel 1,2, Saeed Sadeghian 1, and Nigel P. Smart 3 1 Dept. Computer Science, University of Calgary, pmohasse@ucalgary.ca, sadeghis@ucalgary.ca 2 Yahoo
More informationIron: Functional encryption using Intel SGX
Iron: Functional encryption using Intel SGX Sergey Gorbunov University of Waterloo Joint work with Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh. Motivation DNA_A DB = Database of DNA sequences DNA_B
More informationOptimal-Rate Non-Committing Encryption in a CRS Model
Optimal-Rate Non-Committing Encryption in a CRS Model Ran Canetti Oxana Poburinnaya Mariana Raykova May 24, 2016 Abstract Non-committing encryption (NCE) implements secure channels under adaptive corruptions
More informationFunctional Encryption from (Small) Hardware Tokens
Functional Encryption from (Small) Hardware Tokens Kai-Min Chung 1, Jonathan Katz 2, and Hong-Sheng Zhou 3 1 Academia Sinica kmchung@iis.sinica.edu.tw 2 University of Maryland jkatz@cs.umd.edu 3 Virginia
More informationOblivious Computation with Data Locality
Oblivious Computation with Data Locality Gilad Asharov T-H. Hubert Chan Kartik Nayak Cornell Tech The University of Hong Kong UMD asharov@cornell.edu hubert@cs.hku.hk kartik@cs.umd.edu Rafael Pass Ling
More informationOblivious Hashing Revisited, and Applications to Asymptotically Efficient ORAM and OPRAM
Oblivious Hashing Revisited, and Applications to Asymptotically Efficient ORAM and OPRAM T-H. Hubert Chan 1, Yue Guo 2, Wei-Kai Lin 2, and Elaine Shi 2 1 The University of Hong Kong 2 Cornell University
More informationNotes for Lecture 14
COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationFORWARD PRIVATE SEARCHABLE ENCRYPTION
FORWARD PRIVATE SEARCHABLE ENCRYPTION DATE 13/07/2016 MSR CAMBRIDGE - RAPHAEL BOST Searchable Encryption Outsource data securely keep search functionalities Generic Solutions We can use generic tools
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationUltra-Lightweight Cryptography
Ultra-Lightweight Cryptography F.-X. Standaert UCL Crypto Group European brokerage event, Cryptography Paris, September 2016 Outline Introduction Symmetric cryptography Hardware implementations Software
More informationSorting integer arrays: security, speed, and verification. D. J. Bernstein
Sorting integer arrays: security, speed, and verification 1 D. J. Bernstein Bob s laptop screen: 2 From: Alice Thank you for your submission. We received many interesting papers, and unfortunately your
More informationMaking Searchable Encryption Scale to the Cloud. Ian Miers and Payman Mohassel
Making Searchable Encryption Scale to the Cloud Ian Miers and Payman Mohassel End to end Encryption No encryption Transport encryption End2End Encryption Service provider Service provider Service provider
More informationProbabilistic Termination and Composability of Cryptographic Protocols [Crypto 16]
Probabilistic Termination and Composability of Cryptographic Protocols [Crypto 16] Ran Cohen (TAU) Sandro Coretti (NYU) Juan Garay (Yahoo Research) Vassilis Zikas (RPI) Motivation Given: Protocol with
More information10 Introduction to Distributed Computing
CME 323: Distributed Algorithms and Optimization, Spring 2016 http://stanford.edu/~rezab/dao. Instructor: Reza Zadeh, Matroid and Stanford. Lecture 10, 4/27/2016. Scribed by Ting-Po Lee and Yu-Sheng Chen.
