Showing papers on "Secure multi-party computation published in 2010"

TASTY: tool for automating secure two-party computations

Abstract: Secure two-party computation allows two untrusting parties to jointly compute an arbitrary function on their respective private inputs while revealing no information beyond the outcome. Existing cryptographic compilers can automatically generate secure computation protocols from high-level specifications, but are often limited in their use and efficiency of generated protocols as they are based on either garbled circuits or (additively) homomorphic encryption only.In this paper we present TASTY, a novel tool for automating, i.e., describing, generating, executing, benchmarking, and comparing, efficient secure two-party computation protocols. TASTY is a new compiler that can generate protocols based on homomorphic encryption and efficient garbled circuits as well as combinations of both, which often yields the most efficient protocols available today. The user provides a high-level description of the computations to be performed on encrypted data in a domain-specific language. This is automatically transformed into a protocol. TASTY provides most recent techniques and optimizations for practical secure two-party computation with low online latency. Moreover, it allows to efficiently evaluate circuits generated by the well-known Fairplay compiler.We use TASTY to compare protocols for secure multiplication based on homomorphic encryption with those based on garbled circuits and highly efficient Karatsuba multiplication. Further, we show how TASTY improves the online latency for securely evaluating the AES functionality by an order of magnitude compared to previous software implementations. TASTY allows to automatically generate efficient secure protocols for many privacy-preserving applications where we consider the use cases for private set intersection and face recognition protocols.

SEPIA: privacy-preserving aggregation of multi-domain network events and statistics

Abstract: Secure multiparty computation (MPC) allows joint privacy-preserving computations on data of multiple parties. Although MPC has been studied substantially, building solutions that are practical in terms of computation and communication cost is still a major challenge. In this paper, we investigate the practical usefulness of MPC for multi-domain network security and monitoring. We first optimize MPC comparison operations for processing high volume data in near real-time. We then design privacy-preserving protocols for event correlation and aggregation of network traffic statistics, such as addition of volume metrics, computation of feature entropy, and distinct item count. Optimizing performance of parallel invocations, we implement our protocols along with a complete set of basic operations in a library called SEPIA. We evaluate the running time and bandwidth requirements of our protocols in realistic settings on a local cluster as well as on PlanetLab and show that they work in near real-time for up to 140 input providers and 9 computation nodes. Compared to implementations using existing general-purpose MPC frameworks, our protocols are significantly faster, requiring, for example, 3 minutes for a task that takes 2 days with general-purpose frameworks. This improvement paves the way for new applications of MPC in the area of networking. Finally, we run SEPIA's protocols on real traffic traces of 17 networks and show how they provide new possibilities for distributed troubleshooting and early anomaly detection.

Efficient Secure Two-Party Protocols: Techniques and Constructions

Abstract: The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation both general constructions that can be used to securely compute any functionality, and protocols for specific problems of interest. The book focuses on techniques for constructing efficient protocols and proving them secure. In addition, the authors study different definitional paradigms and compare the efficiency of protocols achieved under these different definitions.The book opens with a general introduction to secure computation and then presents definitions of security for a number of different adversary models and definitional paradigms. In the second part, the book shows how any functionality can be securely computed in an efficient way in the presence of semi-honest, malicious and covert adversaries. These general constructions provide a basis for understanding the feasibility of secure computation, and they are a good introduction to design paradigms and proof techniques for efficient protocols. In the final part, the book presents specific constructions of importance. The authors begin with an in-depth study of sigma protocols and zero knowledge, focusing on secure computation, and they then provide a comprehensive study of the fundamental oblivious transfer function. Starting from protocols that achieve privacy only, they show highly efficient constructions that achieve security in the presence of malicious adversaries for both a single and multiple batch executions. Oblivious pseudorandom function evaluation is then presented as an immediate application of oblivious transfer. Finally, the book concludes with two examples of high-level protocol problems that demonstrate how specific properties of a problem can be exploited to gain high efficiency: securely computing the kth-ranked element, and secure database and text search. This book is essential for practitioners and researchers in the field of secure protocols, particularly those with a focus on efficiency, and for researchers in the area of privacy-preserving data mining. This book can also be used as a textbook for an advanced course on secure protocols.This book is essential for practitioners and researchers in the field of secure protocols, particularly those with a focus on efficiency, and for researchers in the area of privacy-preserving data mining. This book can also be used as a textbook for an advanced course on secure protocols.This book is essential for practitioners and researchers in the field of secure protocols, particularly those with a focus on efficiency, and for researchers in the area of privacy-preserving data mining. This book can also be used as a textbook for an advanced course on secure protocols.

