Yu Yu,Jussipekka Leiwo,Benjamin Premkumar

DOI: https://doi.org/10.1007/11599548_19

2005-01-01

Abstract:Alice and Bob with their private inputs xn and yn respectively, want to compute fn(xn, yn) for some publicly known function fn without disclosing information regarding their private inputs more than what can be inferred from fn(xn, yn). This problem is referred to as a secure two-party computation and Yao proposed a solution to privately compute fn using garbled circuits. In this paper, we improve the efficiency of circuit by hardwiring the input of Alice in the circuit without compromising privacy. Using a typical two-party computation problem, namely, the Millionaire Problem, we show that our method reduces circuit size significantly specially for circuits whose fan-in is bounded by 2. We also show that the protocol using the reduced circuit is provably secure.

Osman Biçer

DOI: https://doi.org/10.48550/arXiv.1703.03473

2017-03-10

Abstract:The advance of cloud computing and big data technologies brings out major changes in the ways that people make use of information systems. While those technologies extremely ease our lives, they impose the danger of compromising privacy and security of data due to performing the computation on an untrusted remote server. Moreover, there are also many other real-world scenarios requiring two or more (possibly distrustful) parties to securely compute a function without leaking their respective inputs to each other. In this respect, various secure computation mechanisms have been proposed in order to protect users' data privacy. Yao's garbled circuit protocol is one of the most powerful solutions for this problem. In this thesis, we first describe the Yao's protocol in detail, and include the complete list of optimizations over the Yao's protocol. We also compare their advantages in terms of communication and computation complexities, and analyse their compatibility with each other. We also look into generic Yao implementations (including garbled RAM) to demonstrate the use of this powerful tool in practice. We compare those generic implementations in terms of their use of garbled circuit optimizations. We also cover the specific real-world applications for further illustration. Moreover, in some scenarios, the functionality itself may also need to be kept private which leads to an ideal solution of secure computation problem. In this direction, we finally cover the problem of Private Function Evaluation, in particular for the 2-party case where garbled circuits have an important role. We finally analyse the generic mechanism of Mohassel et al. and contribute to it by proposing a new technique for the computation of the number of possible circuit mappings.

Cryptography and Security

James Henry Bell,Kallista A. Bonawitz,Adrià Gascón,Tancrède Lepoint,Mariana Raykova

DOI: https://doi.org/10.1145/3372297.3417885

2020-10-30

Abstract:Secure aggregation is a cryptographic primitive that enables a server to learn the sum of the vector inputs of many clients. Bonawitz et al. (CCS 2017) presented a construction that incurs computation and communication for each client linear in the number of parties. While this functionality enables a broad range of privacy preserving computational tasks, scaling concerns limit its scope of use. We present the first constructions for secure aggregation that achieve polylogarithmic communication and computation per client. Our constructions provide security in the semi-honest and the semi-malicious settings where the adversary controls the server and a δ-fraction of the clients, and correctness with up to δ-fraction dropouts among the clients. Our constructions show how to replace the complete communication graph of Bonawitz et al., which entails the linear overheads, with a k-regular graph of logarithmic degree while maintaining the security guarantees. Beyond improving the known asymptotics for secure aggregation, our constructions also achieve very efficient concrete parameters. The semi-honest secure aggregation can handle a billion clients at the per-client cost of the protocol of Bonawitz et al. for a thousand clients. In the semi-malicious setting with 10 4 clients, each client needs to communicate only with 3% of the clients to have a guarantee that its input has been added together with the inputs of at least 5000 other clients, while withstanding up to 5% corrupt clients and 5% dropouts. We also show an application of secure aggregation to the task of secure shuffling which enables the first cryptographically secure instantiation of the shuffle model of differential privacy.

Shun-Dong Li,Yi-Qi Dai

DOI: https://doi.org/10.1007/s11390-005-0258-z

IF: 1.871

2005-01-01

Journal of Computer Science and Technology

Abstract:Secure Multi-party Computation has been a research focus in international cryptographic community in recent years. In this paper the authors investigate how some computational geometric problems could be solved in a cooperative environment, where two parties need to solve a geometric problem based on their joint data, but neither wants to disclose its private data to the other party. These problems are the distance between two private points, the relation between a private point and a circle area, the relation between a private point and an ellipse area and the shortest distance between two point sets. The paper gives solutions to these specific geometric problems, and in doing so a building block is developed,the protocol for the distance between two private points, that is also useful in the solutions to other geometric problems and combinatorial problems.

