Xingkai Wang,Zhenfu Cao,Zhen Liu,Kaitai Liang

DOI: https://doi.org/10.1007/978-3-031-17146-8_6

2022-01-01

Abstract:Gordon et al. (TCC 2015) systematically studied the security of Multi-client Verifiable Computation (MVC), in which a set of computationally-weak clients outsource the computation of a general function f over their private inputs to an untrusted server. They introduced the universally composable (UC) security of MVC and proposed a scheme achieving UC-security, where the protocol remains secure after arbitrarily composed with other UC-secure instances. However, the clients in their scheme have to undertake the heavy computation overhead caused by fully homomorphic encryption (FHE) and further, the plaintext size is linear to the function input size. In this work, we propose a more efficient UC-secure multi-client privacy-preserving verifiable computation protocol, called MVOC, that sharply reduces amortized overheads for clients, in both semi-honest and malicious settings. In particular, our protocol achieves stronger outsourcability by outsourcing more computation to the server, so that it may be more friendly to those lightweight clients. More specifically, we revisit the definition of garbling scheme, and propose a novel garbled circuit protocol whose circuit randomness is non-interactively provided by multiple parties. We also realize the idea of hybrid homomorphic encryption, which makes the FHE plaintext size independent of the input size. We present the detailed proof and analyze the theoretical complexity of MVOC. We further implement our protocol and evaluate the performance, and the results show that, after adopting our new techniques, the computation and communication overheads during input phase can be decreased by 55.15%-68.05% and 62.55%-75% respectively.

Kemal Akkaya,Soamar Homsi,Oscar G. Bautista

DOI: https://doi.org/10.1109/LCN52139.2021.9524971

2021-10-04

Abstract:With the increasing interest in Secure Multi-Party Computation protocols (MPC), there have been several works such as the SPDZ1 protocol that tackled this problem under a malicious security with dishonest majority attack model. However, most of these MPC efforts assume that the nodes running the computations are also supplying the inputs, which is not a realistic assumption for many real-life applications. In this paper, we extend the SPDZ protocol to enable clients outsource data and computation to the clouds while ensuring the correctness of the results, in addition to integrity and confidentiality of the input and output. We guarantee that the computation among nodes is done correctly by verifying their output’s Message Authentication Codes (MACs) at the end. Specifically, we delegate this task to an honest server. Our approach strives to minimize the burden on clients while enabling cheating detection even when assuming a malicious attack model with dishonest majority.

Engineering,Computer Science

Liang Feng Zhang,Rehanehi Safavi-Naini

DOI: https://doi.org/10.48550/arXiv.1308.4218

2013-09-03

Abstract:{\em Verifiable computation} (VC) allows a computationally weak client to outsource the evaluation of a function on many inputs to a powerful but untrusted server. The client invests a large amount of off-line computation and gives an encoding of its function to the server. The server returns both an evaluation of the function on the client's input and a proof such that the client can verify the evaluation using substantially less effort than doing the evaluation on its own. We consider how to privately outsource computations using {\em privacy preserving} VC schemes whose executions reveal no information on the client's input or function to the server. We construct VC schemes with {\em input privacy} for univariate polynomial evaluation and matrix multiplication and then extend them such that the {\em function privacy} is also achieved. Our tool is the recently developed {mutilinear maps}. The proposed VC schemes can be used in outsourcing {private information retrieval (PIR)}.

Cryptography and Security

Xiaotong Li,Hao Wang,Zhi Li,Lei Wu,Xiaochao Wei,Ye Su,Rongxing Lu

DOI: https://doi.org/10.1109/tsc.2024.3380258

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Although secure multi-party computation breaks down data barriers, its utility is reduced when participants have limited computation and communication resources. To make secure multi-party computation more practical, there exists an approach to distribute users' private inputs to multiple servers in a secret sharing manner, and the servers accomplish secure computation tasks through interaction. We propose a new secure computation framework that enables the detection of malicious cloud servers by introducing homomorphic MACs. We utilize pairing-based homomorphic commitments to record MACs on a bulletin board, providing public verifiability while reducing the computation burden on the cloud servers. Additionally, our framework not only supports the underlying general computation, but also prepares for various types of nontrivial high-level operations, such as comparison and bit decomposition. We design a smart payment platform enabling fair payment with the help of smart contracts to protect the rights of both data owners and cloud service providers. Compared to previous works, our framework breaks the limitations of servers being restricted to semi-honest or even honest and provides public verifiability. Performance evaluations demonstrate satisfactory computation and communication efficiency during the online phase of our system.