SCiFI - A System for Secure Face Identification

Abstract: We introduce SCiFI, a system for Secure Computation of Face Identification. The system performs face identification which compares faces of subjects with a database of registered faces. The identification is done in a secure way which protects both the privacy of the subjects and the confidentiality of the database. A specific application of SCiFI is reducing the privacy impact of camera based surveillance. In that scenario, SCiFI would be used in a setting which contains a server which has a set of faces of suspects, and client machines which might be cameras acquiring images in public places. The system runs a secure computation of a face recognition algorithm, which identifies if an image acquired by a client matches one of the suspects, but otherwise reveals no information to neither of the parties. Our work includes multiple contributions in different areas: A new face identification algorithm which is unique in having been specifically designed for usage in secure computation. Nonetheless, the algorithm has face recognition performance comparable to that of state of the art algorithms. We ran experiments which show the algorithm to be robust to different viewing conditions, such as illumination, occlusions, and changes in appearance (like wearing glasses). A secure protocol for computing the new face recognition algorithm. In addition, since our goal is to run an actual system, considerable effort was made to optimize the protocol and minimize its online latency. A system - SCiFI, which implements a secure computation of the face identification protocol. Experiments which show that the entire system can run in near real-time: The secure computation protocol performs a preprocessing of all public-key cryptographic operations. Its online performance therefore mainly depends on the speed of data communication, and our experiments show it to be extremely efficient.

From secrecy to soundness: efficient verification via secure computation

Abstract: We study the problem of verifiable computation (VC) in which a computationally weak client wishes to delegate the computation of a function f on an input x to a computationally strong but untrusted server. We present new general approaches for constructing VC protocols, as well as solving the related problems of program checking and self-correcting. The new approaches reduce the task of verifiable computation to suitable variants of secure multiparty computation (MPC) protocols. In particular, we show how to efficiently convert the secrecy property of MPC protocols into soundness of a VC protocol via the use of a message authentication code (MAC). The new connections allow us to apply results from the area of MPC towards simplifying, unifying, and improving over previous results on VC and related problems. In particular, we obtain the following concrete applications: (1) The first VC protocols for arithmetic computations which only make a black-box use of the underlying field or ring; (2) a non-interactive VC protocol for boolean circuits in the preprocessing model, conceptually simplifying and improving the online complexity of a recent protocol of Gennaro et al. (Cryptology ePrint Archive: Report 2009/547); (3) NC0 self-correctors for complete languages in the complexity class NC1 and various log-space classes, strengthening previous AC0 correctors of Goldwasser et al. (STOC 2008).

Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries

Abstract: In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their private inputs. The computation should be carried out in a secure way, meaning that no coalition of corrupted parties should be able to learn more than specified or somehow cause the result to be “incorrect.” Typically, corrupted parties are either assumed to be semi-honest (meaning that they follow the protocol specification) or malicious (meaning that they may deviate arbitrarily from the protocol). However, in many settings, the assumption regarding semi-honest behavior does not suffice and security in the presence of malicious adversaries is excessive and expensive to achieve. In this paper, we introduce the notion of covert adversaries, which we believe faithfully models the adversarial behavior in many commercial, political, and social settings. Covert adversaries have the property that they may deviate arbitrarily from the protocol specification in an attempt to cheat, but do not wish to be “caught” doing so. We provide a definition of security for covert adversaries and show that it is possible to obtain highly efficient protocols that are secure against such adversaries. We stress that in our definition, we quantify over all (possibly malicious) adversaries and do not assume that the adversary behaves in any particular way. Rather, we guarantee that if an adversary deviates from the protocol in a way that would enable it to “cheat” (meaning that it can achieve something that is impossible in an ideal model where a trusted party is used to compute the function), then the honest parties are guaranteed to detect this cheating with good probability. We argue that this level of security is sufficient in many settings.

Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage

Abstract: In recent years, there has been a major effort to design cryptographic schemes that remain secure even when arbitrary information about the secret key is leaked (e.g., via side-channel attacks). We explore the possibility of achieving security under \emph{continual} leakage from the \emph{entire} secret key by designing schemes in which the secret key is updated over time. In this model, we construct public-key encryption schemes, digital signatures, and identity-based encryption schemes that remain secure even if an attacker can leak a constant fraction of the secret memory (including the secret key) in each time period between key updates. We also consider attackers who may probe the secret memory during the updates themselves. We stress that we allow unrestricted leakage, without the assumption that ``only computation leaks information''. Prior to this work, constructions of public-key encryption schemes secure under continual leakage were not known even under this assumption.

Secure computation with fixed-point numbers

Abstract: Secure computation is a promising approach to business problems in which several parties want to run a joint application and cannot reveal their inputs. Secure computation preserves the privacy of input data using cryptographic protocols, allowing the parties to obtain the benefits of data sharing and at the same time avoid the associated risks. These business applications need protocols that support all the primitive data types and allow secure protocol composition and efficient application development. Secure computation with rational numbers has been a challenging problem. We present in this paper a family of protocols for multiparty computation with rational numbers using fixed-point representation. This approach offers more efficient solutions for secure computation than other usual representations.

Perfectly secure multiparty computation and the computational overhead of cryptography

Abstract: We study the following two related questions: What are the minimal computational resources required for general secure multiparty computation in the presence of an honest majority? What are the minimal resources required for two-party primitives such as zero-knowledge proofs and general secure two-party computation? We obtain a nearly tight answer to the first question by presenting a perfectly secure protocol which allows n players to evaluate an arithmetic circuit of size s by performing a total of $\mathcal{O}(s\log s\log^2 n)$ arithmetic operations, plus an additive term which depends (polynomially) on n and the circuit depth, but only logarithmically on s Thus, for typical large-scale computations whose circuit width is much bigger than their depth and the number of players, the amortized overhead is just polylogarithmic in n and s The protocol provides perfect security with guaranteed output delivery in the presence of an active, adaptive adversary corrupting a (1/3−e) fraction of the players, for an arbitrary constant e>0 and sufficiently large n The best previous protocols in this setting could only offer computational security with a computational overhead of poly(k,logn,logs), where k is a computational security parameter, or perfect security with a computational overhead of $\mathcal{O}(n\log n)$ We then apply the above result towards making progress on the second question Concretely, under standard cryptographic assumptions, we obtain zero-knowledge proofs for circuit satisfiability with 2−k soundness error in which the amortized computational overhead per gate is only polylogarithmic in k, improving over the ω(k) overhead of the best previous protocols Under stronger cryptographic assumptions, we obtain similar results for general secure two-party computation

