Formulas Resilient to Short-Circuit Errors

Kalai, Yael Tauman; Lewko, Allison; Rao, Anup

doi:10.1109/focs.2012.69

Cited by 13 publications

(37 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Subsequent works of Dobrushin and Ortyukov [12] and Pippenger [31] showed how to construct fault-tolerant circuits in this model with only a logarithmic overhead in the worst case and a constant overhead in the typical case. Other models for fault-tolerant circuits, protecting against a bounded number of adversarial faults, were studied in [28,14,15,22,13,29,8,25,9].…”

Section: Overviewmentioning

confidence: 99%

Circuits resilient to additive attacks with applications to secure computation

Genkin

Ishai

Prabhakaran

et al. 2014

Proceedings of the Forty-Sixth Annual ACM Symposium on Theory of Computing

View full text Add to dashboard Cite

We study the question of protecting arithmetic circuits against additive attacks, which can add an arbitrary fixed value to each wire in the circuit. This extends the notion of algebraic manipulation detection (AMD) codes, which protect information against additive attacks, to that of AMD circuits which protect computation.We present a construction of such AMD circuits: any arithmetic circuit C over a finite field F can be converted into a functionally-equivalent randomized arithmetic circuit C of size O(|C|) that is fault-tolerant in the following sense. For any additive attack on the wires of C, its effect on the output of C can be simulated, up to O(|C|/|F|) statistical distance, by an additive attack on just the input and output. Given a small tamper-proof encoder/decoder for AMD codes, the input and output can be protected as well.We also give an alternative construction, applicable to small fields (for example, to protect Boolean circuits against wire-toggling attacks). It uses a small tamper-proof decoder to ensure that, except with negligible failure probability, either the output is correct or tampering is detected.Our study of AMD circuits is motivated by simplifying and improving protocols for secure multiparty computation (MPC). Typically, securing MPC protocols against active adversaries is much more difficult than securing them against passive adversaries. We observe that in simple passive-secure MPC protocols for circuit evaluation, the effect of any active adversary corresponds precisely to an additive attack on the original circuit's wires. Thus, to securely evaluate a circuit C in the presence of active adversaries, it suffices to apply the passive-secure protocol to C. We use this methodology to simplify feasibility results and attain efficiency improvements in several standard MPC models.

show abstract

Section: Overviewmentioning

confidence: 99%

Circuits resilient to additive attacks with applications to secure computation

Genkin

Ishai

Prabhakaran

et al. 2014

Proceedings of the Forty-Sixth Annual ACM Symposium on Theory of Computing

View full text Add to dashboard Cite

show abstract

“…More specifically, in each run of the circuit we allow the adversary to specify a set of tampering instructions, where each instruction is of the form: Set a wire (or a memory gate) to 0 or 1, or toggle with the value on a wire (or a memory gate). However, in contrast to [37], where the tampering rate achieved is 1/|C|, where |C| is the size of the original circuit, we allow the adversary to tamper with any 1/ poly(k)-fraction of wires and memory gates in the circuit, where k is security parameter and poly(k) is independent of the size of the original circuit. We note that the recent work of [12] gave a construction that is resilient to constant tampering rate.…”

Section: Class Of Tampering Functionsmentioning

confidence: 99%

“…There has been little work on constructing circuits resilient to adversarial faults, while guaranteeing correctness. The main works in this arena are those of Kalai et al [37], Kleitnam et al [40], and Gál and Szegedy [27]. The works of [40] and [37] consider a different model where the only type of faults allowed are short-circuiting gates.…”

Section: Related Workmentioning

confidence: 99%

“…The main works in this arena are those of Kalai et al [37], Kleitnam et al [40], and Gál and Szegedy [27]. The works of [40] and [37] consider a different model where the only type of faults allowed are short-circuiting gates. [27] consider a model that allows arbitrary faults on gates, and show how to construct tamper-resilient circuits for symmetric Boolean functions.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Securing Circuits and Protocols against 1/poly(k) Tampering Rate

