Showing papers on "Secure two-party computation published in 2003"

On the limitations of universally composable two-party computation without set-up assumptions

Abstract: The recently proposed universally composable (UC) security framework, for analyzing security of cryptographic protocols, provides very strong security guarantees. In particular, a protocol proven secure in this framework is guaranteed to maintain its security even when deployed in arbitrary multi-party, multi-protocol, multi-execution environments. Protocols for securely carrying out essentially any cryptographic task in a universally composable way exist, both in the case of an honest majority (in the plain model, i.e., without set-up assumptions) and in the case of no honest majority (in the common reference string model). However, in the plain model, little was known for the case of no honest majority and, in particular, for the important special case of two-party protocols. We study the feasibility of universally composable two-party function evaluation in the plain model. Our results show that very few functions can be computed in this model so as to provide the UC security guarantees. Specifically, for the case of deterministic functions, we provide a full characterization of the functions computable in this model. (Essentially, these are the functions that depend on at most one of the parties' inputs, and furthermore are "efficiently invertible" in a sense defined within.) For the case of probabilistic functions, we show that the only functions computable in this model are those where one of the parties can essentially uniquely determine the joint output.

Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption

Abstract: We present a new general multiparty computation protocol for the cryptographic scenario which is universally composable — in par- ticular, it is secure against an active and adaptive adversary, corrupting any minority of the parties. The protocol is as efficient as the best known statically secure solutions, in particular the number of bits broadcast (which dominates the complexity) is Ω(nk|C|), where n is the number of parties, k is a security parameter, and |C| is the size of a circuit doing the desired computation. Unlike previous adaptively secure protocols for the cryptographic model, our protocol does not use non-committing en- cryption, instead it is based on homomorphic threshold encryption, in particular the Paillier cryptosystem.

Universally composable efficient multiparty computation from threshold homomorphic encryption

Abstract: We present a new general multiparty computation protocol for the cryptographic scenario which is universally composable - in particular, it is secure against an active and adaptive adversary, corrupting any minority of the parties. The protocol is as efficient as the best known statically secure solutions, in particular the number of bits broadcast (which dominates the complexity) is Ω(nk|C|), where n is the number of parties, k is a security parameter, and |C| is the size of a circuit doing the desired computation. Unlike previous adaptively secure protocols for the cryptographic model, our protocol does not use non-committing encryption, instead it is based on homomorphic threshold encryption, in particular the Paillier cryptosystem.

Fair secure two-party computation

Abstract: We demonstrate a transformation of Yao's protocol for secure two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely The transformation adds additional steps before and after the execution of the original protocol, but does not change it otherwise, and does not use a trusted third party It is based on the use of gradual release timed commitments, which are a new variant of timed commitments, and on a novel use of blind signatures for verifying that the committed values are correct

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation

Abstract: In this paper we show that any two-party functionality can be securely computed in a constant number of rounds , where security is obtained against (polynomial-time) malicious adversaries that may arbitrarily deviate from the protocol specification. This is in contrast to Yao's constant-round protocol that ensures security only in the face of semi-honest adversaries, and to its malicious adversary version that requires a polynomial number of rounds.

Bounded-concurrent secure two-party computation without setup assumptions

Abstract: In this paper we study the feasibility of obtaining protocols for general two-party computation that remain secure under concurrent composition. (A general protocol can be used for obtaining secure computation of any functionality.) We consider a scenario where no trusted setup is assumed (and so, for example, there is no common reference string available to the parties); we call this the "plain model". We present both negative and positive results for this model. Specifically, we show that a general two-party protocol that remains secure for m concurrent executions and can be proven via black-box simulation, must have more than m rounds of communication. An important corollary of this result is that there do not exist protocols for black-box secure general two-party computation for the case of unbounded concurrency (where any polynomial number of concurrent executions may be run). On the positive side, we show that under general cryptographic assumptions, there exist secure protocols for general two-party computation in the model of bounded concurrent composition (in this model the number of concurrent executions is fixed and the protocol design may depend on this number). Our protocol has O(m) rounds of communication, where m is the bound on the number of concurrent executions, and uses both black-box and non black-box techniques. We note that this protocol constitutes the first feasibility result for general two-party computation without setup assumptions for any model of concurrency.