Founding cryptography on tamper-proof hardware tokens

Abstract: A number of works have investigated using tamper-proof hardware tokens as tools to achieve a variety of cryptographic tasks. In particular, Goldreich and Ostrovsky considered the problem of software protection via oblivious RAM. Goldwasser, Kalai, and Rothblum introduced the concept of one-time programs: in a one-time program, an honest sender sends a set of simple hardware tokens to a (potentially malicious) receiver. The hardware tokens allow the receiver to execute a secret program specified by the sender’s tokens exactly once (or, more generally, up to a fixed t times). A recent line of work initiated by Katz examined the problem of achieving UC-secure computation using hardware tokens. Motivated by the goal of unifying and strengthening these previous notions, we consider the general question of basing secure computation on hardware tokens. We show that the following tasks, which cannot be realized in the “plain” model, become feasible if the parties are allowed to generate and exchange tamper-proof hardware tokens. Unconditional and non-interactive secure computation. We show that by exchanging simple stateful hardware tokens, any functionality can be realized with unconditional security against malicious parties. In the case of two-party functionalities f(x,y) which take their inputs from a sender and a receiver and deliver their output to the receiver, our protocol is non-interactive and only requires a unidirectional communication of simple stateful tokens from the sender to the receiver. This strengthens previous feasibility results for one-time programs both by providing unconditional security and by offering general protection against malicious senders. As is typically the case for unconditionally secure protocols, our protocol is in fact UC-secure. This improves over previous works on UC-secure computation based on hardware tokens, which provided computational security under cryptographic assumptions. Interactive secure computation from stateless tokens based on one-way functions. We show that stateless hardware tokens are sufficient to base general secure (in fact, UC-secure) computation on the existence of one-way functions. Obfuscation from stateless tokens. We consider the problem of realizing non-interactive secure computation from stateless tokens for functionalities which allow the receiver to provide an arbitrary number of inputs (these are the only functionalities one can hope to realize non-interactively with stateless tokens). By building on recent techniques for resettably secure computation, we obtain a general positive result under standard cryptographic assumptions. This gives the first general feasibility result for program obfuscation using stateless tokens, while strengthening the standard notion of obfuscation by providing security against a malicious sender.

Improved primitives for secure multiparty integer computation

Abstract: We consider a collection of related multiparty computation protocols that provide core operations for secure integer and fixed-point computation. The higher-level protocols offer integer truncation and comparison, which are typically the main performance bottlenecks in complex applications. We present techniques and building blocks that allow to improve the efficiency of these protocols, in order to meet the performance requirements of a broader range of applications. The protocols can be constructed using different secure computation methods. We focus on solutions for multiparty computation using secret sharing.

Fast secure computation of set intersection

Abstract: A secure set intersection protocol between sender S and receiver R on respective inputs X and Y s.t. |X|, |Y| ≤ n, allows R to learn X ∩ Y while S learns nothing about R's inputs. In other words it is a secure computation of functionality FSIn×n : (X, Y) → (⊥,X ∩ Y ) on sets of size at most n. A variant we call adaptive set intersection implements an interactive version of this functionality, which on senders S's input X allows the receiver R to adaptively make up to n queries yi and learn whether or not yi ∈ X. We show that a simple protocol using |X|+4|Y| modular exponentiations and one round of interaction is a secure computation of the adaptive set intersection functionality against malicious adversaries in the Random Oracle Model (ROM) under a One-More Gap Diffie-Hellman (OMGDH) assumption, i.e. assuming the One-More Diffie-Hellman problem is hard even when the DDH problem is easy. Even though the protocol has only a single round, the corresponding ideal functionality is adaptive because receiver's queries are efficiently extractable only eventually, rather than during protocol execution. However, under the OMGDH assumption in ROM the set of queries any efficient receiver can make is committed at the time of protocol execution, and hence no efficient adversary can benefit from the adaptive feature of this functionality. Finally we show that this protocol easily extends to Set Intersection with Data Transfer, which is equivalent to the "Keyword Search" problem, where sender S associates each item xi in X with a data entry di, and R learns all (xi, di) pairs such that xi ∈ Y.

Founding Cryptography on Tamper-Proof Hardware Tokens.

