nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Secure Computation Based on Leaky Correlations: High Resilience Setting

verfasst von : Alexander R. Block, Hemanta K. Maji, Hai H. Nguyen

Erschienen in: Advances in Cryptology – CRYPTO 2017

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Correlated private randomness, or correlation in short, is a fundamental cryptographic resource that helps parties compute securely over their private data. An offline preprocessing step, which is independent of the eventual secure computation, generates correlated secret shares for the parties and the parties use these shares during the final secure computation step. However, these secret shares are vulnerable to leakage attacks.

Inspired by the quintessential problem of privacy amplification, Ishai, Kushilevitz, Ostrovsky, and Sahai (FOCS 2009) introduced the concept of correlation extractors. Correlation extractors are interactive protocols that take leaky correlations as input and produce secure independent copies of oblivious transfer (OT), the building blocks of secure computation protocols. Although their initial feasibility result is resilient to linear leakage and produces a linear number of “fresh” OTs, the constants involved are minuscule. The output of this correlation extractor can be used to perform only small secure computation tasks, because the number of OTs needed to evaluate a functionality securely is roughly proportional to its circuit size. Recently, Gupta, Ishai, Maji, and Sahai (CRYPTO 2015) constructed an extractor that is resilient to 1/4 fractional leakage and has near-linear production rate. They also constructed an extractor from a large correlation that has 1/2 fractional resilience but produces only one OT, which does not suffice to compute even constant size functionalities securely.

In this paper, we show the existence of a correlation that produces n-bit shares for the parties and allows the extraction of \(n^{1-o(1)}\) secure OTs, despite n/2 bits of leakage. The key technical idea is to embed several multiplications over a field into one multiplication over an extension field. The packing efficiency of this embedding directly translates into the production rate of our correlation extractor. Our work establishes a connection between this problem and a rich vein of research in additive combinatorics on constructing dense sets of integers that are free of arithmetic progressions, a.k.a. 3-free sets. We introduce a new combinatorial problem that suffices for our multiplication embedding, and produces concrete embeddings that beat the efficiency of the embeddings inspired by the reduction to 3-free sets.

Finally, the paper introduces a graph-theoretic measure to upper-bound the leakage resilience of correlations, namely the simple partition number. This measure is similar in spirit to graph covering problems like the biclique partition number. If the simple partition number of a correlation is \(2^\lambda \), then it is impossible to extract even one OT if parties can perform \(\lambda \)-bits of leakage. We compute tight estimates of the simple partition number of several correlations that are relevant to this paper, and, in particular, show that our extractor and the extractor for the large correlation by Gupta et al. have optimal leakage resilience and (qualitatively) optimal simulation error.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Laconic Oblivious Transfer and Its Applications

The actual inner-product correlation is defined slightly differently. Parties get shares \((x_0,x_1,\cdots ,x_n)\) and \((y_0,y_1,\cdots ,y_n)\) such that \(x_0+y_0 = \sum _{i=1}^n x_iy_i\). That is, \(x_0\) and \(y_0\) are additive secret shares of the inner product of \((x_1,\cdots ,x_n)\) and \((y_1,\cdots ,y_n)\). But for intuition, it suffices to consider the correlation where the secret shares of the parties are orthogonal vectors instead.

That is, the functionality samples secret shares \((r_A,r_B)\) according to the correlation \((R_A,R_B)\). The adversarial party sends a t-bit leakage function \({\mathcal L}\) to the functionality and receives the leakage \({\mathcal L} (r_A,r_B)\) from the functionality. The functionality sends \(r_A\) to Alice and \(r_B\) to Bob. Note that the adversary does not need to know its secret share to construct the leakage function because the leakage function gets the secret shares of both parties as input.

The problem of characterizing correlations whose single sample suffice to construct \( \mathsf {OT} \) is a fascinating open problem that lies beyond the purview of this study.

This definition naturally generalizes to weighted graphs. Suppose \(p(r_A,r_B)\) represents the probability of jointly sampling \((r_A,r_B)\) from the correlation \((R_A,R_B)\). Then a simple graph has \(p(r_A,r_B)=p(r_A)\cdot p(r_B)\), for every \((r_A,r_B)\) edge with positive weight.

Recall that in the protocol \(\pi ({\mathbb K},\eta )\), all parties have share size \((\eta +1)\log \left| {{\mathbb K}}\right| \).

