Secure Computation Based on Leaky Correlations: High Resilience Setting
نویسندگان
چکیده
Correlated private randomness, or correlation in short, is a fundamental cryptographic resource that helps parties compute securely over their private data. An offline preprocessing step, which is independent of the eventual secure computation, generates correlated secret shares for the parties and the parties use these shares during the final secure computation step. However, these secret shares are vulnerable to leakage attacks. Inspired by the quintessential problem of privacy amplification, Ishai, Kushilevitz, Ostrovsky, and Sahai (FOCS 2009) introduced the concept of correlation extractors. Correlation extractors are interactive protocols that take leaky correlations as input and produce secure independent copies of oblivious transfer (OT), the building blocks of secure computation protocols. Although their initial feasibility result is resilient to linear leakage and produces a linear number of “fresh” OTs, the constants involved are minuscule. The output of this correlation extractor can be used to perform only small secure computation tasks, because the number of OTs needed to evaluate a functionality securely is roughly proportional to its circuit size. Recently, Gupta, Ishai, Maji, and Sahai (CRYPTO 2015) constructed an extractor that is resilient to 1/4 fractional leakage and has near-linear production rate. They also constructed an extractor from a large correlation that has 1/2 fractional resilience but produces only one OT, which does not suffice to compute even constant size functionalities securely. In this paper, we show the existence of a correlation that produces n-bit shares for the parties and allows the extraction of n1−o(1) secure OTs, despite n/2 bits of leakage. The key technical idea is to embed several multiplications over a field into one multiplication over an extension field. The packing efficiency of this embedding directly translates into the production rate of our correlation extractor. Our work establishes a connection between this problem and a rich vein of research in additive combinatorics on constructing dense sets of integers that are free of arithmetic progressions, a.k.a. 3-free sets. We introduce a new combinatorial problem that suffices for our multiplication embedding, and produces concrete embeddings that beat the efficiency of the embeddings inspired by the reduction to 3-free sets. Finally, the paper introduces a graph-theoretic measure to upper-bound the leakage resilience of correlations, namely the simple partition number. This measure is similar in spirit to graph covering problems like the biclique partition number. If the simple partition number of a correlation is 2, then it is impossible to extract even one OT if parties can perform λ-bits of leakage. We compute tight estimates of the simple partition number of several correlations that are relevant to this paper, and, in particular, show that our extractor and the extractor for the large correlation by Gupta et al. have optimal leakage resilience and (qualitatively) optimal simulation error. ∗Department of Computer Science, Purdue University. [email protected]. †Department of Computer Science, Purdue University. [email protected]. ‡Department of Computer Science, Purdue University. [email protected].
منابع مشابه
Secure Two-Party Computation via Leaky Generalized Oblivious Transfer
We construct a very efficient protocol for constant round Two-Party Secure Function Evaluation based on general assumptions. We define and instantiate a leaky variant of Generalized Oblivious Transfer based on Oblivious Transfer and Commitment Schemes. The concepts of Garbling Schemes, Leaky Generalized Oblivious Transfer and Privacy Amplification are combined using the Cut-and-Choose paradigm ...
متن کاملSecure Computation using Leaky Correlations (Asymptotically Optimal Constructions)
Most secure computation protocols can be e ortlessly adapted to o oad a signi cant fraction of their computationally and cryptographically expensive components to an o ine phase so that the parties can run a fast online phase and perform their intended computation securely. During this o ine phase, parties generate private shares of a sample generated from a particular joint distribution, refer...
متن کاملRound-Optimal Correlation Extractors with Linear Production and Leakage Resilience
Correlated private randomness, or correlation, in short, is a fundamental cryptographic resource that enables secure computation over private data. An offline preprocessing step, independent of the eventual secure computation, generates correlated secret shares for parties that the parties use during the online secure computation phase. However, these secret shares are vulnerable to leakage att...
متن کاملPredicting Resilience in Students based on Happiness, Attachment Style, and Religious Attitude
Background and Objectives: Nowadays adolescents as the human capital of every society, in addition to the pressures of transition from adolescence period, are affected by environmental pressures, such as poverty, violence, and substance abuse. Given these factors, resilience plays an important role in this period. The present study aimed to investigate the role of happiness, attachment styles, ...
متن کاملSecure Computation Using Leaky Tokens
Leakage-proof hardware tokens have been used to achieve a large number of cryptographic tasks recently. But in real life, due to various physical attacks, it is extremely difficult to construct hardware devices that are guaranteed to be leakage-proof. In this paper, we study the feasibility of general two-party computation using leaky hardware tokens. Our main result is a completeness theorem t...
متن کامل