Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.
-
date post
20-Dec-2015 -
Category
Documents
-
view
221 -
download
4
Transcript of Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.
Secure Multi-party Secure Multi-party Computations Computations
(MPC)(MPC)A useful tool to cryptographic
applications
Vassilis Zikas
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
• The problem:There is given a set of parties
(players, computers, authorites...) who want to do a joint computation but may not trust eachother!!!
Example (The millionair ‘s problem):There are 2 millionairs who want to
find out how is richer (without of course revealing eachother the exact ammount of money they own).
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Obvious solution:Existence of a fully Trusted Party(TP)• All players send their values to the
TP• The TP does the computation and
sends each player what he is supposed to know
Goal of MPCGoal of MPCSimulate the TP (when such dosn‘t
exist) via a protocol among the parties.
1
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Special case of MPC:Secure function evaluation(SFE):n players want to compute a function of
their inputs whithout giving them away (actualy the function can output n values of which only the i-th should be known to the i-th player).
e.g. a. e-voting (f=sum of votes)b. f:Nn!Nn where pn learns only fn(x1,,xn)
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Difficulty???Dishonest players (adversary)!!!Adversary types:1. Pasive: All the corrupted players follow
the protocol but the aversary can see averything they see.
2. Fail: The corrupted player might stop sending messages at some point of the execution.
3. Active: (Most general) The adversary can see what the corrupted players see, and he can force them to misbehave arbitrarily.
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Categories (according to the communication channels and the resources of the adversary)
1. Secure Channels Model:The parties communicate via secure
authenticated channels • Perfect (information-theoretic)
security.• Unconditional security (small
error-probability)1. Cryptographic model
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Not good when p1 is corrupted
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Broadcast (definition):input: x1, outputs: y1,,yn
1. (consistency): All honest players have the same output y.
2. (validity): If the sender is honestsender is honest then all the honest playersall the honest players output x1.
3. (termination): Every player ends with an output.
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Consensus (Agreement) (definition):input: x1,,xn , outputs: y1,,yn
1. (consistency): All honest players have the same output y.
2. (validity): If the all honest players all honest players have input x have input x then all the honest all the honest playersplayers output y=x.
3. (termination): Every player ends with an output.
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Secret sharing (thresshold case):
Player p wants to share a secret s to players p1,, pn in a way that
the shares of any t players (put alltogether) give no information about s,
the shares of t+1 players uniquely define s
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Shamir ‘s secret sharing:Vector (a1,,an) is publicly known.Sharing phase:• p chooses a random polynomial q(¢) of degree t
where the constant term is s (i.e. q(0)=s).• p sends q(ai) to player pi.Reconstruction phase:In order for pi to learn the secret s all player send
him their shares and he applies Lagrange’s interpolation:
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
MPC (secure channels - passive case)INVARIANT: The inputs and the results of
the computations remain shared to the players throughout the protocol.
1. Inputs Sharing:Every player pi shares his input (Shamir’s SS Scheme) using a random polynomial qi(¢).
2. Computation: i. Addition: Can be done without
interaction locally.ii. Multiplication: (BOARD)
3. Reconstruction (towards pj)All players send their shares of the output
to pj and he does the reconstruction
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
When active adversaries are considered SS is not enough (why?) we need Verifiable SS!!!
Difference:• The dealer is committed to the
value he shares (therefore verifiable)
• All players are committed to the values they ‘ve recieved
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
Mixed (Active+Passive+Fail) Model:
There is an MPC protocol for any spacification
iff3ta+2tp+tf<n
Secure Multi-party Secure Multi-party Computations (MPC)Computations (MPC)
General Adversaries:
• Adversary structure Z={(Ai,Pi,Fi)}
• Ai={set of players that can be actively corrupted by adversary Zi}
• Pi, Fi similar defined
• Z is a monotone set• Z can be characterized by the class
of maximal sets (Base of Z ( )).
We will consider on Active + Passive corruption for the general adversaries