Click here to load reader

GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University

  • View
    213

  • Download
    0

Embed Size (px)

Text of GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman...

More Efficient and Secure Two-party Computation

Garbled Circuits Checking Garbled Circuits More efficient and Secure Two-Party Computation Payman Mohassel Ben Riva University of Calgary Tel Aviv University1 Secure Two-Party ComputationPrivacy: Only learn the outputCorrectness: Learn the intended function2Contributions2PC with low overheadInputconsistency checkTwo-output functions

New DefinitionStrengthen covert adversariesBetter efficiency/security trade-off for practiceProtocols meeting the definition

Garbled Circuit

seedEval( )44 Useful Properties55 Malicious 2PC Cut-and-ChooseOpenEvaluateMajorityAre all inputs the same?Is the output correct?Question Question 6 1) Is the output correct?OpenEvaluateMajoritySend GOs as proof7 2) Is the output correct?OpenEvaluateMajorityUse same output labels in all circuits8 3) Is the output correct?OpenEvaluateMajority9 Extensions10 Covert 2PCWhat about cost/pay for honest party?Question cost/pay for malicious party11 All-or-Nothing Security A Stronger DefinitionIncrease the pay-off (of learning correct output)Orthogonal to MPC

Reduce the cost of being cheated on!By strengthening the security definition

CovIDA Security Dual-Ex 2PCYes/noYes/noCorrectness prob. = 1-neg(k)Leakage prob. = 1Bad circuitDifferent inputs15 Dual-Ex + Covert 2PCYes/noYes/noCorrectness prob. = 1-neg(k)Leakage prob. = 1Bad circuitDifferent inputs Dual-Ex + Covert 2PC Are inputs the Same? Malicious 2PCUse same OT for xLinear in s symmetric-keyOps for input-consistency (using OT extension)Questions?

Search related