More informationSub-logarithmic Distributed Oblivious RAM with Small Block Size
Sub-logarithmic Distributed Oblivious RAM with Small Block Size Eyal Kushilevitz and Tamer Mour ( ) Computer Science Department, Technion, Haifa 32000, Israel eyalk@cs.technion.ac.il tamer.mour@technion.ac.il
More informationKeynote: White-Box Cryptography
Keynote: White-Box Cryptography Matthieu Rivain PHIIC Workshop, 4 Oct 2016 Outline Context: white-box crypto: big trend in the industry cryptographic obfuscation: big trend in the scientific literature
More informationAsynchronous Secure Multiparty Computation in Constant Time
Asynchronous Secure Multiparty Computation in Constant Time Ran Cohen December 30, 2015 Abstract In the setting of secure multiparty computation, a set of mutually distrusting parties wish to securely
More informationThe Ascend Secure Processor. Christopher Fletcher MIT
The Ascend Secure Processor Christopher Fletcher MIT 1 Joint work with Srini Devadas, Marten van Dijk Ling Ren, Albert Kwon, Xiangyao Yu Elaine Shi & Emil Stefanov David Wentzlaff & Princeton Team (Mike,
More informationPrivacy-Preserving Computation with Trusted Computing via Scramble-then-Compute
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore The Problem Context:
More informationPCPs and Succinct Arguments
COSC 544 Probabilistic Proof Systems 10/19/17 Lecturer: Justin Thaler PCPs and Succinct Arguments 1 PCPs: Definitions and Relationship to MIPs In an MIP, if a prover is asked multiple questions by the
More informationEfficient Data Structures for Tamper-Evident Logging
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances
More informationarxiv: v1 [cs.cr] 19 Sep 2017
BIOS ORAM: Improved Privacy-Preserving Data Access for Parameterized Outsourced Storage arxiv:1709.06534v1 [cs.cr] 19 Sep 2017 Michael T. Goodrich University of California, Irvine Dept. of Computer Science
More informationGarbled Circuits via Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina
Garbled Circuits via Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina Garbled Circuits Fundamental cryptographic primitive Possess many useful properties Homomorphic
More informationRaccoon: Closing Digital Side-Channels through Obfuscated Execution
Raccoon: Closing Digital Side-Channels through Obfuscated Execution Ashay Rane, Calvin Lin, Mohit Tiwari The University of Texas at Austin Secure code? Instruction Pointer if (secret_bit == 1) { z = (msg
More informationCryptographic Agents: Towards a Unified Theory of Computing on Encrypted Data
Cryptographic Agents: Towards a Unified Theory of Computing on Encrypted Data Shashank Agrawal 1, Shweta Agrawal 2, and Manoj Prabhakaran 1 University of Illinois Urbana-Champaign {sagrawl2,mmp}@illinois.edu
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationIntroduction to Parallel Algorithm Analysis
Introduction to Parallel Algorithm Analysis Jeff M. Phillips October 4, 2013 Petri Nets C. A. Petri [1962] introduced analysis model for concurrent systems. Flow chart Described data flow and dependencies.
More informationStructured Encryption and Controlled Disclosure
Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research Cloud Storage Security for Cloud Storage o Main concern: will my data be safe? o it will be encrypted o it will
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationTSKT-ORAM: A Two-Server k-ary Tree Oblivious RAM without Homomorphic Encryption
future internet Article TSKT-ORAM: A Two-Server k-ary Tree Oblivious RAM without Homomorphic Encryption Jinsheng Zhang 1, Qiumao Ma 1, Wensheng Zhang 1, * and Daji Qiao 2 1 Department of Computer Science,
More informationUpdatable Functional Encryption
Updatable Functional Encryption Afonso Arriaga 1, Vincenzo Iovino 1, and Qiang Tang 1 SnT, University of Luxembourg, Luxembourg City, Luxembourg afonso.delerue@uni.lu, vincenzo.iovino@uni.lu, tonyrhul@gmail.com
More informationVlad Kolesnikov Bell Labs
Vlad Kolesnikov Bell Labs DIMACS/Northeast Big Data Hub Workshop on Privacy and Security for Big Data Apr 25, 2017 You are near Starbucks; here is a special Legislation may require user consent each time
More informationLarge-Scale Secure Computation: Multi-party Computation for (Parallel) RAM Programs
Large-Scale Secure Computation: Multi-party Computation for (Parallel) RAM Programs Elette Boyle 1, Kai-Min Chung 2*, and Rafael Pass 3 1 Technion Israel, eboyle@alum.mit.edu 2 Academica Sinica, kmchung@iis.sinica.edu.tw
More informationThe Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background:
More informationParallel Algorithms for (PRAM) Computers & Some Parallel Algorithms. Reference : Horowitz, Sahni and Rajasekaran, Computer Algorithms
Parallel Algorithms for (PRAM) Computers & Some Parallel Algorithms Reference : Horowitz, Sahni and Rajasekaran, Computer Algorithms Part 2 1 3 Maximum Selection Problem : Given n numbers, x 1, x 2,, x