Abstract: A number of works have investigated using tamper-proof hardware tokens as tools to achieve a variety of cryptographic tasks. In particular, Goldreich and Ostrovsky considered the goal of software protection via oblivious RAM. Goldwasser, Kalai, and Rothblum introduced the concept of one-time programs: in a one-time program, an honest sender sends a set of simple hardware tokens to a (potentially malicious) receiver. The hardware tokens allow the receiver to execute a secret program specified by the sender’s tokens exactly once (or, more generally, up to a fixed t times). A recent line of work initiated by Katz examined the problem of achieving UC-secure computation using hardware tokens. Motivated by the goal of unifying and strengthening these previous notions, we consider the general question of basing secure computation on hardware tokens. We show that the following tasks, which cannot be realized in the “plain” model, become feasible if the parties are allowed to generate and exchange tamper-proof hardware tokens. • Unconditional non-interactive secure computation. We show that by exchanging simple stateful hardware tokens, any functionality can be realized with unconditional security against malicious parties. In the case of two-party functionalities f(x, y) which take their inputs from a sender and a receiver and deliver their output to the receiver, our protocol is non-interactive and only requires a unidirectional communication of simple stateful tokens from the sender to the receiver. This strengthens previous feasibility results for one-time programs both by providing unconditional security and by offering general protection against malicious senders. As is typically the case for unconditionally secure protocols, our protocol is in fact UCsecure. This improves over previous works on UC-secure computation based on hardware tokens, which provided computational security under cryptographic assumptions. • Interactive Secure computation from stateless tokens based on one-way functions. We show that stateless hardware tokens are sufficient to base general secure (in fact, UC-secure) computation on the existence of one-way functions. One cannot hope for security against unbounded adversaries with stateless tokens since an unbounded adversary could query the token multiple times to “learn” the functionality it contains. • Non-interactive secure computation from stateless tokens. We consider the problem of designing noninteractive secure computation from stateless tokens for stateless oblivious reactive functionalities, i.e., reactive functionalities which allow unlimited queries from the receiver (these are the only functionalities one can hope to realize non-interactively with stateless tokens). By building on recent techniques from resettably secure computation, we give a general positive result for stateless oblivious reactive functionalities under standard cryptographic assumption. This result generalizes the notion of (unlimited-use) obfuscation by providing security against a malicious sender, and also provides the first general feasibility result for program obfuscation using stateless tokens.

Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification

Abstract: We present round-efficient protocols for secure multi-party computation with a dishonest majority that rely on black-box access to the underlying primitives. Our main contributions are as follows: * a O(log^∗ n)-round protocol that relies on black-box access to dense cryptosystems, homomorphic encryption schemes, or lossy encryption schemes. This improves upon the recent O(1)^{log∗ n} -round protocol of Lin, Pass and Venkitasubramaniam (STOC 2009) that relies on non-black-box access to a smaller class of primitives. * a O(1)-round protocol requiring in addition, black-box access to a one-way function with sub-exponential hardness, improving upon the recent work of Pass and Wee (Euro crypt 2010). These are the first black-box constructions for secure computation with sub linear round complexity. Our constructions build on and improve upon the work of Lin and Pass (STOC 2009) on non-malleability amplification, as well as that of Ishai et al. (STOC 2006) on black-box secure computation. In addition to the results on secure computation, we also obtain a simple construction of a O(log^∗ n)-round non-malleable commitment scheme based on one-way functions, improving upon the recent O(1)^{log∗ n}-round protocol of Lin and Pass (STOC 2009). Our construction uses a novel transformation for handling arbitrary man-in-the-middle scheduling strategies which improves upon a previous construction of Barak (FOCS 2002).