An efficient protocol for Yao's millionaires' problem

Abstract: The increase in volume and sensitivity of data communicated and processed over the Internet has been accompanied by a corresponding need for e-commerce techniques in which entities can participate in a secure and anonymous fashion. Even simple arithmetic operations over a set of integers partitioned over a network require sophisticated algorithms. As apart of our earlier work, we have developed a secure protocol for computing dot products of two vectors. In this paper, we present a secure protocol for Yao's millionaires' problem. In this problem, each of the two participating parties have a number and the objective is to determine whose number is larger without disclosing any information about the numbers. This problem has direct applications in on-line bidding and auctions. Furthermore, combined with a secure dot-product, a solution to this secure multiparty computation provides necessary building blocks for such basic operations as frequent item-set generation in association rule mining. Although an asymptotically optimal solution for the secure multiparty computation of the 'less-or-equal' predicate exists in literature, this protocol is not suited for practical applications. Here, we present a protocol which has a much simpler structure and is more efficient for numbers in ranges practically encountered in typical e-commerce applications. Furthermore, advances in cryptanalysis and the subsequent increase in key lengths for public-key cryptographic systems accentuate the advantage of the proposed protocol. We present experimental evidence demonstrating the efficiency of the proposed protocol both in terms of time and communication overhead.

Bounded-concurrent secure two-party computation in a constant number of rounds

Abstract: We consider the problem of constructing a general protocol for secure two-party computation in a way that preserves security under concurrent composition. In our treatment, we focus on the case where an a-priori bound on the number of concurrent sessions is specified before the protocol is constructed. (a.k.a. bounded concurrency). We make no setup assumptions. Lindel (STOC 2003) has shown that any protocol for bounded-concurrent secure two-party computation, whose security is established via black-box simulation, must have round complexity that is strictly larger than the bound on the number of concurrent sessions. In this paper, we construct a (non black-box) protocol for realizing bounded-concurrent secure two-party computation in a constant number of rounds. Our constructions rely on the existence of enhanced trapdoor permutations, as well as on the existence of hash functions that are collision-resistant against subexponential sized circuits.

Automatic generation of two-party computations

Abstract: We present the design and implementation of a compiler that automatically generates protocols that perform two-party computations. The input to our protocol is the specification of a computation with secret inputs (e.g., a signature algorithm) expressed using operations in the field Zq of integers modulo a prime q and in the multiplicative subgroup of order q in Z*p for q|p-1 with generator g. The output of our compiler is an implementation of each party in a two-party protocol to perform the same computation securely, i.e., so that both parties can together compute the function but neither can alone. The protocols generated by our compiler are provably secure, in that their strength can be reduced to that of the original cryptographic computation via simulation arguments. Our compiler can be applied to various cryptographic primitives (e.g., signature schemes, encryption schemes, oblivious transfer protocols) and other protocols that employ a trusted party (e.g., key retrieval, key distribution).

Leveraging the "Multi" in secure multi-party computation

Abstract: Secure Multi-Party Computation enables parties with private data to collaboratively compute a global function of their private data, without revealing that data. The increase in sensitive data on networked computers, along with improved ability to integrate and utilize that data, make the time ripe for practical secure multi-party computation. This paper surveys approaches to secure multi-party computation, and gives a method whereby an efficient protocol for two parties using an untrusted third party can be used to construct an efficient peer-to-peer secure multi-party protocol.