Babai, L., Frankl, P.: Linear Algebra Methods in Combinatorics: With Applications to Geometry and Computer Science. Department of Computer Science, University of Chicago (1992). 23

Beaver, D.: Perfect privacy for two-party protocols. In: Feigenbaum, J., Merritt, M. (eds.) Proceedings of DIMACS Workshop on Distributed Computing and Cryptography, vol. 2, pp. 65–77. American Mathematical Society (1989). 4, 12, 22

Behrend, F.A.: On sets of integers which contain no three terms in arithmetical progression. Proc. Natl. Acad. Sci. 32(12), 331–332 (1946). 18, 19, 20, 21MathSciNetCrossRefMATH

Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 08, pp. 257–266. ACM Press, October 2008. 4

Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th ACM STOC, pp. 1–10. ACM Press, May 1988. 4

Block, A.R., Maji, H.K., Nguyen, H.H.: Secure computation based on leaky correlations: high resilience setting. https://www.cs.purdue.edu/homes/hmaji/papers/C:BloMajNgu17.pdf. (Full Version). 16, 24, 25

Bloom, T.F.: A quantitative improvement for Roth’s theorem on arithmetic progressions. J. Lond. Math. Soc. 93(3), 643–663 (2016). 20MathSciNetCrossRefMATH

Bourgain, J.: On triples in arithmetic progression. Geom. Funct. Anal. 9(5), 968–984 (1999). 18, 20MathSciNetCrossRefMATH

Bourgain, J.: Roth’s theorem on progressions revisited. J. d’Analyse Math. 104(1), 155–192 (2008). 18, 20MathSciNetCrossRefMATH

10.

Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th ACM STOC, pp. 494–503. ACM Press, May 2002. 4

11.

Chandran, N., Goyal, V., Sahai, A.: New constructions for UC secure computation using tamper-proof hardware. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 545–562. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_31. 4CrossRef

12.

Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: 20th ACM STOC, pp. 11–19. ACM Press, May 1988. 4

13.

Cioaba, S.M., Tait, M.: More counterexamples to the Alon-Saks-Seymour and rank-coloring conjectures. Electron. J. Comb. 18(P26), 1 (2011). 23MathSciNetMATH

14.

Cioabă, S.M., Tait, M.: Variations on a theme of Graham and Pollak. Discret. Math. 313(5), 665–676 (2013). 23MathSciNetCrossRefMATH

15.

Crépeau, C., Morozov, K., Wolf, S.: Efficient unconditional oblivious transfer from almost any noisy channel. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 47–59. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30598-9_4. 4CrossRef

16.

Damgård, I., Ishai, Y.: Scalable secure multiparty computation. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 501–520. Springer, Heidelberg (2006). doi:10.1007/11818175_30. 4CrossRef

17.

Damgård, I., Nielsen, J.B., Wichs, D.: Isolated proofs of knowledge and isolated zero knowledge. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 509–526. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_29. 4CrossRef

18.

Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_38. 4CrossRef

19.

Dolev, D.: The Byzantine generals strike again. J. Algorithms 3(1), 14–30 (1982). 4MathSciNetCrossRefMATH

20.

Elkin, M.: An improved construction of progression-free sets. In: Proceedings of the Twenty-first Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 886–905. Society for Industrial and Applied Mathematics (2010). 18, 19, 20, 21

21.

Gács, P., Körner, J.: Common information is far less than mutual information. Probl. Control Inf. Theory 2(2), 149–162 (1973). 26MathSciNetMATH

22.

Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229. ACM Press, May 1987. 4

23.

Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11799-2_19. 4CrossRef

24.

Graham, R.L., Pollak, H.O.: On the addressing problem for loop switching. Bell Syst. Tech. J. 50(8), 2495–2519 (1971). 10, 23MathSciNetCrossRefMATH

25.

Graham, R.L., Pollak, H.O.: On embedding graphs in squashed cubes. In: Alavi, Y., Lick, D.R., White, A.T. (eds.) Graph Theory and Applications. LNM, vol. 303, pp. 99–110. Springer, Heidelberg (1972). doi:10.1007/BFb0067362. 10, 23CrossRef

26.

Gupta, D., Ishai, Y., Maji, H.K., Sahai, A.: Secure computation from leaky correlated randomness. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 701–720. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48000-7_34. 6, 7, 8, 9, 10, 11, 16CrossRef

27.

