-
Bounded Simultaneous Messages
Authors:
Andrej Bogdanov,
Krishnamoorthy Dinesh,
Yuval Filmus,
Yuval Ishai,
Avi Kaplan,
Sruthi Sekar
Abstract:
We consider the following question of bounded simultaneous messages (BSM) protocols: Can computationally unbounded Alice and Bob evaluate a function $f(x,y)$ of their inputs by sending polynomial-size messages to a computationally bounded Carol? The special case where $f$ is the mod-2 inner-product function and Carol is bounded to AC$^0$ has been studied in previous works. The general question can…
▽ More
We consider the following question of bounded simultaneous messages (BSM) protocols: Can computationally unbounded Alice and Bob evaluate a function $f(x,y)$ of their inputs by sending polynomial-size messages to a computationally bounded Carol? The special case where $f$ is the mod-2 inner-product function and Carol is bounded to AC$^0$ has been studied in previous works. The general question can be broadly motivated by applications in which distributed computation is more costly than local computation, including secure two-party computation.
In this work, we initiate a more systematic study of the BSM model, with different functions $f$ and computational bounds on Carol. In particular, we give evidence against the existence of BSM protocols with polynomial-size Carol for naturally distributed variants of NP-complete languages.
△ Less
Submitted 21 December, 2023; v1 submitted 30 September, 2023;
originally announced October 2023.
-
Locality-Preserving Hashing for Shifts with Connections to Cryptography
Authors:
Elette Boyle,
Itai Dinur,
Niv Gilboa,
Yuval Ishai,
Nathan Keller,
Ohad Klein
Abstract:
Can we sense our location in an unfamiliar environment by taking a sublinear-size sample of our surroundings? Can we efficiently encrypt a message that only someone physically close to us can decrypt? To solve this kind of problems, we introduce and study a new type of hash functions for finding shifts in sublinear time. A function $h:\{0,1\}^n\to \mathbb{Z}_n$ is a $(d,δ)$ {\em locality-preservin…
▽ More
Can we sense our location in an unfamiliar environment by taking a sublinear-size sample of our surroundings? Can we efficiently encrypt a message that only someone physically close to us can decrypt? To solve this kind of problems, we introduce and study a new type of hash functions for finding shifts in sublinear time. A function $h:\{0,1\}^n\to \mathbb{Z}_n$ is a $(d,δ)$ {\em locality-preserving hash function for shifts} (LPHS) if: (1) $h$ can be computed by (adaptively) querying $d$ bits of its input, and (2) $\Pr [ h(x) \neq h(x \ll 1) + 1 ] \leq δ$, where $x$ is random and $\ll 1$ denotes a cyclic shift by one bit to the left. We make the following contributions.
* Near-optimal LPHS via Distributed Discrete Log: We establish a general two-way connection between LPHS and algorithms for distributed discrete logarithm in the generic group model. Using such an algorithm of Dinur et al. (Crypto 2018), we get LPHS with near-optimal error of $δ=\tilde O(1/d^2)$. This gives an unusual example for the usefulness of group-based cryptography in a post-quantum world. We extend the positive result to non-cyclic and worst-case variants of LPHS.
* Multidimensional LPHS: We obtain positive and negative results for a multidimensional extension of LPHS, making progress towards an optimal 2-dimensional LPHS.
* Applications: We demonstrate the usefulness of LPHS by presenting cryptographic and algorithmic applications. In particular, we apply multidimensional LPHS to obtain an efficient "packed" implementation of homomorphic secret sharing and a sublinear-time implementation of location-sensitive encryption whose decryption requires a significantly overlapping view.
△ Less
Submitted 9 January, 2022;
originally announced January 2022.
-
On the Download Rate of Homomorphic Secret Sharing
Authors:
Ingerid Fosli,
Yuval Ishai,
Victor I. Kolobov,
Mary Wootters
Abstract:
A homomorphic secret sharing (HSS) scheme is a secret sharing scheme that supports evaluating functions on shared secrets by means of a local mapping from input shares to output shares. We initiate the study of the download rate of HSS, namely, the achievable ratio between the length of the output shares and the output length when amortized over $\ell$ function evaluations. We obtain the following…
▽ More
A homomorphic secret sharing (HSS) scheme is a secret sharing scheme that supports evaluating functions on shared secrets by means of a local mapping from input shares to output shares. We initiate the study of the download rate of HSS, namely, the achievable ratio between the length of the output shares and the output length when amortized over $\ell$ function evaluations. We obtain the following results.
* In the case of linear information-theoretic HSS schemes for degree-$d$ multivariate polynomials, we characterize the optimal download rate in terms of the optimal minimal distance of a linear code with related parameters. We further show that for sufficiently large $\ell$ (polynomial in all problem parameters), the optimal rate can be realized using Shamir's scheme, even with secrets over $\mathbb{F}_2$.
* We present a general rate-amplification technique for HSS that improves the download rate at the cost of requiring more shares. As a corollary, we get high-rate variants of computationally secure HSS schemes and efficient private information retrieval protocols from the literature.
* We show that, in some cases, one can beat the best download rate of linear HSS by allowing nonlinear output reconstruction and $2^{-Ω(\ell)}$ error probability.
△ Less
Submitted 30 May, 2022; v1 submitted 19 November, 2021;
originally announced November 2021.