computer science, information systems, software engineering

Brandon Broadnax,Alexander Koch,Jeremias Mechler,Tobias Müller,Jörn Müller-Quade,Matthias Nagel

DOI: https://doi.org/10.2478/popets-2021-0072

2021-07-23

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract In practice, there are numerous settings where mutually distrusting parties need to perform distributed computations on their private inputs. For instance, participants in a first-price sealed-bid online auction do not want their bids to be disclosed. This problem can be addressed using secure multi-party computation (MPC), where parties can evaluate a publicly known function on their private inputs by executing a specific protocol that only reveals the correct output, but nothing else about the private inputs. Such distributed computations performed over the Internet are susceptible to remote hacks that may take place during the computation. As a consequence, sensitive data such as private bids may leak. All existing MPC protocols do not provide any protection against the consequences of such remote hacks. We present the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking. More specifically, unless the remote hack takes place before the party received its input or all parties are corrupted, a hacker is unable to learn the parties’ inputs and outputs, and is also unable to modify them. We achieve these strong (privacy) guarantees by utilizing the fact that in practice parties may not be susceptible to remote attacks at every point in time, but only while they are online, i.e. able to receive messages. To this end, we model communication via explicit channels. In particular, we introduce channels with an airgap switch (disconnect-able by the party in control of the switch), and unidirectional data diodes . These channels and their isolation properties, together with very few, similarly simple and plausibly remotely unhackable hardware modules serve as the main ingredient for attaining such strong security guarantees. In order to formalize these strong guarantees, we propose the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework.

Yulin Wu,Xuan Wang,Willy Susilo,Guomin Yang,Zoe L. Jiang,Junyi Li,Xueqiao Liu

DOI: https://doi.org/10.1016/j.csi.2021.103570

2022-03-01

Abstract:With the rapid development of secure multi-party computation (MPC) over past decades, applications of MPC has been moving from completing simple computation tasks (e.g., private set intersection) to complex computation tasks (e.g., privacy-preserving machine learning). This is an inevitable trend when more strict privacy protection requirements face more complex and large-scale computation such as big data analytics being applied in many fields. Although the complex computation tasks are not easy to be evaluated with one type of MPC protocols from beginning to the end, it can be more efficiently evaluated by decomposing the complex task into many simple sub-tasks and evaluating each of them with the proper type of MPC protocol in sequence. Therefore, we propose a mixed-protocol MPC framework towards complex computation tasks with malicious security in this work. In particular, we utilize the homomorphic commitment technique to construct six types of share conversion protocols in the malicious model. Then, we construct the maliciously secure mixed-protocol MPC framework based on these share conversion protocols. This is the first maliciously secure mixed-protocol MPC framework relying on the standard model, providing a higher security guarantee than all the previous works in the literature. Also, this is the first general mixed-protocol MPC framework for n parties in the malicious model, in comparison to previous works that either only support fixed number of parties in the malicious model, or only handle limited types of share conversions. Furthermore, we provide the theoretical analysis of the computation and communication costs for the six types of share conversion protocols, as an important reference for future developers, who intend to implement some complex computation task by following this mixed-protocol MPC framework with malicious security.