Completeness in Two-Party Secure Computation - A Computational View

Abstract: A Secure Function Evaluation (SFE) of a two-variable function f(·,·) is a protocol that allows two parties with inputs x and y to evaluate f(x,y) in a manner where neither party learns "more than is necessary". A rich body of work deals with the study of completeness for secure two-party computation. A function f is complete for SFE if a protocol for securely evaluating f allows the secure evaluation of all (efficiently computable) functions. The questions investigated are which functions are complete for SFE, which functions have SFE protocols unconditionally and whether there are functions that are neither complete nor have efficient SFE protocols. The previous study of these questions was mainly conducted from an information theoretic point of view and provided strong answers in the form of combinatorial properties. However, we show that there are major differences between the information theoretic and computational settings. In particular, we show functions that are considered as having SFE unconditionally by the combinatorial criteria but are actually complete in the computational setting. We initiate the fully computational study of these fundamental questions. Somewhat surprisingly, we manage to provide an almost full characterization of the complete functions in this model as well. More precisely, we present a computational criterion (called computational row non-transitivity) for a function f to be complete for the asymmetric case. Furthermore, we show a matching criterion called computational row transitivity for f to have a simple SFE (based on no additional assumptions). This criterion is close to the negation of the computational row non-transitivity and thus we essentially characterize all "nice" functions as either complete or having SFE unconditionally.

Proactive secure message transmission in asynchronous networks

Abstract: We study the problem of secure message transmission among a group of parties in an insecure asynchronous network, where an adversary may repeatedly break into some parties for transient periods of time. A solution for this task is needed in order to use proactive cryptosystems in wide-area networks with loose synchronization. Parties have access to a secure hardware device that stores some cryptographic keys, but can carry out only a very limited set of operations. We provide a formal model of the system, using the framework for asynchronous reactive systems proposed by Pfitzmann and Waidner (Symposium on Security & Privacy, 2001), present a protocol for proactive message transmission, and prove it secure using the composability property of the framework.

Private Computation - k-connected versus 1-connected Networks

Abstract: We study the role of connectivity of communication networks in private computations under information theoretical settings in the honest-but-curious model. We show that some functions can be 1-privately computed even if the underlying network is 1-connected but not 2-connected. Then we give a complete characterisation of non-degenerate functions that can be 1-privately computed on non-2-connected networks. Furthermore, we present a technique for simulating 1-private protocols that work on arbitrary (complete) networks on k-connected networks. For this simulation, at most $(1 - k/(n - 1)) \cdot L$ additional random bits are needed, where L is the number of bits exchanged in the original protocol and n is the number of players. Finally, we give matching lower and upper bounds for the number of random bits needed to compute the parity function on k-connected networks 1-privately, namely $\lceil (n - 2)/(k - 1) \rceil - 1$ random bits for networks consisting of n players.

Efficient multi-party computation over rings

Abstract: Secure multi-party computation (MPC) is an active research area, and a wide range of literature can be found nowadays suggesting improvements and generalizations of existing protocols in various directions. However, all current techniques for secure MPC apply to functions that are represented by (boolean or arithmetic) circuits over finite fields. We are motivated by two limitations of these techniques: - GENERALITY. Existing protocols do not apply to computation over more general algebraic structures (except via a brute-force simulation of computation in these structures). - EFFICIENCY. The best known constant-round protocols do not efficiently scale even to the case of large finite fields. Our contribution goes in these two directions. First, we propose a basis for unconditionally secure MPC over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements. Second, we extend these results to the constant-round setting, and suggest efficiency improvements that are relevant also for the important special case of fields. We demonstrate the usefulness of the above results by presenting a novel application of MPC over (non-field) rings to the round-efficient secure computation of the maximum function.

A Quantitative Approach to Reductions in Secure Computation

Abstract: Secure computation is one of the most fundamental cryptographic tasks. It is known that all functions can be computed securely in the information theoretic setting, given access to a black box for some complete function such as AND. However, without such a black box, not all functions can be securely computed. This gives rise to two types of functions, those that can be computed without a black box (“easy”) and those that cannot (“hard”). However, no further distinction among the hard functions is made.

Protocols for Bounded-Concurrent Secure Two-Party Computation in the Plain Model.

