1 Vipul Goyal Abhishek Jain UCLA UCLA On the Round Complexity of Covert Computation
On the Round Complexity of Covert Computation
Feb 25, 2016
On the Round Complexity of Covert Computation. Vipul Goyal Abhishek Jain. UCLA UCLA. Covert Computation. Strengthening of the notion of secure computation, introduced by Ahn-Hopper-Langford’05 Talk about privacy of not just input but also whether a party participated in the protocol or not - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Vipul GoyalAbhishek Jain
UCLAUCLA
On the Round Complexity of Covert Computation
2
Covert Computation• Strengthening of the notion of secure computation,
introduced by Ahn-Hopper-Langford’05
• Talk about privacy of not just input but also whether a party participated in the protocol or not
• Covert computation has similar relation to secure computation as stenographic communication has to encrypted communication
3
Example: Secret Handshake• Two (secret) hackers on the internet
I suspect he is a member of the
hacker group as well. Secure 2pc?
4
Example: Secret Handshake
Lets run 2pc to see if we are both
hackers he is a hacker!!
5
Secret Handshake contd..
If only there was a better
protocol
6
Ideally
Internet is such a great resource, I learn so much
Completely agree, helps me get good grades in college
We are both hackers !!
7
Covert Computation• Parties talk as usual and hide protocol messages in
the normal “innocent looking” conversation
• In the end, if:– everyone participated– output favorable (certificates matched)
output and participation revealed to everyone
• Else, nobody knows who participated (parties just see normal messages)
8
More technically• The protocol messages “hidden” in the innocent
conversation need to look random (otherwise participation revealed) [vAHL05]
• Thus: design an MPC protocol w/ messages indistinguishable from random (except when everyone participating and function output favorable, final messages will not look random)
• Various standard tools like ZK break down
9
Covert Computation• Ahn-Hopper-Langford’05: two party
• Chandran-Goyal-Ostrovsky-Sahai’07: multi-party assuming a broadcast channel
• Polynomial number of rounds (in s.p., depth of circuit)
• This work: focus on round complexity, feasibility for point to point channels
10
Covert MPC w/ point to point channels
• Point to point channel: communication using, e.g., individual emails (as opposed to a mailing list)– Standard techniques for MPC w/ point to point channels inherently
break down
Internet is such a great resource, I learn so much
Internet is such a great resource, I learn so much
he said the same thing!!
11
Our Results• We first consider the round complexity of covert
computation:– w/ black-box simulation: constant round covert two-party
computation impossible– non black-box simulation: constant round covert multi-
party computation. Techniques:• two slot simulation technique [Pass’04, Barak’01]• crypto in NC0 [Applebaum-Ishai-Kushilevitz’04]
• We observe that our constant round MPC protocol inherits bounded concurrency from Pass’04– use this to show feasibility for covert MPC w/ point to point
channels for a constant number of parties
12
Covert MPC w/ Point to Point Channels
• Recall: we need protocol to run w/o more than 2 parties agreeing on a message
x1 x2x3
(x1, x2)
13
High level idea contd..
S
2-bounded
4-bounded
(x1, …, x4) (x5, …, x8)
A CB D
14
Thank You!
Related Documents