computer science, software engineering, hardware & architecture

Yibiao Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3322397

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Secure multi-party computation (MPC) provides provable security guarantees for many privacy critical applications. The semi-honest MPC protocols are secure against semi-honest adversaries who can only observe the protocol execution, while the maliciously secure MPC protocols are secure against malicious adversaries who can deviate from the protocol description arbitrarily. Many security sensitive applications tend to use semi-honest MPC protocols because malicious security comes with huge communication and/or computation costs. In this work, we show how to efficiently transform generic semi-honest two-party protocols into maliciously secure multi-party protocol in the server-aided setting. We further propose an optimized constant-round server-aided MPC protocol. The proposed protocols are secure when all but one parties are maliciously corrupted, while the remaining party and the server are corrupted by semi-honest and non-colluding adversaries. We implement and evaluate our constant-round protocol. For the 2-party case, our protocol is only 1.11× slower than the semi-honest Yao's Garbled Circuits protocol, and it is 9.16× faster than the maliciously secure authenticated garbling protocol and 4.96× faster than the state-of-the-art maliciously secure server-aided protocol of Wu et al. For the 8-party case, our protocol is 103.29× faster than the authenticated garbling protocol and 17.03× faster than the protocol of Wu et al.

Lingling Xu,Shaohua Tang

DOI: https://doi.org/10.1007/s11227-013-1039-z

IF: 3.3

2013-01-01

The Journal of Supercomputing

Abstract:With the tremendous growth of cloud computing, verifiable computation has been firstly formalized by Gennaro et al. and then studied widely to provide integrity guarantees in the outsourced computation. However, existing verifiable computation protocols either work in the secret key setting or in the public key setting, namely, work either for single client or for all clients, which rules out some practical applications with access control policies. In this paper, we introduce and formalize the notion of verifiable computation with access control (AC-VC), in which only the computationally weak clients with necessary access control permissions can be allowed by a trusted source to apply the outsourced computation of a function to a server. We present a formal security definition and a proved secure black-box construction for AC-VC. This construction is built based on any verifiable computation in the secret key model and ciphertext-policy attribute-based encryption (CP-ABE). The access control policies that our AC-VC can realize depend on that realized in the based CP-ABE.

吴建军,高济

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.07.012

2004-01-01

Abstract:A mobile agent protection scheme based on the non-interactive secure function evaluation was presented using an optimized oblivious transfer (OT) protocol. Most overheads of an OT protocol are modular exponentiations, which are computationally intensive tasks. The expansion from 1-out-of-2 OT protocol to 1-out-of-N OT protocol and the combination of N 1-out-of-2 OT protocol to one 1-out-of-N OT protocol defined a new simultaneous 1-out-of-N OT protocol, where the number of modular exponentiation was consequently reduced to a small constant. The simultaneous OT protocol and the encrypted circuit construction were combined to obtain a non-interactive secure function evaluation protocol. Source host proceeded as Alice, and multiple hosts proceeded as Bob. Each host contributed the part of encrypted circuit that represented its function, thus the resulting encrypted circuit became a cascade of sub-circuits. It is proved that the new scheme has lower overhead and more security, and is easier to implement than other similar systems.

Josep Domingo-Ferrer,Jesús Manjón

DOI: https://doi.org/10.48550/arXiv.2112.15001

2021-12-30

Abstract:Multiparty computation (MPC) consists in several parties engaging in joint computation in such a way that each party's input and output remain private to that party. Whereas MPC protocols for specific computations have existed since the 1980s, only recently general-purpose compilers have been developed to allow MPC on arbitrary functions. Yet, using today's MPC compilers requires substantial programming effort and skill on the user's side, among other things because nearly all compilers translate the code of the computation into a Boolean or arithmetic circuit. In particular, the circuit representation requires unrolling loops and recursive calls, which forces programmers to (often manually) define loop bounds and hardly use recursion. We present an approach allowing MPC on an arbitrary computation expressed as ordinary code with all functionalities that does not need to be translated into a circuit. Our notion of input and output privacy is predicated on unlinkability. Our method leverages co-utile computation outsourcing using anonymous channels via decentralized reputation, makes a minimalistic use of cryptography and does not require participants to be honest-but-curious: it works as long as participants are rational (self-interested), which may include rationally malicious peers (who become attackers if this is advantageous to them). We present example applications, including e-voting. Our empirical work shows that reputation captures well the behavior of peers and ensures that parties with high reputation obtain correct results.