Abstract: Until recently, most research on the topic of secure computation focused on the stand-alone model, where a single protocol execution takes place. In this paper, we construct protocols for the setting of bounded-concurrent self composition, where a (single) secure protocol is run many times concurrently, and there is a predetermined bound on the number of concurrent executions. In short, we show that any two-party functionality can be securely computed under boundedconcurrent self composition, in the plain model (where the only setup assumption made is that the parties communicate via authenticated channels). Our protocol provides the first feasibility result for general two-party computation in the plain model, for any model of concurrency. All previous protocols assumed a trusted setup phase in order to obtain a common reference string. On the downside, the number of rounds of communication in our protocol is super-linear in the bound on the number of concurrent executions. However, we believe that our constructions will lead to more efficient protocols for this task.

Deterministic Secure Direct Communication Using Ping-pong protocol without public channel

Abstract: Based on an EPR pair of qubits and allowing asymptotically secure key distribution, a secure communication protocol is presented. Bob sends either of the EPR pair qubits to Alice. Alice receives the travel qubit. Then she can encode classical information by local unitary operations on this travel qubit. Alice send the qubit back to Bob. Bob can get Alice's information by measurement on the two photons in Bell operator basis. If Eve in line, she has no access to Bob's home qubit. All her operations are restricted to the travel qubit. In order to find out which opeartion Alice performs, Eve's operation must include measurements. The EPR pair qubits are destroyed. Bob's measurement on the two photons in Bell operator basis can help him to judge whether Eve exist in line or not. In this protocal, a public channel is not necessary.

A study of secure multi-party statistical analysis

Abstract: Static analysis is a widely used computation in real life, but the known methods usually require one to know the whole data set. Little work has been conducted to investigate how statistical analysis could be performed in multi-party cooperative environment, where the participants want to conduct statistical analysis on the joint data set, but each participant is concerned about the confidentiality of its own data. In this paper, we have developed protocols for conducting the statistical analysis in secure two-party cooperative environment and cryptography primitives.

Multi-party computation from any linear secret sharing scheme secure against adaptive adversary : the zero-error case

Abstract: We use a general treatment of both information-theoretic and cryptographic settings for Multi-Party Computation (MPC), based on the underlying linear secret sharing scheme Our goal is to study the Monotone Span Program (MSP), which is the result of local multiplication of shares distributed by two given MSPs as well as the access structure that this resulting MSP computes First, we expand the construction proposed by Cramer et al multiplying two different general access structures and we prove some properties of the resulting MSPM Next we expand the definition of multiplicative MSPs and we prove that when one uses dual MSPs only all players together can compute the product, ie, the construction proposed by Cramer et al gives only multiplicative MPC Third, we propose a solution for the strongly multiplicative MPC (in presence of adversary) The knowledge of the resulting MSP and the access structure it computes allows us to build an analog of the algebraic simplification protocol of Gennaro et al We show how to achieve in the computational model MPC secure against adaptive adversary in the zero-error case, through the application of homomorphic commitments There is an open problem how efficiently we can determine Γ the access structure of the resulting MSP M This open problem reflects negatively on the efficiency of the proposed solution

Fair Secure Two-Party Computation Extended Abstract

Abstract: We demonstrate a transformation of Yao's protocol for se- cure two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely. The transformation adds additional steps before and after the execution of the original protocol, but does not change it otherwise, and does not use a trusted third party. It is based on the use of gradual release timed commitments, which are a new variant of timed commitments, and on a novel use of blind signatures for verifying that the committed values are correct.

A critical analysis of models for fault-tolerant and secure computation

Abstract: We consider the problem of fault-tolerant dependable computation with multiple inputs. Although the traditional model assumes that the number of faults is relatively small when the enemy has limited resources, this assumption is unreasonable when some faults may be interdependent. Indeed, a computation system may have several replicated components and the adversary may exploit a common weakness of these so as to cause simultaneous failure. In this paper we introduce models for secure distributed computation with multiple inputs that tolerate dependent faults. In particular, we consider AND/OR graphs with colored vertices and show that they can be used to model dependable computations with an appropriate level of abstraction. We then apply this model to show that fault-tolerant dependable computation with multiple inputs can only be achieved if an appropriate number of color-disjoint solution subgraphs is found. Finding such subgraphs is NP-hard. This is in contrast to the problem of dependable computation with single inputs that requires finding vertex-disjoint paths, for which there is a polynomial time algorithm.