-
Lightweight Techniques for Private Heavy Hitters
Authors:
Dan Boneh,
Elette Boyle,
Henry Corrigan-Gibbs,
Niv Gilboa,
Yuval Ishai
Abstract:
This paper presents Poplar, a new system for solving the private heavy-hitters problem. In this problem, there are many clients and a small set of data-collection servers. Each client holds a private bitstring. The servers want to recover the set of all popular strings, without learning anything else about any client's string. A web-browser vendor, for instance, can use Poplar to figure out which…
▽ More
This paper presents Poplar, a new system for solving the private heavy-hitters problem. In this problem, there are many clients and a small set of data-collection servers. Each client holds a private bitstring. The servers want to recover the set of all popular strings, without learning anything else about any client's string. A web-browser vendor, for instance, can use Poplar to figure out which homepages are popular, without learning any user's homepage. We also consider the simpler private subset-histogram problem, in which the servers want to count how many clients hold strings in a particular set without revealing this set to the clients.
Poplar uses two data-collection servers and, in a protocol run, each client send sends only a single message to the servers. Poplar protects client privacy against arbitrary misbehavior by one of the servers and our approach requires no public-key cryptography (except for secure channels), nor general-purpose multiparty computation. Instead, we rely on incremental distributed point functions, a new cryptographic tool that allows a client to succinctly secret-share the labels on the nodes of an exponentially large binary tree, provided that the tree has a single non-zero path. Along the way, we develop new general tools for providing malicious security in applications of distributed point functions.
△ Less
Submitted 23 March, 2023; v1 submitted 29 December, 2020;
originally announced December 2020.
-
Function Secret Sharing for PSI-CA:With Applications to Private Contact Tracing
Authors:
Samuel Dittmer,
Yuval Ishai,
Steve Lu,
Rafail Ostrovsky,
Mohamed Elsabagh,
Nikolaos Kiourtis,
Brian Schulte,
Angelos Stavrou
Abstract:
In this work we describe a token-based solution to Contact Tracing via Distributed Point Functions (DPF) and, more generally, Function Secret Sharing (FSS). The key idea behind the solution is that FSS natively supports secure keyword search on raw sets of keywords without a need for processing the keyword sets via a data structure for set membership. Furthermore, the FSS functionality enables add…
▽ More
In this work we describe a token-based solution to Contact Tracing via Distributed Point Functions (DPF) and, more generally, Function Secret Sharing (FSS). The key idea behind the solution is that FSS natively supports secure keyword search on raw sets of keywords without a need for processing the keyword sets via a data structure for set membership. Furthermore, the FSS functionality enables adding up numerical payloads associated with multiple matches without additional interaction. These features make FSS an attractive tool for lightweight privacy-preserving searching on a database of tokens belonging to infected individuals.
△ Less
Submitted 23 December, 2020;
originally announced December 2020.
-
Outsourcing Private Machine Learning via Lightweight Secure Arithmetic Computation
Authors:
Siddharth Garg,
Zahra Ghodsi,
Carmit Hazay,
Yuval Ishai,
Antonio Marcedone,
Muthuramakrishnan Venkitasubramaniam
Abstract:
In several settings of practical interest, two parties seek to collaboratively perform inference on their private data using a public machine learning model. For instance, several hospitals might wish to share patient medical records for enhanced diagnostics and disease prediction, but may not be able to share data in the clear because of privacy concerns. In this work, we propose an actively secu…
▽ More
In several settings of practical interest, two parties seek to collaboratively perform inference on their private data using a public machine learning model. For instance, several hospitals might wish to share patient medical records for enhanced diagnostics and disease prediction, but may not be able to share data in the clear because of privacy concerns. In this work, we propose an actively secure protocol for outsourcing secure and private machine learning computations. Recent works on the problem have mainly focused on passively secure protocols, whose security holds against passive (`semi-honest') parties but may completely break down in the presence of active (`malicious') parties who can deviate from the protocol. Secure neural networks based classification algorithms can be seen as an instantiation of an arithmetic computation over integers.
We showcase the efficiency of our protocol by applying it to real-world instances of arithmetized neural network computations, including a network trained to perform collaborative disease prediction.
△ Less
Submitted 4 December, 2018;
originally announced December 2018.
-
Secure Arithmetic Computation with No Honest Majority
Authors:
Yuval Ishai,
Manoj Prabhakaran,
Amit Sahai
Abstract:
We study the complexity of securely evaluating arithmetic circuits over finite rings. This question is motivated by natural secure computation tasks. Focusing mainly on the case of two-party protocols with security against malicious parties, our main goals are to: (1) only make black-box calls to the ring operations and standard cryptographic primitives, and (2) minimize the number of such black…
▽ More
We study the complexity of securely evaluating arithmetic circuits over finite rings. This question is motivated by natural secure computation tasks. Focusing mainly on the case of two-party protocols with security against malicious parties, our main goals are to: (1) only make black-box calls to the ring operations and standard cryptographic primitives, and (2) minimize the number of such black-box calls as well as the communication overhead.
We present several solutions which differ in their efficiency, generality, and underlying intractability assumptions. These include:
1. An unconditionally secure protocol in the OT-hybrid model which makes a black-box use of an arbitrary ring $R$, but where the number of ring operations grows linearly with (an upper bound on) $\log|R|$.
2. Computationally secure protocols in the OT-hybrid model which make a black-box use of an underlying ring, and in which the number of ring operations does not grow with the ring size. These results extend a previous approach of Naor and Pinkas for secure polynomial evaluation (SIAM J. Comput., 35(5), 2006).
3. A protocol for the rings $\mathbb{Z}_m=\mathbb{Z}/m\mathbb{Z}$ which only makes a black-box use of a homomorphic encryption scheme. When $m$ is prime, the (amortized) number of calls to the encryption scheme for each gate of the circuit is constant.
All of our protocols are in fact UC-secure in the OT-hybrid model and can be generalized to multiparty computation with an arbitrary number of malicious parties.
△ Less
Submitted 8 November, 2008; v1 submitted 4 November, 2008;
originally announced November 2008.