Harnik, D., Ishai, Y., Kushilevitz, E., Nielsen, J.B.: OT-combiners via secure computation. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 393–411. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78524-8_22. 10CrossRef

28.

Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On robust combiners for oblivious transfer and other primitives. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 96–113. Springer, Heidelberg (2005). doi:10.1007/11426639_6. 10CrossRef

29.

Heath-Brown, D.R.: Integer sets containing no arithmetic progressions. J. Lond. Math. Soc. (2) 35(3), 385–394 (1987). 18, 20MathSciNetCrossRefMATH

30.

Hoffman, A.J.: Eigenvalues and partitionings of the edges of a graph. Linear Algebra Appl. 5(2), 137–146 (1972). 23MathSciNetCrossRefMATH

31.

Huang, H., Sudakov, B.: A counterexample to the alon-saks-seymour conjecture and related problems. Combinatorica 32(2), 205–219 (2012). 23MathSciNetCrossRefMATH

32.

Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography (extended abstract). In: 30th FOCS, pp. 230–235. IEEE Computer Society Press, October/November 1989. 4, 12, 22

33.

Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Extracting correlations. In: 50th FOCS, pp. 261–270. IEEE Computer Society Press, October 2009. 5, 6, 7, 10

34.

Ishai, Y., Maji, H.K., Sahai, A., Wullschleger, J.: Single-use OT combiners with near-optimal resilience. In: 2014 IEEE International Symposium on Information Theory, Honolulu, HI, USA, 29 June–4 July 2014, pp. 1544–1548. IEEE (2014). 6, 9, 10

35.

Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85174-5_32. 4, 10CrossRef

36.

Kahn, J.: Recent results on some not-so-recent hypergraph matching and covering problems. DIMACS, Center for Discrete Mathematics and Theoretical Computer Science (1991). 23

37.

Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). doi:10.1007/978-3-540-72540-4_7. 4CrossRef

38.

Kilian, J.: Founding cryptography on oblivious transfer. In: 20th ACM STOC, pp. 20–31. ACM Press, May 1988. 4, 12, 22

39.

Kilian, J.: More general completeness theorems for secure two-party computation. In: 32nd ACM STOC, pp. 316–324. ACM Press, May 2000. 4

40.

Kratzke, T., Reznick, B., West, D.: Eigensharp graphs: decomposition into complete bipartite subgraphs. Trans. Am. Math. Soc. 308(2), 637–653 (1988). 23MathSciNetCrossRefMATH

41.

Künzler, R., Müller-Quade, J., Raub, D.: Secure computability of functions in the IT setting with dishonest majority and applications to long-term security. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 238–255. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00457-5_15. 4, 12, 22CrossRef

42.

Kushilevitz, E.: Privacy and communication complexity. In: 30th FOCS, pp. 416–421. IEEE Computer Society Press, October/November 1989. 4, 12, 22

43.

Maji, H.K., Prabhakaran, M., Rosulek, M.: Complexity of multi-party computation problems: the case of 2-party symmetric secure function evaluation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 256–273. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00457-5_16. 4, 12, 22CrossRef

44.

Maji, H.K., Prabhakaran, M., Rosulek, M.: A unified characterization of completeness and triviality for secure function evaluation. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 40–59. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_4. 4CrossRef

45.

Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: Blaze, M. (ed.) Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, 9–13 August 2004, pp. 287–302. USENIX (2004). 4

46.

McNew, N.: Avoiding geometric progressions in the integers, 02 May 2017. https://math.dartmouth.edu/graduate-students/works/2013-14/McNew-GradPosterSession.pdf. 20

47.

Meier, R., Przydatek, B.: On robust combiners for private information retrieval and other primitives. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 555–569. Springer, Heidelberg (2006). doi:10.1007/11818175_33. 10CrossRef

48.

Meier, R., Przydatek, B., Wullschleger, J.: Robuster combiners for oblivious transfer. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 404–418. Springer, Heidelberg (2007). doi:10.1007/978-3-540-70936-7_22. 10CrossRef

49.

Moran, T., Segev, G.: David and Goliath commitments: UC computation for asymmetric parties using tamper-proof hardware. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 527–544. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_30. 4CrossRef

50.

Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_40. 4CrossRef

51.

Nisan, N., Wigderson, A.: On rank vs. communication complexity. Combinatorica 15(4), 557–565 (1995). 23MathSciNetCrossRefMATH

52.

Peck, G.W.: A new proof of a theorem of Graham and Pollak. Discret. Math. 49(3), 327–328 (1984). 23MathSciNetCrossRefMATH

53.

Prabhakaran, V.M., Prabhakaran, M.: Assisted common information. In: 2010 IEEE International Symposium on Information Theory, ISIT Proceedings, Austin, Texas, USA, 13–18 June 2010, pp. 2602–2606. IEEE (2010). 26

54.

Prabhakaran, V.M., Prabhakaran, M.: Assisted common information: further results. In: Kuleshov, A., Blinovsky, V., Ephremides, A. (eds.) 2011 IEEE International Symposium on Information Theory Proceedings, ISIT 2011, St. Petersburg, Russia, 31 July–5 August 2011, pp. 2861–2865. IEEE (2011). 26

55.

Przydatek, B., Wullschleger, J.: Error-tolerant combiners for oblivious primitives. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 461–472. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70583-3_38. 10CrossRef

56.

Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: 21st ACM STOC, pp. 73–85. ACM Press, May 1989. 4

57.

Razborov, A.A.: The gap between the chromatic number of a graph and the rank of its adjacency matrix is superlinear. Discret. Math. 108(1), 393–396 (1992). 23MathSciNetCrossRefMATH

58.

Roth, K.F.: On certain sets of integers. J. Lond. Math. Soc. 1(1), 104–109 (1953). 18, 20MathSciNetCrossRefMATH

59.

Salem, R., Spencer, D.C.: On sets of integers which contain no three terms in arithmetical progression. Proc. Natl. Acad. Sci. 28(12), 561–563 (1942). 19MathSciNetCrossRefMATH

60.

Sanders, T.: On Roth’s theorem on progressions. Ann. Math. 174, 619–636 (2011). 18, 20MathSciNetCrossRefMATH

61.

Szemerédi, E.: Integer sets containing no arithmetic progressions. Acta Math. Hung. 56(1–2), 155–158 (1990). 18, 20MathSciNetCrossRefMATH

62.

Tverberg, H.: On the decomposition of kn into complete bipartite graphs. J. Graph Theory 6(4), 493–494 (1982). 23MathSciNetCrossRefMATH

63.

van Lint, J.H., Wilson, R.M.: A Course in Combinatorics. Cambridge University Press, Cambridge (2001). 23CrossRefMATH

64.

Van Lint, J.H.: \(\{\)0, 1,*\(\}\) distance problems in combinatorics (1985). 23

65.

Vishwanathan, S.: A polynomial space proof of the Graham-Pollak theorem. J. Comb. Theory Ser. A 115(4), 674–676 (2008). 23MathSciNetCrossRefMATH

66.

Vishwanathan, S.: A counting proof of the Graham-Pollak theorem. Discret. Math. 313(6), 765–766 (2013). 23MathSciNetCrossRefMATH

67.

Wolf, S., Wullschleger, J.: New monotones and lower bounds in unconditional two-party computation. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 467–477. Springer, Heidelberg (2005). doi:10.1007/11535218_28. 26CrossRef

68.

Wolf, S., Wullschleger, J.: Oblivious transfer is symmetric. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 222–232. Springer, Heidelberg (2006). doi:10.1007/11761679_14. 4, 8CrossRef

69.

Wyner, A.D.: The common information of two dependent random variables. IEEE Trans. Inf. Theory 21(2), 163–179 (1975). 7, 10, 23, 26, 27MathSciNetCrossRefMATH

70.

Yan, W., Yeh, Y.-N.: A simple proof of Graham and Pollak’s theorem. J. Comb. Theory Ser. A 113(5), 892–893 (2006). 23MathSciNetCrossRefMATH

71.

Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press, November 1982. 4

Titel: Secure Computation Based on Leaky Correlations: High Resilience Setting
verfasst von: Alexander R. Block
Hemanta K. Maji
Hai H. Nguyen
Verlag: Springer International Publishing
Buch: Advances in Cryptology – CRYPTO 2017
Print ISBN: 978-3-319-63714-3

Electronic ISBN: 978-3-319-63715-0

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-63715-0_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"