Dachman-Soled

Kalai

2014

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

In this work we present an efficient compiler that converts any circuit C into one that is resilient to tampering with 1/ poly(k) fraction of the wires, where k is a security parameter independent of the size of the original circuit |C|. Our tampering model is similar to the one proposed by Ishai et al. (Eurocrypt, 2006) where a tampering adversary may tamper with any wire in the circuit (as long as the overall number of tampered wires is bounded), by setting it to 0 or 1, or by toggling with it. Our result improves upon that of Ishai et al. which only allowed the adversary to tamper with 1/|C| fraction of the wires.Our result is built on a recent result of Dachman-Soled and Kalai (Crypto, 2012), who constructed tamper resilient circuits in this model, tolerating a constant tampering rate. However, their tampering adversary may learn logarithmically many bits of sensitive information. In this work, we avoid this leakage of sensitive information, while still allowing leakage rate that is independent of the circuit size. We mention that the result of Dachman-Soled and Kalai (Crypto, 2012) is only for Boolean circuits (that output a single bit), and for circuits that output k bits, their tampering-rate becomes 1/O(k). Thus for cryptographic circuits (that output k bits), our result strictly improves over (Dachman-Soled and Kalai, Crypto, 2012).In this work, we also show how to generalize this result to the setting of twoparty protocols, by constructing a general 2-party computation protocol (for any functionality) that is secure against a tampering adversary, who in addition to corrupting a party may tamper with 1/ poly(k)-fraction of the wires of the computation of the honest party and the bits communicated during the protocol.

show abstract

“…According to [16], their model was influenced by the work of Brody et al[7] on space-bounded complexity. Moreover, low-memory robust simulation of interactive protocols has applications in robust circuits design [19,20,24], where the details are described in [16].…”

mentioning

confidence: 99%

Small Memory Robust Simulation of Client-Server Interactive Protocols over Oblivious Noisy Channels

Chan¹,

Liang²,

Polychroniadou³

et al. 2020

Proceedings of the Fourteenth Annual ACM-SIAM Symposium on Discrete Algorithms

View full text Add to dashboard Cite

We revisit the problem of low-memory robust simulation of interactive protocols over noisy channels. Haeupler [FOCS 2014] considered robust simulation of two-party interactive protocols over oblivious, as well as adaptive, noisy channels. Since the simulation does not need to have fixed communication pattern, the achieved communication rates can circumvent the lower bound proved by Kol and Raz [STOC 2013]. However, a drawback of this approach is that each party needs to remember the whole history of the simulated transcript. In a subsequent manuscript, Haeupler and Resch considered low-memory simulation. The idea was to view the original protocol as a computational DAG and only the identities of the nodes are saved (as opposed to the whole transcript history) for backtracking to reduce memory usage.In this paper, we consider low-memory robust simulation of more general client-server interactive protocols, in which a leader communicates with other members/servers, who do not communicate among themselves; this setting can be applied to information-theoretic multi-server Private Information Retrieval (PIR) schemes. We propose an information-theoretic technique that converts any correct PIR protocol that assumes reliable channels, into a protocol which is both correct and private in the presence of a noisy channel while keeping the space complexity to a minimum. Despite the huge attention that PIR protocols have received in the literature, the existing works assume that the parties communicate using noiseless channels.Moreover, we observe that the approach of Haeupler and Resch to just save the nodes in the aforementioned DAG without taking the transcript history into account will lead to a correctness issue even for oblivious corruptions. We resolve this issue by saving hashes of prefixes of past transcripts. Departing from the DAG representation also allows us to accommodate scenarios where a party can simulate its part of the protocol without any extra knowledge (such as the DAG representation of the whole protocol). In the the two-party setting, our simulation has the same dependence on the error rate as in the work of Haeupler, and in the client-server setting it also depends on the number of servers. Furthermore, since our approach does not remember the complete transcript history, our current technique can defend only against oblivious corruptions.1. If protocol Π is run where the communication channel between Alice and each Bob has oblivious error rate , then, except with probability δ, Π correctly simulates Π.2. In Π , for each (noisy) communication channel, the number of bits transmitted is at most3. If party X has a memory usage of M X bits and is involved in κ (= 1 for each Bob, or m for Alice) communication channels in Π, then its memory usage (in bits) in Π is at mostPaper Organization. While we are trying to give the precise results of this paper in the above description as soon as possible, readers unfamiliar with the formal definitions and settings can first refer to Section 2. The research backgroun...

show abstract

Formulas Resilient to Short-Circuit Errors

Cited by 13 publications

References 25 publications

Circuits resilient to additive attacks with applications to secure computation

Circuits resilient to additive attacks with applications to secure computation

Securing Circuits and Protocols against 1/poly(k) Tampering Rate

Small Memory Robust Simulation of Client-Server Interactive Protocols over Oblivious Noisy Channels

Contact Info

Product

Resources

About