Circuits resilient to additive attacks with applications to secure computation

Genkin, Daniel; Ishai, Yuval; Prabhakaran, Manoj; Sahai, Amit; Tromer, Eran

doi:10.1145/2591796.2591861

Cited by 80 publications

(55 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proof. The client-aided two-party secure computation protocol used (i.e., client-supplied correlated randomness, combined with Rounds 1 & 2) is secure against a malicious server, up to additive offsets to inputs and outputs of the computation [9,11,34]. Note that an additive offset to the output is irrelevant for client privacy (recall that we do not address robustness of the computation against a malicious server).…”

Section: Claim C1 (Malicious Client)mentioning

confidence: 99%

Lightweight Techniques for Private Heavy Hitters

Boneh

Boyle

Corrigan-Gibbs³

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

This paper presents a new protocol for solving the private heavy-hitters problem. In this problem, there are many clients and a small set of data-collection servers. Each client holds a private bitstring. The servers want to recover the set of all popular strings, without learning anything else about any client's string. A web-browser vendor, for instance, can use our protocol to figure out which homepages are popular, without learning any user's homepage. We also consider the simpler private subset-histogram problem, in which the servers want to count how many clients hold strings in a particular set without revealing this set to the clients.Our protocols use two data-collection servers and, in a protocol run, each client send sends only a single message to the servers. Our protocols protect client privacy against arbitrary misbehavior by one of the servers and our approach requires no publickey cryptography (except for secure channels), nor generalpurpose multiparty computation. Instead, we rely on incremental distributed point functions, a new cryptographic tool that allows a client to succinctly secret-share the labels on the nodes of an exponentially large binary tree, provided that the tree has a single non-zero path. Along the way, we develop new general tools for providing malicious security in applications of distributed point functions.A limitation of our heavy-hitters protocol is that it reveals to the servers slightly more information than the set of popular strings itself. We precisely define and quantify this leakage and explain how to ameliorate its effects. In an experimental evaluation with two servers on opposite sides of the U.S., the servers can find the 200 most popular strings among a set of 400,000 client-held 256bit strings in 54 minutes. Our protocols are highly parallelizable. We estimate that with 20 physical machines per logical server, our protocols could compute heavy hitters over ten million clients in just over one hour of computation.

show abstract

Section: Claim C1 (Malicious Client)mentioning

confidence: 99%

Lightweight Techniques for Private Heavy Hitters

Boneh

Boyle

Corrigan-Gibbs³

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…We denote reconstruction failures by ⊥ and we expect that the modification operator is such that a δ ⊥ = ⊥ and ⊥ δ a = ⊥ for any a in the value domain. Modification function generalises the observation that in many MPC protocols adversarial modifications result in additive changes to the value [57].…”

Section: Definition 2 (Hiding Storage)mentioning

confidence: 99%

Foundations of Programmable Secure Computation

Laur

Pullonen-Raudvere

2021

Cryptography

View full text Add to dashboard Cite

This paper formalises the security of programmable secure computation focusing on simplifying security proofs of new algorithms for existing computation frameworks. Security of the frameworks is usually well established but the security proofs of the algorithms are often more intuitive than rigorous. This work specifies a transformation from the usual hybrid execution model to an abstract model that is closer to the intuition. We establish various preconditions that are satisfied by natural secure computation frameworks and protocols, thus showing that mostly the intuitive proofs suffice. More elaborate protocols might still need additional proof details.

show abstract

“…Considering adversaries that access the memory of such circuits in a block-wise manner, is a plausible scenario. In terms of modeling, this is similar to tamper-resilience for arithmetic circuits [33], in which the attacker, instead of accessing individual circuit wires carrying bits, it accesses wires carrying integers. The case is similar for RAM computation where the CPU operates over 32 or 64 bit registers (securing RAM programs using NMC was also considered by [22][23][24]31]).…”

Section: Applicationsmentioning

confidence: 99%

Non-Malleable Codes for Partial Functions with Manipulation Detection

Kiayias

Liu

Tselekounis

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Non-malleable codes were introduced by Dziembowski, Pietrzak and Wichs (ICS '10) and its main application is the protection of cryptographic devices against tampering attacks on memory. In this work, we initiate a comprehensive study on non-malleable codes for the class of partial functions, that read/write on an arbitrary subset of codeword bits with specific cardinality. Our constructions are efficient in terms of information rate, while allowing the attacker to access asymptotically almost the entire codeword. In addition, they satisfy a notion which is stronger than non-malleability, that we call non-malleability with manipulation detection, guaranteeing that any modified codeword decodes to either the original message or to ⊥. Finally, our primitive implies All-Or-Nothing Transforms (AONTs) and as a result our constructions yield efficient AONTs under standard assumptions (only one-way functions), which, to the best of our knowledge, was an open question until now. In addition to this, we present a number of additional applications of our primitive in tamper resilience.4 Specifically, in [32], the authors consider a model where a common reference string (CRS) is available, with length roughly logarithmic in the size of the tampering function class; as a consequence, the tampering function is allowed to read/write the whole codeword while having only partial information over the CRS. 5 Informally, prior works [18,27] showed existence of non-malleable codes for classes of certain bounded cardinalities. The results cover the class of partial functions. 6 The attacks by [8,11,12] require the modification of a single (random) memory bit, while in [10] a single error per each round of the computation suffices. In [44], the attack requires a single faulty byte.

show abstract

Circuits resilient to additive attacks with applications to secure computation

Cited by 80 publications

References 41 publications

Lightweight Techniques for Private Heavy Hitters

Lightweight Techniques for Private Heavy Hitters

Foundations of Programmable Secure Computation

Non-Malleable Codes for Partial Functions with Manipulation Detection

Contact Info

Product

Resources

About