[PDF] Top 20 Adaptively Secure Computation with Partial Erasures

... for secure computation was one of a static adversary where the adversary controls a subset of the parties (who are called corrupted) before the protocol begins, and this subset cannot ...of ... See full document

... In more details, each ITM is initialized with the security parameter κ and random coins, where the environment receives an additional auxiliary input. The protocol proceeds by a sequence of activations, where the ... See full document

... multi-party computation (MPC) protocols allow a set of mutually distrustful parties to engage in a joint computation for evaluating an agreed-upon function of their local inputs, while preserving the ... See full document

... where m is an upper bound on the number of output wires, and λ is the length of the random tokens used in the dual-key cipher. Proof (Sketch). Our proof combines the proof strategies of Bellare et al. [10] for ... See full document

... While we did not attempt to optimize the concrete efficiency of our constructions, they seem to be reasonably practical for some natural application scenarios. To give a rough idea of practical feasibility, consider a ... See full document

... Simulating regression model evaluation. In the first use-case, we do not assume that the vectors have a special structure. The vectors to be multiplied can correspond to data and weight vectors of a binary regression ... See full document

... of computation from one party to an- other; that is, using delegation, the sender can compute both the correct result of some (possibly expensive) computation on a receiver’s input and a (short) proof which ... See full document

... Step Circuits. To understand our construction, it is best to view the circuit C as a sequence of step circuits. In more details, we will consider C as a sequence of step circuits along with a database/memory D. For ... See full document

... In the context of threshold cryptography, adaptive security has been addressed in a large body of work [20,31,44,48,1,6]. These techniques, however, require interaction (except in some cases in which all players always ... See full document

... Currently, the most efficient IBE scheme that is known is due to Jutla and Roy [JR13] (actually a simple variant of their original proposal is the IBE of choice). In this work, we investigate the possibility of ... See full document

... FHE has several applications. As just one example, FHE can be used to construct simple protocols for secure computation. We restrict ourselves to the two-party setting with honest-but- curious parties. (In ... See full document

... an adaptively secure garbling scheme with low on-line ...of adaptively secure garbled circuit, we can instantiate the scheme of [LR14] in the standard model, where the on-line complexity of ... See full document

... Jawurek et al. [JKO13] construct a UC-secure ZK protocol (referred to as ZKGC henceforth) using garbled circuits as the primary building block. The communication required for their protocol is linear in the size ... See full document

... Now we roughly argue that the protocol above is secure in the adaptive setting. Firstly, we require that the adversary cannot output a Hamiltonian cycle generated in an execution of the above protocol as long as V ... See full document

... of adaptively secure protocols; for example, adaptively secure public-key encryption is fairly simple and efficient [3] if erasure is assumed, but much more complicated (and much less efficient) ... See full document

... Proof. The outline of the proof is the following. First, we give a description of our simulator. Then we prove that no environment can distinguish between a real execution and a simulation. We do this in two steps. In ... See full document

... Our Equivocal fully homomorphic encryption scheme consists of a tuple (KeyGen, KeyGen ∗ , QEnc, Rand, Eval, Dec, Equiv) of algorithms where the syntax of the procedures (KeyGen, QEnc, Eval, Dec) is defined as in the ... See full document

... Adaptive security. It is known by now that security against adaptive attacks captures important real- world concerns that are not addressed by static corruptions. For instance, such attacks capture scenarios where ... See full document

... With the goal of explaining intuition [GGHR14] better we will describe the ideas assuming we have access to VBB obfuscation, rather than just indistinguishability obfuscation. We start by noting that two rounds of ... See full document

... for secure multi-party computation [GMW87,Gol04], and a bit-OT protocol with O(1) communication complexity implies secure computation with constant overhead using GMW, and even with active ... See full document