Qizhi Zhang,Bingsheng Zhang,Lichun Li,Shan Yin,Juanjuan Sun

2021-01-01

Abstract:Secure computation enables two or more parties to jointly evaluate a function without revealing to each other their private input.G-module is an abelian groupM,where the groupG acts compatibly with the abelian group structure onM. In this work, we present several secure computation protocols forG-module operations in the online/offline mode. We then show how to instantiate those protocols to implement many widely used secure computation primitives in privacy-preserving machine learning and data mining, such as oblivious cyclic shift, oneround shared OT, oblivious permutation, oblivious shuffle, secure comparison,oblivious selection,DReLU,andReLU,etc. All the proposed protocols are constant-round, and they are 2X 10X more efficient than the-state-of-the-art constant-round protocols in terms of communication complexity.

Youwen Zhu,Liusheng Huang,Wei Yang,Fan Dong

DOI: https://doi.org/10.4304/jcp.5.11.1678-1685

2010-01-01

Abstract:In recent years, privacy protection has become an important topic when cooperative computation is performed in distributed environments. This paper puts forward efficient protocols for computing the multi-dimensional aggregates in distributed environments while keeping privacy preserving. We propose a novel model, which contains two crucial stages: local computation and cooperative computation based on secure multiparty computation protocols for privacy-preserving on-line analytical processing. According to the new model, we develop approaches to privacy-preserving count aggregate query over both horizontally partitioned data and vertically partitioned data. We, meanwhile, propose an efficient sub-protocol Two-Round Secure Sum Protocol. Theoretical analysis indicates that our solutions are secure and the answers are exactly accurate, that is, they can securely obtain the exact answer to aggregate query without revealing anything about their confidential data to each other. We also analyze detailedly the communication cost and computation complexity of our schemes in the paper and it shows that the new solutions have good linear complexity. No privacy loss and exact accuracy are two main significant advantages of our new schemes.

Ze Yang,Youliang Tian

DOI: https://doi.org/10.1016/j.jksuci.2024.102073

IF: 9.006

2024-06-01

Journal of King Saud University - Computer and Information Sciences

Abstract:Highlights • We propose a lightweight computational scheme for private data aggregation. By adopting the CRT and encoding theory, private data is encoded into polynomial coefficients for computation and the random data are introduced to ensure that private data is not leaked to non-collusive servers. • We propose a non-interactive verifiable security aggregation protocol that satisfies the requirements of clients dropping out and partial server corruption. Furthermore, by introducing redundant shares and utilizing results returned by delayed servers, the proposed scheme achieves verifiable computation. • We provide a thorough analysis of the robustness, verification and security of our proposed. The experimental results show that the proposed scheme is effective in both computation and verification. Data aggregation involves the integration of relevant data generated across platforms and devices, leveraging the potential value of sensory data. However, in addition to security and efficiency, which are the basic requirements for data aggregation involving private data, how to achieve fault tolerance and interference of aggregation in real computing networks is imminent and is the main contribution of this paper. In this paper, we propose a secure aggregation framework involving multiple servers based on coding theory, which is not only robust to clients dropping out and tolerant to partial server withdrawal but also resistant to malicious computation by servers and forgery attacks by adversaries. In particular, the proposed protocol employs the Chinese Residual Theorem (CRT) to encode private data and constructs Lagrange interpolation polynomials to perform aggregation, which achieves lightweight privacy preservation while achieving robust, verifiable and secure aggregation goals.

computer science, information systems

JING Weiwei,HUANG Liusheng,LUO Yonglong,YAO Yifei,XU Weijiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.22.052

2006-01-01

Abstract:The secure query is that a user of a database can accomplish a query without revealing the user and database’s private information.This paper presents two methods of secure query:(1)The first scheme is a protocol of secure two-party computation,which is based on the equijion protocol.Although it has high security,the first scheme has too high cost and it is too difficult to use in large database.(2)The second scheme introduces the software as a trust third part and prevents the user and database from disclosing privacy.Although the security is lower than that of the first method,the second method has lower cost and it is more practical.