Secure text processing with applications to private DNA matching

Abstract: Motivated by the problem of private DNA matching, we consider the design of efficient protocols for secure text processing. Here, informally, a party P1 holds a text T and a party P2 holds a pattern p and some additional information y, and P2 wants to learn {f(T,j,y)} for all locations j where p is found as a substring in T. (In particular, this generalizes the basic pattern matching problem.) We aim for protocols with full security against a malicious P2 that also preserve privacy against a malicious P1 (i.e., one-sided security). We show how to modify Yao's garbled circuit approach to obtain a protocol where the size of the garbled circuit is linear in the number of occurrences of p in T (rather than linear in $|T|$). Along the way we show a new keyword search protocol that may be of independent interest.

Secure multiparty linear programming using fixed-point arithmetic

Abstract: Collaborative optimization problems can often be modeled as a linear program whose objective function and constraints combine data from several parties. However, important applications of this model (e.g., supply chain planning) involve private data that the parties cannot reveal to each other. Traditional linear programming methods cannot be used in this case. The problem can be solved using cryptographic protocols that compute with private data and preserve data privacy. We present a practical solution using multiparty computation based on secret sharing. The linear programming protocols use a variant of the simplex algorithm and secure computation with fixed-point rational numbers, optimized for this type of application. We present the main protocols as well as performance measurements for an implementation of our solution.

Eavesdropping in a quantum secret sharing protocol based on Grover algorithm and its solution

Abstract: A detailed analysis has showed that the quantum secret sharing protocol based on the Grover algorithm (Phys Rev A, 2003, 68: 022306) is insecure. A dishonest receiver may obtain the full information without being detected. A quantum secret-sharing protocol is presents here, which mends the security loophole of the original secret-sharing protocol, and doubles the information capacity.

Secure multiparty computation with minimal interaction

Abstract: We revisit the question of secure multiparty computation (MPC) with two rounds of interaction. It was previously shown by Gennaro et al. (Crypto 2002) that 3 or more communication rounds are necessary for general MPC protocols with guaranteed output delivery, assuming that there may be t ≥ 2 corrupted parties. This negative result holds regardless of the total number of parties, even if broadcast is allowed in each round, and even if only fairness is required. We complement this negative result by presenting matching positive results. Our first main result is that if only one party may be corrupted, then n ≥ 5 parties can securely compute any function of their inputs using only two rounds of interaction over secure point-to-point channels (without broadcast or any additional setup). The protocol makes a black-box use of a pseudorandom generator, or alternatively can offer unconditional security for functionalities in NC1. We also prove a similar result in a client-server setting, where there are m ≥ 2 clients who hold inputs and should receive outputs, and n additional servers with no inputs and outputs. For this setting, we obtain a general MPC protocol which requires a single message from each client to each server, followed by a single message from each server to each client. The protocol is secure against a single corrupted client and against coalitions of t < n/3 corrupted servers. The above protocols guarantee output delivery and fairness. Our second main result shows that under a relaxed notion of security, allowing the adversary to selectively decide (after learning its own outputs) which honest parties will receive their (correct) output, there is a general 2-round MPC protocol which tolerates t < n/3 corrupted parties. This protocol relies on the existence of a pseudorandom generator in NC1 (which is implied by standard cryptographic assumptions), or alternatively can offer unconditional security for functionalities in NC1.

A novel visual secret sharing scheme for multiple secrets without pixel expansion

Abstract: The main concept of the original visual secret sharing (VSS) scheme is to encrypt a secret image into n meaningless share images. It cannot leak any information of the shared secret by any combination of the n share images except for all of images. The shared secret image can be revealed by printing the share images on transparencies and stacking the transparencies directly, so that the human visual system can recognize the shared secret image without using any devices. The visual secrets sharing scheme for multiple secrets (called VSSM scheme) is intended to encrypt more than one secret image into the same quantity of share images to increase the encryption capacity compared with the original VSS scheme. However, all presented VSSM schemes utilize a pre-defined pattern book with pixel expansion to encrypt secret images into share images. In general, it leads to at least 2x times pixel expansion on the share images by any one of the VSSM schemes. Thus, the pixel expansion problem becomes more serious for sharing multiple secrets. This is neither a practical nor the best solution for increasing the number of secret sharing images. In this paper, we propose a novel VSSM scheme that can share two binary secret images on two rectangular share images with no pixel expansion. The experimental results show that the proposed approach not only has no pixel expansion, but also has an excellent recovery quality for the secret images. As our best knowledge, this is the first approach that can share multiple visual secret images without pixel expansion.