Cryptography and Security

Yibiao Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tifs.2024.3494547

2023-01-01

Abstract:Most existing MPC protocols consider the homogeneous setting, where all the MPC players are assumed to have identical communication and computation resources. In practice, the player with the least resources often becomes the bottleneck of the entire MPC protocol execution. In this work, we initiate the study of so-called load-balanced MPC in heterogeneous computing. A load-balanced MPC protocol can adjust the workload of each player accordingly to maximize the overall resource utilization. In particular, we propose new notions called composite circuit and composite garbling scheme , and construct two efficient server-aided protocols with malicious security and semi-honest security, respectively. Our maliciously secure protocol is over 400× faster than the authenticated garbling protocol (CCS ’17) and up to 4.3× faster than the state-of-the-art server-aided MPC protocol of Lu et al . (TDSC ’23); our semi-honest protocol is up to 173× faster than the optimized BMR protocol (CCS ’16) and is up to 3.8× faster than the protocol of Lu et al .

Yulin Wu,Xuan Wang,Willy Susilo,Guomin Yang,Zoe L. Jiang,Hao Wang,Tong Wu

DOI: https://doi.org/10.1016/j.csi.2021.103571

2022-03-01

Abstract:In the artificial intelligence era, data-driven computation tasks, such as machine learning, have been playing an essential role as the decision-maker to unlock the value of big data in many fields. Moreover, the ultimate goal of pursuing accuracy and efficiency improvement to better promote the application of data-driven computation has never changed. Since the main method to improve the accuracy of these tasks (e.g., the model training of machine learning) is to increase the diversity of datasets, this requires multiple data providers to share their data. However, data providers, e.g., private companies, are reluctant to share their datasets directly, considering the privacy protection of user information and the leakage prevention of their business secrets. Therefore, how to securely and efficiently perform joint datasets based data-driven computation tasks has become the main problem. In this work, without getting the aid of any trusted-third party (e.g., the cloud server), we construct an efficient maliciously secure two-party mixed-protocol framework for data-driven computation tasks. In particular, we construct a new cryptography gadget called committed oblivious linear evaluation (C-OLE) based on the homomorphic commitments in the malicious model. Then we construct two types of share conversion protocols in the malicious model with the above C-OLE gadget to construct the two-party mixed-protocol framework for data-driven computation tasks. Without utilizing the random oracle, our framework can provide a stronger security guarantee than the other two-party mixed-protocol frameworks in the literature. Furthermore, we conscientiously evaluate the theoretical efficiency of the two shares conversion protocols and provide the result as an important reference for future developers who intend to securely and efficiently instantiate the data-driven computation tasks (e.g., privacy-preserving machine learning applications) in the malicious model.

computer science, software engineering, hardware & architecture

Xiaochao Wei,Han Jiang,Chuan Zhao,Minghao Zhao,Qiuliang Xu

DOI: https://doi.org/10.1109/trustcom.2016.0092

2016-01-01

Abstract:In secure two-party computation protocols based on garbled circuit, oblivious transfer (OT) plays an important role in transferring the garbled keys of the participants. In addition to the traditional OT primitive, many other variants of OT have also been presented, such as outsourced oblivious transfer (OOT), cut-and-choose oblivious transfer (CCOT), cut-and-choose bilateral oblivious transfer (CCBOT), etc. These new primitives significantly improve the efficiency and feasibility of secure two-party computation protocols, mainly in optimising computational complexity and interactive rounds. Among these primitives, CCBOT proposed by Zhao et al. in TrustCom 2015 is a novel one and helps to minimize the round complexity of the outer secure two-party computation protocols. In addition, they constructed a CCBOT protocol based on homomorphic encryption scheme in the malicious model. However, their protocol uses the cut-and-choose technique to guarantee security against malicious adversaries, as a result the protocol has an error probability. The commitment scheme is also inevitably involved in their protocol. In this paper, we present a CCBOT protocol with the security against malicious adversaries based on the Decisional Diffie-Hellman (DDH) assumption. Our proposed protocol avoids using the cut-and-choose technique and commitment scheme. In terms of efficiency, our protocol is much more efficient than the previous protocol.