Qiyao Luo,Yilei Wang,Wei Dong,Ke Yi

2024-04-23

Abstract:We present LINQ, the first join protocol with linear complexity (in both running time and communication) under the secure multi-party computation model (MPC). It can also be extended to support all free-connex queries, a large class of select-join-aggregate queries, still with linear complexity. This matches the plaintext result for the query processing problem, as free-connex queries are the largest class of queries known to be solvable in linear time in plaintext. We have then built a query processing system based on LINQ, and the experimental results show that LINQ significantly outperforms the state of the art. For example, it can finish a query on three relations with an output size of 1 million tuples in around 100s in the LAN setting, while existing protocols that support the query cannot finish in an hour. Thus LINQ brings MPC query processing closer to practicality.

Cryptography and Security,Databases

Haobo Jia,Zhuqing Jia

2023-08-14

Abstract:The problem of $X$-secure $T$-private linear computation with graph based replicated storage (GXSTPLC) is to enable the user to retrieve a linear combination of messages privately from a set of $N$ distributed servers where every message is only allowed to store among a subset of servers subject to an $X$-security constraint, i.e., any groups of up to $X$ colluding servers must reveal nothing about the messages. Besides, any groups of up to $T$ servers cannot learn anything about the coefficients of the linear combination retrieved by the user. In this work, we completely characterize the asymptotic capacity of GXSTPLC, i.e., the supremum of average number of desired symbols retrieved per downloaded symbol, in the limit as the number of messages $K$ approaches infinity. Specifically, it is shown that a prior linear programming based upper bound on the asymptotic capacity of GXSTPLC due to Jia and Jafar is tight by constructing achievability schemes. Notably, our achievability scheme also settles the exact capacity (i.e., for finite $K$) of $X$-secure linear combination with graph based replicated storage (GXSLC). Our achievability proof builds upon an achievability scheme for a closely related problem named asymmetric $\mathbf{X}$-secure $\mathbf{T}$-private linear computation with graph based replicated storage (Asymm-GXSTPLC) that guarantees non-uniform security and privacy levels across messages and coefficients. In particular, by carefully designing Asymm-GXSTPLC settings for GXSTPLC problems, the corresponding Asymm-GXSTPLC schemes can be reduced to asymptotic capacity achieving schemes for GXSTPLC. In regard to the achievability scheme for Asymm-GXSTPLC, interesting aspects of our construction include a novel query and answer design which makes use of a Vandermonde decomposition of Cauchy matrices, and a trade-off among message replication, security and privacy thresholds.

Information Theory

Bo Yang,Yong Yu,Chung-Huang Yang

DOI: https://doi.org/10.1007/s11390-013-1319-3

2013-01-01

Abstract:A secure scalar product protocol is a type of specific secure multi-party computation problem. Using this kind of protocol, two involved parties are able to jointly compute the scalar product of their private vectors, but no party will reveal any information about his/her private vector to another one. The secure scalar product protocol is of great importance in many privacy-preserving applications such as privacy-preserving data mining, privacy-preserving cooperative statistical analysis, and privacy-preserving geometry computation. In this paper, we give an efficient and secure scalar product protocol in the presence of malicious adversaries based on two important tools: the proof of knowledge of a discrete logarithm and the verifiable encryption. The security of the new protocol is proved under the standard simulation-based definitions. Compared with the existing schemes, our scheme offers higher efficiency because of avoiding inefficient cut-and-choose proofs.

Bo Yang,Chung-Huang Yang,Yong Yu,Dan Xie

DOI: https://doi.org/10.4304/jcp.8.8.2018-2026

2013-01-01

Journal of Computers

Abstract:A secure scalar product protocol is a type of specific SMC problem, and has found various applications in many areas such as privacy-preserving data mining, privacy-preserving cooperative statistical analysis, and privacy-preserving geometry computation. In this paper, we firstly extend to a solution of homomorphic-encryption based secure scalar product protocol such that it enables the scheme to be used in distributed decryption, and to deal with negative vectors. Secondly, we propose two-party secure computation of a public Boolean function on private inputs of each party. Thirdly, we describe two applications of our secure scalar product protocol to computational geometry: determining securely location of a point to a directed line segment, and conditional oblivious transfer based on the relation between a private point and a private directed line.

