[PDF] Top 20 From Fairness to Full Security in Multiparty Computation

... secure multiparty computation (MPC), a set of mutually distrusting parties wish to jointly compute a function of their inputs, while guaranteeing the privacy of their local inputs and the correctness of the ... See full document

... semi-honest security see Section 3 for the general ...begin from the naive protocol where each party just sends over the paths in I to the evaluator whatever message it was supposed to send in the ... See full document

... compromised from the start or remain compromised throughout), the Yao garbled circuit protocol [Yao 86 , Rog 91 ] provides a classic two-message solution with no trusted setup other than authenticated ...provide ... See full document

... with full security [3, 7, 15]. However, the security of known protocols totally collapses when this assumption does not hold; in particular, the adversary can learn the inputs of the honest ... See full document

... significant patterns/rules/results from a set of large amount of data stored in databases, data warehouse or in other information repositories. Even though the focus on data- mining technology has been on the ... See full document

... Broadcast (introduced by Lamport et al. [24] as the Byzantine Generals problem) allows any party to deliver a message of its choice to all parties, such that all honest parties will receive the same message even if the ... See full document

... semi-honest security model we relax the standard ideal model for eval- uating f by first requiring all parties to send their inputs to the functionality f , then having f deliver the outputs to the honest parties, ... See full document

... In [GS17], this idea was implemented by constructing a special purpose witness encryption [GGSW13, BH15, GOVW12, CDG + 17, DG17] using specific algebraic properties of non-interactive zero- knowledge (NIZK) proofs by ... See full document

... provides security guarantees which are slightly different from the security guarantees provided by the generic SMC ...inferred from the result and the partitioned data ...inferred from ... See full document

... prove security in spite of this small leakage, we need to rely on slightly leakage-resilient PRF and HSS, which can both be constructed from DDH-based primitives using standard ...the full version ... See full document

... as multiparty computation, which may be impossible in many actual use cases (for instance due to the high level of communication ...emerges from our analysis, that is, the implementation of ... See full document

... In the method, Server 1 computes two averages for sub- jects A and B as (22 + 24)/2 and (32 + 37)/2, respectively. Likewise, Server 2 computes two averages for subjects A and B as (40 + 13)/2 and (40 + 45)/2, ... See full document

... also increases the vulnerability of private data, e.g., potential data breach and lost. Under current cloud architecture, the content of outsourced image data will inevitably be leaked to CSPs. In this case, the leaked ... See full document

... adaptive security and on the other hand, we need to minimize the number of public key ...that full blown adaptive security is not needed in garbling C B ... See full document

... claim that this principle can likewise be made used for a new error-tolerant as well as for irreversible encrypted key. The paper [7] gives technique of statically informed create to bloom filter encodings which has bits ... See full document

... that security proofs require a simulator that simulates proofs of honest parties (zero-knowledgeness) and extracts witnesses of corrupted parties (sound- ... See full document

... Solution. Essentially we solve the above problem by two steps. We first show that the “basic” protocol as described above is already secure when there is exactly one honest party. Then, later in Sec. 6.2 we extend the ... See full document

... ideas from the “early” DPA literature (see [19] for a sur- vey) 1 ...scheme from CHES 2010 [26] (next denoted as RivP), its optimization by Kim et ...Prouff from CHES 2011 [27] (next denoted as ... See full document

... roots from the fact that the amortized communication done by each party for the evaluation of a multiplication gate is independent of ...passive security setting [18] does not achieve amortized ... See full document

... tive security suffice for our application in section 4, we require adaptive garbled circuits in section ...circuits from one-way functions. We refer the reader to [5] or the full version of our paper ... See full document