Practical UC security with a Global Random Oracle

Canetti, Ran; Jain, Abhishek; Scafuro, Alessandra

doi:10.1145/2660267.2660374

Cited by 72 publications

(47 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We prove a composition theorem that establishes that protocols in our framework are secure in a universally composable fashion. Our composition proof treats the clock and ledger functionalities as global setups in the sense of [CDPW07,CJS14]. We emphasize that this is a critical design choice: the fact that the ledger is a global functionality ensures that any penalties that are incurred to the adversary that result to credits towards the honest parties will be globally recognized.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fair and Robust Multi-party Computation Using a Global Transaction Ledger

Kiayias

Zhou

Zikas

2016

Lecture Notes in Computer Science

123

View full text Add to dashboard Cite

Classical results on secure multi-party computation (MPC) imply that fully secure computation, including fairness (either all parties get output or none) and robustness (output delivery is guaranteed), is impossible unless a majority of the parties is honest. Recently, cryptocurrencies like Bitcoin where utilized to leverage the fairness loss in MPC against a dishonest majority. The idea is that when the protocol aborts in an unfair manner (i.e., after the adversary receives output) then honest parties get compensated by the adversarially controlled parties.Our contribution is three-fold. First, we put forth a new formal model of secure MPC with compensation and we show how the introduction of suitable ledger and synchronization functionalities makes it possible to express completely such protocols using standard interactive Turing machines (ITM) circumventing the need for the use of extra features that are outside the standard model as in previous works. Second, our model, is expressed in the universal composition setting with global setup and is equipped with a composition theorem that enables the design of protocols that compose safely with each other and within larger environments where other protocols with compensation take place; a composition theorem for MPC protocols with compensation was not known before. Third, we introduce the first robust MPC protocol with compensation, i.e., an MPC protocol where not only fairness is guaranteed (via compensation) but additionally the protocol is guaranteed to deliver output to the parties that get engaged and therefore the adversary, after an initial round of deposits, is not even able to mount a denial of service attack without having to su↵er a monetary penalty. Importantly, our robust MPC protocol requires only a constant number of (coin-transfer and communication) rounds.

show abstract

Section: Introductionmentioning

confidence: 99%

“…In our work we utilize global functionalities for universal composition (without the deniability aspect) as in [CJS14] where a similar approach was taken for the case of the use of the random oracle as a global setup functionality for MPC.…”

Section: Introductionmentioning

confidence: 99%

Fair and Robust Multi-party Computation Using a Global Transaction Ledger

Kiayias

Zhou

Zikas

2016

Lecture Notes in Computer Science

123

View full text Add to dashboard Cite

show abstract

“…Also, we focus on the SCC model and while our protocols do not require rewinding in the proofs wrt coins or cryptographic primitivies, there are subtle issues while trying to guarantee universal composability in the programmable random oracle model. See [10] for more extensive discussion. Remark on cash distribution.…”

Section: Prmentioning

confidence: 99%

Improvements to Secure Computation with Penalties

Kumaresan

Vaikuntanathan

Vasudevan

2016

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that tolerate an arbitrary number of corruptions.In this work, we improve the efficiency of protocols for secure computation with penalties in a hybrid model where parties have access to the "claim-or-refund" transaction functionality. Our first improvement is for the ladder protocol of Bentov and Kumaresan (Crypto 2014) where we improve the dependence of the script complexity of the protocol (which corresponds to miner verification load and also space on the blockchain) on the number of parties from quadratic to linear (and in particular, is completely independent of the underlying function). Our second improvement is for the see-saw protocol of Kumaresan et al. (CCS 2015) where we reduce the total number of claim-or-refund transactions and also the script complexity from quadratic to linear in the number of parties.We also present a 'dual-mode' protocol that offers different guarantees depending on the number of corrupt parties: (1) when s < n/2 parties are corrupt, this protocol guarantees fairness (i.e., either all parties get the output or none do), and (2) when t > n/2 parties are corrupt, this protocol guarantees fairness with penalties (i.e., if the adversary gets the output, then either the honest parties get output as well or they get compensation via penalizing the adversary). The above protocol works as long as t + s < n, matching the bound obtained for secure computation protocols in the standard model (i.e., replacing "fairness with penalties" with "securitywith-abort" (full security except fairness)) by Ishai et al. (SICOMP 2011).

show abstract

“…Similarly, the authors of [14] use FHE circuits for outsourcing execution to the cloud, and further discuss the requirement of selective decryptions in order to detect termination of FHE encrypted programs (called the termination problem). In [53], the authors demonstrate general function evaluation and zero-knowledge protocols focusing on universally composable security, while [15] leverages homomorphic hashing for verifiable computation delegation.…”

Section: Related Workmentioning

confidence: 99%

Cryptoleq: A Heterogeneous Abstract Machine for Encrypted and Unencrypted Computation

Mazonka

Tsoutsos

Maniatakos

2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

The rapid expansion and increased popularity of cloud computing comes with no shortage of privacy concerns about outsourcing computation to semi-trusted parties. Leveraging the power of encryption, in this paper we introduce Cryptoleq: an abstract machine based on the concept of One Instruction Set Computer, capable of performing general-purpose computation on encrypted programs. The program operands are protected using the Paillier partially homomorphic cryptosystem, which supports addition on the encrypted domain. Full homomorphism over addition and multiplication, which is necessary for enabling general-purpose computation, is achieved by inventing a heuristically obfuscated software re-encryption module written using Cryptoleq instructions and blended into the executing program. Cryptoleq is heterogeneous, allowing mixing encrypted and unencrypted instruction operands in the same program memory space. Programming with Cryptoleq is facilitated using an enhanced assembly language that allows development of any advanced algorithm on encrypted datasets. In our evaluation, we compare Cryptoleq's performance against a popular fully homomorphic encryption library, and demonstrate correctness using a typical Private Information Retrieval problem.

show abstract

Practical UC security with a Global Random Oracle

Cited by 72 publications

References 35 publications

Fair and Robust Multi-party Computation Using a Global Transaction Ledger

Fair and Robust Multi-party Computation Using a Global Transaction Ledger

Improvements to Secure Computation with Penalties

Cryptoleq: A Heterogeneous Abstract Machine for Encrypted and Unencrypted Computation

Contact Info

Product

Resources

About