Ye Wang,Shantanu Rane,Prakash Ishwar,Wei Sun

DOI: https://doi.org/10.48550/arXiv.1010.0670

2010-10-04

Cryptography and Security

Abstract:Consider a network of k parties, each holding a long sequence of n entries (a database), with minimum vertex-cut greater than t. We show that any empirical statistic across the network of databases can be computed by each party with perfect privacy, against any set of t < k/2 passively colluding parties, such that the worst-case distortion and communication cost (in bits per database entry) both go to zero as n, the number of entries in the databases, goes to infinity. This is based on combining a striking dimensionality reduction result for random sampling with unconditionally secure multi-party computation protocols.

Taeho Jung,XuFei Mao,Xiang-Yang Li,Shaojie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/INFCOM.2013.6567071

2013-04-12

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either assume to have a secure channel or suffer from high complexity. Here we consider how an external aggregator or multiple parties learn some algebraic statistics (e.g., summation, product) over participants' data while any individual's input data is kept secret to others (the aggregator and other participants). We assume channels in our construction are insecure. That is, all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We successfully guarantee data confidentiality under this weak assumption while limiting both the communication and computation complexity to at most linear.

Cryptography and Security

Andrew C. Yao

DOI: https://doi.org/10.1109/sfcs.1982.38

1982-01-01

Abstract:giving away any information about the values of their own variables? The millionaires'problem corresponds to the case when m = 2 and f (x1, x2) = 1 if x1 < x2, and 0 otherwise. In this paper, we will give precise formu-lation of this general problem and describe three ways of solving it by use of one-way functions (i. e., functions which are easy to evaluate but hard to invert). These results have applications to secret voting, private query-ing of database, oblivious negotiation, playing mental poker, etc. We will also discuss the complexity question "How many bits need to be exchanged for the computa-tion", and describe methods to prevent participants from cheating. Finally, we study the question "What cannot be accomplished with one-way functions". Before describing these results, we would like to put this work in perspective by first considering a unified view of secure computation in the next section.

Daniel Collins,Yuval Efron,Jovan Komatovic

2024-10-16

Abstract:It is well known that a trusted setup allows one to solve the Byzantine agreement problem in the presence of $t<n/2$ corruptions, bypassing the setup-free $t<n/3$ barrier. Alas, the overwhelming majority of protocols in the literature have the caveat that their security crucially hinges on the security of the cryptography and setup, to the point where if the cryptography is broken, even a single corrupted party can violate the security of the protocol. Thus these protocols provide higher corruption resilience ($n/2$ instead of $n/3$) for the price of increased assumptions. Is this trade-off necessary? We further the study of crypto-agnostic Byzantine agreement among $n$ parties that answers this question in the negative. Specifically, let $t_s$ and $t_i$ denote two parameters such that (1) $2t_i + t_s < n$, and (2) $t_i \leq t_s < n/2$. Crypto-agnostic Byzantine agreement ensures agreement among honest parties if (1) the adversary is computationally bounded and corrupts up to $t_s$ parties, or (2) the adversary is computationally unbounded and corrupts up to $t_i$ parties, and is moreover given all secrets of all parties established during the setup. We propose a compiler that transforms any pair of resilience-optimal Byzantine agreement protocols in the authenticated and information-theoretic setting into one that is crypto-agnostic. Our compiler has several attractive qualities, including using only $O(\lambda n^2)$ bits over the two underlying Byzantine agreement protocols, and preserving round and communication complexity in the authenticated setting. In particular, our results improve the state-of-the-art in bit complexity by at least two factors of $n$ and provide either early stopping (deterministic) or expected constant round complexity (randomized). We therefore provide fallback security for authenticated Byzantine agreement for free for $t_i \leq n/4$.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Himanshu Tyagi,Shun Watanabe