Yanli Ren,Ning Ding,Xinpeng Zhang,Haining Lu,Dawu Gu

DOI: https://doi.org/10.1145/2897845.2897881

2016-01-01

Abstract:The problem of securely outsourcing computation has received widespread attention due to the development of cloud computing and mobile devices. In this paper, we first propose a secure verifiable outsourcing algorithm of single modular exponentiation based on the one-malicious model of two untrusted servers. The outsourcer could detect any failure with probability 1 if one of the servers misbehaves. We also present the other verifiable outsourcing algorithm for multiple modular exponentiations based on the same model. Compared with the state-of-the-art algorithms, the proposed algorithms improve both checkability and efficiency for the outsourcer. Finally, we utilize the proposed algorithms as two subroutines to achieve outsource-secure polynomial evaluation and ciphertext-policy attributed-based encryption (CP-ABE) scheme with verifiable outsourced encryption and decryption.

Aixin Zhang,Shalin Huang,Xinghua Wu,Shilin Wang,Jianhua Li

DOI: https://doi.org/10.1109/CSCloud/EdgeCom.2018.00011

2018-01-01

Abstract:The security of outsourced data has been a key issue in cloud applications. Previous researches have focused on the remote data auditing and verification schemes. Although some of them have the properties of dynamic update and public audit, most of these schemes implicitly assume an honest client. Actually, the client has the motivations to corrupt the verification results against server, and the server may suspect the verification results under the situation where the client is dishonest. Up to now, few solutions have been proposed when both the client and server are not fully trusted and either side could be malicious. In this paper, a strict verifiable database (sVDB) protocol is proposed to tackle this problem. The concrete construction based on the bilinear pair technique can support client's real-time query and batch update operations. We prove the security of the scheme by contradiction under the square computational Diffie-Hellman assumption. We also implement the protocol and carry out several experiments to compare its performance with the state-of-the-art VDB scheme using vector commitment. All the results show that the proposed sVDB scheme achieves good security performance and high computation efficiency.

Chang Xu,Hongzhou Rao,Liehuang Zhu,Chuan Zhang,Kashif Sharif

DOI: https://doi.org/10.1007/s10586-024-04329-2

2024-03-16

Cluster Computing

Abstract:With the rapid development of cloud computing, clients and users with limited computing resources can outsource their computation-intensive tasks to the Cloud Service Providers (CSPs). However, as the CSPs are commercial in nature and aim to increase their profits, some security challenges are still attached to them. In this paper, we propose an efficient publicly verifiable computation scheme (EPVM) for large-scale matrix multiplication with privacy preservation. Based on the theory of discrete logarithm problem and the techniques of privacy-preserving matrix transformation, our scheme not only protects the privacy of the client's matrices but also significantly reduces the computation overhead on the client end as well as the CSP side. Our detailed security analysis and proofs show that the proposed scheme can achieve the established security requirements. The experimental evaluation also demonstrates that the proposed scheme works efficiently as compared to other existing solutions.

computer science, information systems, theory & methods

Sanket Kanjalkar,Ye Zhang,Shreyas Gandlur,Andrew Miller

DOI: https://doi.org/10.48550/arXiv.2107.04248

2021-07-09

Abstract:In recent years, multiparty computation as a service (MPCaaS) has gained popularity as a way to build distributed privacy-preserving systems. We argue that for many such applications, we should also require that the MPC protocol is publicly auditable, meaning that anyone can check the given computation is carried out correctly -- even if the server nodes carrying out the computation are all corrupt. In a nutshell, the way to make an MPC protocol auditable is to combine an underlying MPC protocol with verifiable computing proof (in particular, a SNARK). Building a general-purpose MPCaaS from existing constructions would require us to perform a costly "trusted setup" every time we wish to run a new or modified application. To address this, we provide the first efficient construction for auditable MPC that has a one-time universal setup. Despite improving the trusted setup, we match the state-of-the-art in asymptotic performance: the server nodes incur a linear computation overhead and constant round communication overhead compared to the underlying MPC, and the audit size and verification are logarithmic in the application circuit size. We also provide an implementation and benchmarks that support our asymptotic analysis in example applications. Furthermore, compared with existing auditable MPC protocols, besides offering a universal setup our construction also has a 3x smaller proof, 3x faster verification time and comparable prover time.