Secure Two-Party Scientific Computations

Abstract: Dr.W.DU has studied three secure two-party scientific computation problems: Linear systems of equations problems,Linear least squares problems and Linear programming problems.And he points out:there are some other interesting scientific computation problems that need to be studied,such as secure compute eigenvalues,eigenvales,eigenvectors,determinants,conditions,and factorization of a matrix.In this paper,the authors have been studied two scientific computation problems:eigenvalues and eigenvectora of matrix in secure two-party computation situation.Some secure two-party scientific computation protocols are given.

CSFS : a secure file system

Abstract: In the twenty-first century, people are accustomed to using computers to deal with their daily work and personal affairs. However, in an increasing number of computer applications in various fields, the security issue has become very important. By "secure", we mean secrecy and tampering detection. Therefore, the issue of how to guaranty the security of computer applications comes up naturally. We need more secure and dependable software systems to provide stronger protection of our sensitive data. This thesis presents CINDI Secure File System (CSFS), which is based on the implementation of two secure systems. One is a simple Secure Database Management System (SGDBM), which deal with data and metadata uniformly. The Secure DBMS is based on the GNU Database Management System (GDBM) in Linux. The GDBM is transformed to be a secure database system by embedding encryption and hashing. The other is a Secure File System that is based on SGDBM previously mentioned. CSFS uses the SGDBM to store file passwords for the encrypted files. It provides a number of commands, which can be used in the same way as other basic commands in Linux, and a simple GUI application for the secure file operations.

Brief announcement: impossibility results for concurrent secure two-party computation

Abstract: This brief announcement describes two impossibility results regarding the concurrent composition of secure two-party protocols in the plain model (i.e., where no setup assumption like a common reference string is assumed). In the setting of two-party computation, two parties wish to jointly compute some function of their private inputs. Loosely speaking, the security requirements are that nothing is learned from the protocol other than the output (privacy), and that the output is distributed according to the prescribed functionality (correctness). These requirements must also hold in the face of malicious adversarial behavior. Powerful feasibility results have been shown for this problem, demonstrating that any two-party probabilistic polynomial-time functionality can be securely computed [5, 2]. However, these feasibility results relate only to the standalone setting, where a single pair of parties run a single execution. A more general (and realistic) setting relates to the case that many protocol executions are run simultaneously (or composed) in a network. Unfortunately, the security of a protocol in the stand-alone setting does not imply its security under composition. Therefore, an important research goal is to reexamine the feasibility of secure computation in this setting. In this announcement, we consider the feasibility of obtaining security under concurrent composition where the scheduling of the protocol executions, including when they start and the rate at which they proceed, is maliciously determined by the adversary. We distinguish between two types of composition, where the distinction relates to the question of which protocols are being run together in the network, or in other words, with which protocols should the protocol in question compose. The first type, called self composition considers the case where a single protocol is executed many times in a network. We stress that in this setting, there is only one protocol that is being run. The second type, called general composition considers the case where many different protocols are run together in the network. Furthermore, these protocols may have been designed independently of one another. There is a crucial difference between self and general composition. In self composition, the protocol designer has control over everything that is being run in the network. However, in general composition, the protocol designer has no control whatsoever over the other protocols being run (indeed, these protocols may even have been designed mall-

Using Evidence for Trust Computation

Abstract: Trust can have its life-cycle and we can model it and utilize it for establishing secure environment for mobile environments. We assume that entities in the collaborating environment are mobile. It is not possible to perform entity enrollment. There is no globally trusted third party. Usual authentication mechanisms can not be used. We propose use of trust based on principal behaviour observations. The overall model has been devised with the SECURE project. The article makes a brief overview of the model and proposes speciflc approach for computation of trust values from observations. The method to be introduced is based on Dempster-Shafer theory of conflrmation.