DOI: https://doi.org/10.48550/arXiv.1404.5715

2015-05-29

Abstract:We consider information theoretic secret key agreement and secure function computation by multiple parties observing correlated data, with access to an interactive public communication channel. Our main result is an upper bound on the secret key length, which is derived using a reduction of binary hypothesis testing to multiparty secret key agreement. Building on this basic result, we derive new converses for multiparty secret key agreement. Furthermore, we derive converse results for the oblivious transfer problem and the bit commitment problem by relating them to secret key agreement. Finally, we derive a necessary condition for the feasibility of secure computation by trusted parties that seek to compute a function of their collective data, using an interactive public communication that by itself does not give away the value of the function. In many cases, we strengthen and improve upon previously known converse bounds. Our results are single-shot and use only the given joint distribution of the correlated observations. For the case when the correlated observations consist of independent and identically distributed (in time) sequences, we derive strong versions of previously known converses.

Information Theory,Cryptography and Security

Liese Bekkers,Frank Neven,Stijn Vansummeren,Yisu Remy Wang

2024-11-07

Abstract:Acyclic join queries can be evaluated instance-optimally using Yannakakis' algorithm, which avoids needlessly large intermediate results through semi-join passes. Recent work proposes to address the significant hidden constant factors arising from a naive implementation of Yannakakis by decomposing the hash join operator into two suboperators, called Lookup and Expand. In this paper, we present a novel method for integrating Lookup and Expand plans in interpreted environments, like column stores, formalizing them using Nested Semijoin Algebra (NSA) and implementing them through a shredding approach. We characterize the class of NSA expressions that can be evaluated instance-optimally as those that are 2-phase: no `shrinking' operator is applied after an unnest (i.e., expand). We introduce Shredded Yannakakis (SYA), an evaluation algorithm for acyclic joins that, starting from a binary join plan, transforms it into a 2-phase NSA plan, and then evaluates it through the shredding technique. We show that SYA is provably robust (i.e., never produces large intermediate results) and without regret (i.e., is never worse than the binary join plan under a suitable cost model) on the class of well-behaved binary join plans. Our experiments on a suite of 1,849 queries show that SYA improves performance for 88.7% of the queries with speedups up to 188x, while remaining competitive on the other queries. We hope this approach offers a fresh perspective on Yannakakis' algorithm, helping system engineers better understand its practical benefits and facilitating its adoption into a broader spectrum of query engines.

Databases

I. Yen,Liangliang Xiao,F. Bastani

DOI: https://doi.org/10.1109/HASE.2008.31

2008-12-03

Abstract:Due to the large number of attacks on open networks, information theft becomes a more and more severe problem. Secure computation can offer highly assured confidentiality protection to critical information and data against external and insider attacks. However, existing secure computation methods are not widely used in practice due to their excessive performance overheads and limited applicability. In this paper, we consider secure computation under a general client-server model which fits the computation of most modern application systems. A novel secure computation protocol has been developed to support highly efficient arithmetic operations. Since the algorithms are based on matrix computations, they are highly efficient. Due to its efficiency and applicability, our secure computation approach can benefit many application systems, including medical databases, secure financial systems, defense information systems, E-commerce systems, agent-based computing, etc.

Computer Science

Li Shundong,Wang Daoshun,Dai Yiqi,Luo Ping

DOI: https://doi.org/10.1016/j.ins.2007.07.015

IF: 8.1

2008-01-01

Information Sciences

Abstract:Secure multiparty computation has become a central research focus in the international cryptographic community and in the future likely will represent an integral part of computing science. Protocols for Yao’s millionaires’ problem provide the building blocks for many secure multiparty computation protocols, which makes their efficiency critical. Unfortunately, all known protocols for Yao’s millionaires’ problem employ public key cryptography and thus are inefficient. This article constructs a new efficient solution to Yao’s millionaires’ problem based on symmetric cryptography. We first develop an efficient protocol for set-inclusion problems, which has independent interest for secure multiparty computations. The privacy-preserving property of the solution is demonstrated by a well-accepted simulation paradigm. To compare the security levels of different solutions, we propose a new security paradigm that quantitatively captures the security levels of different solutions and can determine which secure multiparty computation solution is preferable. This article thus provides an important supplement to the simulation paradigm. Together with the simulation paradigm, it offers a complete security evaluation benchmark for multiparty computations.