More informationCSL 860: Modern Parallel
CSL 860: Modern Parallel Computation PARALLEL ALGORITHM TECHNIQUES: BALANCED BINARY TREE Reduction n operands => log n steps Total work = O(n) How do you map? Balance Binary tree technique Reduction n
More informationDistributed Oblivious RAM for Secure Two-Party Computation
Distributed Oblivious RAM for Secure Two-Party Computation Steve Lu Rafail Ostrovsky Abstract Secure two-party computation protocol allows two players, Alice with secret input x and Bob with secret input
More informationParallel Computation: Many computations at once, we measure parallel time and amount of hardware. (time measure, hardware measure)
CMPSCI 601: Recall From Last Time Lecture 24 Parallel Computation: Many computations at once, we measure parallel time and amount of hardware. Models: (time measure, hardware measure) Parallel RAM: number
More informationEfficient Private Information Retrieval
Efficient Private Information Retrieval K O N S T A N T I N O S F. N I K O L O P O U L O S T H E G R A D U A T E C E N T E R, C I T Y U N I V E R S I T Y O F N E W Y O R K K N I K O L O P O U L O S @ G
More informationUpgrading to Functional Encryption
Upgrading to Functional Encryption Saikrishna Badrinarayanan Dakshita Khurana Amit Sahai Brent Waters Abstract The notion of Functional Encryption (FE) has recently emerged as a strong primitive with several
More informationConstraint hiding constrained PRF for NC1 from LWE. Ran Canetti, Yilei Chen, # Eurocrypt 2017 special edition
Constraint hiding constrained PRF for NC1 from LWE Ran Canetti, Yilei Chen, # Eurocrypt 2017 special edition 1 2 Puncture! 3 4 Puncturable/constrained PRF [Boneh, Waters 13, Kiayias, Papadopoulos, Triandopoulos,
More informationMalicious-Client Security in Blind Seer: A Scalable Private DBMS
2015 IEEE Symposium on Security and Privacy Malicious-Client Security in Blind Seer: A Scalable Private DBMS Ben A. Fisch, Binh Vo, Fernando Krell, Abishek Kumarasubramanian, Vladimir Kolesnikov, Tal Malkin,
More informationYuval Ishai Technion
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Yuval Ishai Technion 1 Zero-knowledge proofs for NP [GMR85,GMW86] Bar-Ilan University Computational MPC with no honest
More informationPanORAMa: Oblivious RAM with Logarithmic Overhead
PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel 1, Giuseppe Persiano 1,2, Mariana Raykova 1,3, and Kevin Yeo 1 1 Google LLC 2 Università di Salerno 3 Yale University Abstract We present
More informationIncremental Program Obfuscation
Incremental Program Obfuscation Sanjam Garg University of California, Berkeley Omkant Pandey Stony Brook University, New York Abstract Recent advances in program obfuscation suggest that it is possible
More informationPrivately Constraining and Programming PRFs, the LWE Way PKC 2018
Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018 1 / 15 Constrained Pseudorandom Functions [KPTZ 13,BW 13,BGI 14] 1 Ordinary evaluation algorithm Eval(msk,
More informationFrom Routing to Traffic Engineering
1 From Routing to Traffic Engineering Robert Soulé Advanced Networking Fall 2016 2 In the beginning B Goal: pair-wise connectivity (get packets from A to B) Approach: configure static rules in routers
More informationSecure Two-Party Computation in Sublinear (Amortized) Time
Secure Two-Party omputation in Sublinear (Amortized) Time S. Dov Gordon olumbia University gordon@cs.columbia.edu Jonathan Katz University of Maryland jkatz@cs.umd.edu Fernando Krell olumbia University
More informationArchitecture- level Security Issues for main memory. Ali Shafiee
Architecture- level Security Issues for main memory Ali Shafiee Aganda Replay- A;ack (bonsai) merkle tree NVM challenages Endurance stealing Side- channel A;ack due to resource sharing Time channel a;ack
More informationOptORAMa: Optimal Oblivious RAM
OptORAMa: Optimal Oblivious RAM Gilad Asharov 1, Ilan Komargodski 1, Wei-Kai Lin 2, Kartik Nayak 3, and Elaine Shi 2 1 Cornell Tech 2 Cornell University 3 VMware Research and Duke University September
More information- Presentation 25 minutes + 5 minutes for questions. - Presentation is on Wednesday, 11:30-12:00 in B05-B06
Information: - Presentation 25 minutes + 5 minutes for questions. - Presentation is on Wednesday, 11:30-12:00 in B05-B06 - Presentation is after: Abhi Shelat (fast two-party secure computation with minimal
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationSecure Computation From Millionaire
Secure Computation From Millionaire abhi shelat and Muthuramakrishnan Venkitasubramaniam Abstract. The standard method for designing a secure computation protocol for function f first transforms f into
More informationTools for Computing on Encrypted Data
Tools for Computing on Encrypted Data Scribe: Pratyush Mishra September 29, 2015 1 Introduction Usually when analyzing computation of encrypted data, we would like to have three properties: 1. Security:
More informationOrder-Revealing Encryption:
Order-Revealing Encryption: New Constructions, Applications and Lower Bounds Kevin Lewi and David J. Wu Stanford University Searching on Encrypted Data Searching on Encrypted Data Searching on Encrypted
More informationQuteSat. A Robust Circuit-Based SAT Solver for Complex Circuit Structure. Chung-Yang (Ric) Huang National Taiwan University
QuteSat A Robust Circuit-Based SAT Solver for Complex Circuit Structure Chung-Yang (Ric) Huang National Taiwan University To appear: DATE 27 2/1/27 Fact Sheet (Background) Boolean Satisfiability (SAT)
More informationData Hiding on Text Using Big-5 Code
Data Hiding on Text Using Big-5 Code Jun-Chou Chuang 1 and Yu-Chen Hu 2 1 Department of Computer Science and Communication Engineering Providence University 200 Chung-Chi Rd., Shalu, Taichung 43301, Republic
More informationOn the (In)security of Hash-based Oblivious RAM and a New Balancing Scheme
On the (In)security of Hash-based Oblivious RAM and a New Balancing Scheme Eyal Kushilevitz Steve Lu Rafail Ostrovsky Abstract With the gaining popularity of remote storage (e.g. in the Cloud), we consider
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationBucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM
Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM Christopher Fletcher MIT cwfletch@mit.edu Muhammad Naveed Cornell/UIUC naveed2@illinois.edu Elaine Shi Cornell elaine@cs.cornell.edu
More informationAttribute-Based Fully Homomorphic Encryption with a Bounded Number of Inputs
Attribute-Based Fully Homomorphic Encryption with a Bounded Number of Inputs Michael Clear and Ciarán McGoldrick School of Computer Science and Statistics, Trinity College Dublin {clearm, Ciaran.McGoldrick}@scss.tcd.ie
More informationSlalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramèr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating
More informationDistributed Oblivious RAM for Secure Two-Party Computation
Distributed Oblivious RAM for Secure Two-Party Computation Steve Lu 1 and Rafail Ostrovsky 2 1 Stealth Software Technologies, Inc., USA steve@stealthsoftwareinc.com 2 Department of Computer Science and
More informationOn the Composition of Public- Coin Zero-Knowledge Protocols. Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm(KTH)
On the Composition of Public- Coin Zero-Knowledge Protocols Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm(KTH) 1 Zero Knowledge [GMR85] Interactive protocol between a Proverand
More informationSubstring-Searchable Symmetric Encryption
Proceedings on Privacy Enhancing Technologies 2015; 2015 (2):263 281 Melissa Chase and Emily Shen Substring-Searchable Symmetric Encryption Abstract: In this paper, we consider a setting where a client
More informationFree IF: How to Omit Inactive Branches and Implement S-Universal Garbled Circuit (Almost) for Free
Free IF: How to Omit Inactive Branches and Implement S-Universal Garbled Circuit (Almost) for Free Vladimir Kolesnikov School of Computer Science, Georgia Institute of Technology kolesnikov@gatech.edu
More informationSecure Remote Storage Using Oblivious RAM
Secure Remote Storage Using Oblivious RAM Giovanni Malloy Mentors: Georgios Kellaris, Kobbi Nissim August 11, 2016 Abstract Oblivious RAM (ORAM) is a protocol that allows a user to access the data she
More informationLecture 19 Apr 25, 2007
6.851: Advanced Data Structures Spring 2007 Prof. Erik Demaine Lecture 19 Apr 25, 2007 Scribe: Aditya Rathnam 1 Overview Previously we worked in the RA or cell probe models, in which the cost of an algorithm
More informationGraph Connectivity in MapReduce...How Hard Could it Be?
Graph Connectivity in MapReduce......How Hard Could it Be? Sergei Vassilvitskii +Karloff, Kumar, Lattanzi, Moseley, Roughgarden, Suri, Vattani, Wang August 28, 2015 Google NYC Maybe Easy...Maybe Hard...
More informationJack Doerner [Northeastern U] An Introduction to Practical Multiparty Computation
Jack Doerner [Northeastern U] An Introduction to Practical Multiparty Computation This Talk MPC Frameworks - General Computation Circuit Structures - Solving Specific Problems The Memory Problem - A Perpetual
More informationScalable Transparent ARguments-of-Knowledge
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo Bentov, and
More informationNon-interactive and Output Expressive Private Comparison from Homomorphic Encryption
Non-interactive and Output Expressive Private Comparison from Homomorphic Encryption Wen-jie Lu 1, Jun-jie Zhou 1, Jun Sakuma 1,2,3 1.University of Tsukuba 2.JST/CREST 3.RIKEN AIP Center Target Function:
More informationRecursive ORAMs with Practical Constructions
Recursive ORAMs with Practical Constructions Sarvar Patel Giuseppe Persiano Kevin Yeo September 30, 2017 Abstract We present Recursive Square Root ORAM (R-SQRT), a simple and flexible ORAM that can be
More information