A Distributed k-Secure Sum Protocol for Secure Multi-Party Computations

Abstract: Secure sum computation of private data inputs is an interesting example of Secure Multiparty Computation (SMC) which has at- tracted many researchers to devise secure protocols with lower probability of data leakage. In this paper, we provide a novel protocol to com- pute the sum of individual data inputs with zero probability of data leakage when two neighbor parties collude to know the data of a middle party. We break the data block of each party into number of segments and redistribute the segments among parties before the computation. These entire steps create a scenario in which it becomes impossible for semi honest parties to know the private data of some other party.

Unconditionally secure social secret sharing scheme

Abstract: The authors introduce the notion of a ‘social secret sharing scheme’, in which shares are allocated based on a player's reputation and the way he/she interacts with other participants. During the social tuning phase, weights of players are adjusted such that participants who cooperate will end up with more shares than those who defect. Alternatively, newcomers are able to be enrolled in the scheme while corrupted players are disenrolled immediately. In other words, this scheme proactively renews shares at each cycle without changing the secret, and allows trusted participants to gain more authority. The motivation is that, in real-world applications, components of a secure scheme may have different levels of importance (i.e. the number of shares a player has) as well as reputation (i.e. cooperation with other players for the share renewal or secret recovery). Therefore a good construction should balance these two factors, respectively. In the proposed schemes, both the passive and active mobile adversaries are considered in an unconditionally secure setting.

Secure multiparty computation

Abstract: Keith B. Frikken Miami University 14.

Efficient privacy preserving k-means clustering

Abstract: This paper introduces an efficient privacy-preserving protocol for distributed K-means clustering over an arbitrary partitioned data, shared among N parties. Clustering is one of the fundamental algorithms used in the field of data mining. Advances in data acquisition methodologies have resulted in collection and storage of vast quantities of user’s personal data. For mutual benefit, organizations tend to share their data for analytical purposes, thus raising privacy concerns for the users. Over the years, numerous attempts have been made to introduce privacy and security at the expense of massive additional communication costs. The approaches suggested in the literature make use of the cryptographic protocols such as Secure Multiparty Computation (SMC) and/or homomorphic encryption schemes like Paillier’s encryption. Methods using such schemes have proven communication overheads. And in practice are found to be slower by a factor of more than 106. In light of the practical limitations posed by privacy using the traditional approaches, we explore a paradigm shift to side-step the expensive protocols of SMC. In this work, we use the paradigm of secret sharing, which allows the data to be divided into multiple shares and processed separately at different servers. Using the paradigm of secret sharing, allows us to design a provably-secure, cloud computing based solution which has negligible communication overhead compared to SMC and is hence over a million times faster than similar SMC based protocols.

Secure multiparty AES

Abstract: We propose several variants of a secure multiparty computation protocol for AES encryption The best variant requires $2200 + {{400}\over{255}}$ expected elementary operations in expected $70 + {{20}\over{255}}$ rounds to encrypt one 128-bit block with a 128-bit key We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC) Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds We also argue that this result could be improved by an optimized implementation