Cryptography and Security

Joohee Lee,Sangrae Cho,Soohyung Kim,Saerom Park

DOI: https://doi.org/10.1007/s10207-024-00941-w

2024-11-28

International Journal of Information Security

Abstract:In the current landscape of cloud-based data storage and analysis, concerns about data privacy and integrity have become more and more prevalent. Homomorphic encryption is a promising technology for preserving privacy by enabling computations on encrypted data while maintaining the confidentiality of sensitive information. However, relying solely on HE may pose challenges in ensuring the integrity of data and computation, which necessitates the verification of outsourced computations for users. In this paper, we propose a generic solution for verifiable computation over encrypted data. Our solution is based on a lattice-based approximate homomorphic encryption scheme with an MPC-in-the-Head style zero-knowledge proof system. We demonstrate that a user provided with a third party's certification of the computed function can verify the homomorphic evaluation over encrypted data. In the experiment, we provide a proof-of-concept implementation of our algorithms for privacy-preserving machine learning including regression, classification and validation. Our solution is post-quantum and can be extended to various scenarios such as privacy-preserving machine learning.

computer science, information systems, theory & methods, software engineering

Damiano Abram,Ivan Damgård,Peter Scholl,Sven Trieflinger

DOI: https://doi.org/10.1007/978-3-030-75539-3_3

2021-01-01

Abstract:In this paper, we describe Oblivious TLS: an MPC protocol that we prove UC secure against a majority of actively corrupted parties. The protocol securely implements TLS 1.3. Thus, any party P who runs TLS can communicate securely with a set of servers running Oblivious TLS; P does not need to modify anything, or even be aware that MPC is used.Applications of this include communication between servers who offer MPC services and clients, to allow the clients to easily and securely provide inputs or receive outputs. Also, an organization could use Oblivious TLS to improve in-house security while seamlessly connecting to external parties.Our protocol runs in the preprocessing model, and we did a preliminary non-optimized implementation of the on-line phase. In this version, the hand-shake completes in about 1 s. Based on implementation results from other work, performance of the record protocol using the standard AES-GCM can be expected to achieve an online throughput of about 3 MB/s.

Yi Lu,Keisuke Hara,Keisuke Tanaka

DOI: https://doi.org/10.1109/access.2022.3197634

IF: 3.9

2022-09-04

IEEE Access

Abstract:A homomorphic encryption (HE) scheme is an advanced encryption technology which allows any user receiving ciphertexts to perform computations over them in a public manner. An important application of an HE scheme is a private delegating computation where clients encrypt their secret data, send the ciphertexts to a (computationally powerful) server who perform computations over encrypted data. In this application, one of the crucial problems is that the delegated server might be not trusted one and in this case, we cannot believe that a server always returns correct computation results. To solve this problem, Lai et al. (ESORICS 2014) proposed a verifiable homomorphic encryption (VHE) as a core primitive realizing private and verifiable secure delegating computation. However, their VHE scheme only supports homomorphic evaluation over ciphertexts generated by a single user. In this paper, we propose a formalization and its construction of multi-key verifiable homomorphic encryption (MVHE), which is a new cryptographic primitive for realizing private and verifiable delegated computation in the multi-client setting. Our construction can be obtained by combining a multi-key homomorphic encryption scheme and a multi-key homomorphic encrypted authentication scheme, which is also a new primitive provided in this work.

computer science, information systems,telecommunications,engineering, electrical & electronic