On secret sharing schemes, matroids and polymatroids

Abstract: The complexity of a secret sharing scheme is defined as the ratio between the maximum length of the shares and the length of the secret. The optimization of this parameter for general access structures is an important and very difficult open problem in secret sharing. We explore in this paper the connections of this open problem with matroids and polymatroids. Matroid ports were introduced by Lehman in 1964. A forbidden minor characterization of matroid ports was given by Seymour in 1976. These results precede the invention of secret sharing by Shamir in 1979. Important connections between ideal secret sharing schemes and matroids were discovered by Brickell and Davenport in 1991. Their results can be restated as follows: every ideal secret sharing scheme defines a matroid, and its access structure is a port of that matroid. Our main result is a lower bound on the optimal complexity of access structures that are not matroid ports. Namely, by using the aforementioned characterization of matroid ports by Seymour, we generalize the result by Brickell and Davenport by proving that, if the length of every share in a secret sharing scheme is less than 3/2 times the length of the secret, then its access structure is a matroid port. This generalizes and explains a phenomenon that was observed in several families of access structures. In addition, we introduce a new parameter to represent the best lower bound on the optimal complexity that can be obtained by taking into account that the joint Shannon entropies of a set of random variables define a polymatroid. We prove that every bound that is obtained by this technique for an access structure applies to its dual as well. Finally, we present a construction of linear secret sharing schemes for the ports of the Vamos and the non-Desargues matroids. In this way new upper bounds on their optimal complexity are obtained, which are a contribution on the search of access structures whose optimal complexity lies between 1 and 3/2.

Interactive locking, zero-knowledge PCPs, and unconditional cryptography

Abstract: Motivated by the question of basing cryptographic protocols on stateless tamper-proof hardware tokens, we revisit the question of unconditional two-prover zero-knowledge proofs for NP. We show that such protocols exist in the interactive PCP model of Kalai and Raz (ICALP '08), where one of the provers is replaced by a PCP oracle. This strengthens the feasibility result of Ben-Or, Goldwasser, Kilian, and Wigderson (STOC '88) which requires two stateful provers. In contrast to previous zero-knowledge PCPs of Kilian, Petrank, and Tardos (STOC '97), in our protocol both the prover and the PCP oracle are efficient given an NP witness. Our main technical tool is a new primitive that we call interactive locking, an efficient realization of an unconditionally secure commitment scheme in the interactive PCP model. We implement interactive locking by adapting previous constructions of interactive hashing protocols to our setting, and also provide a direct construction which uses a minimal amount of interaction and improves over our interactive hashing based constructions. Finally, we apply the above results towards showing the feasibility of basing unconditional cryptography on stateless tamper-proof hardware tokens, and obtain the following results. (1) We show that if tokens can be used to encapsulate other tokens, then there exist unconditional and statistically secure (in fact, UC secure) protocols for general secure computation. (2) Even if token encapsulation is not possible, there are unconditional and statistically secure commitment protocols and zero-knowledge proofs for NP. (3) Finally, if token encapsulation is not possible, then no protocol can realize statistically secure oblivious transfer.

Secure RFID application data management using all-or-nothing transform encryption

Abstract: Ensuring the security of RFID's large-capacity database system by depending only on existing encryption schemes is unrealistic. Therefore, data sharing for security management to supplement it is drawing attention as an extremely secure scheme. However, applying the existing secret sharing scheme to this method makes the size of the share equal to that of the original data. Thus, it is not suitable for application to large-scale database. This paper proposes secret sharing algorithms that enable efficient data sharing security management based on the characteristics of the All-Or-Nothing Transform encryption mode. The proposed algorithms enable fast sharing and reconstruction in terms of processing speed and allow the sum of shares to be equal to that of the plaintext, thereby making them suitable for large-capacity database storage.

Secure Iris Authentication Using Visual Cryptography

Abstract: Biometrics deal with automated methods of identifying a person or verifying the identity of a person based on physiological or behavioral characteristics. Visual cryptography is a secret sharing scheme where a secret image is encrypted into the shares which independently disclose no information about the original secret image. As biometric template are stored in the centralized database, due to security threats biometric template may be modified by attacker. If biometric template is altered authorized user will not be allowed to access the resource. To deal this issue visual cryptography schemes can be applied to secure the iris template. Visual cryptography provides great means for helping such security needs as well as extra layer of authentication.