On-Line/Off-Line Leakage Resilient Secure Computation Protocols

نویسندگان

  • Chaya Ganesh
  • Vipul Goyal
  • Satyanarayana V. Lokam
چکیده

We study the question of designing leakage-resilient secure computation protocols. Our model is that of only computation leaks information with a leak-free input encoding phase. In more detail, we assume an offline phase called the input encoding phase in which each party encodes its input in a specified format. This phase is assumed to be free of any leakage and may or may not depend upon the function that needs to be jointly computed by the parties. Then finally, we have a secure computation phase in which the parties exchange messages with each other. In this phase, the adversary gets access to a leakage oracle which allows it to download a function of the computation transcript produced by an honest party to compute the next outgoing message. We present two main constructions of secure computation protocols in the above model. Our first construction is based only on the existence of (semi-honest) oblivious transfer. This construction employs an encoding phase which is dependent of the function to be computed (and the size of the encoded input is dependent on the size of the circuit of the function to be computed). Our second construction has an input encoding phase independent of the function to be computed. Hence in this construction, the parties can simple encode their input and store it as soon as it is received and then later on run secure computation for any function of their choice. Both of the above constructions, tolerate complete leakage in the secure computation phase. Our second construction (with a function independent input encoding phase) makes use of a fully homomorphic encryption scheme. A natural question that arises is “can a leakage-resilient secure computation protocol with function independent input encoding be based on simpler and weaker primitives?”. Towards that end, we show that any such construction would imply a secure two-party computation protocol with sub-linear communication complexity (in fact, communication complexity independent of the size of the function being computed). Finally, we also show how to extend our constructions for the continual leakage case where there is: a one time leak-free input encoding phase, a leaky secure computation phase which could be run multiple times for different functionalities (but the same input vector), and, a leaky refresh phase after each secure computation phase where the input is “re-encoded”. ∗IIT Madras, [email protected]. Work done in part while visiting Microsoft Research, India. †Microsoft Research, India, [email protected]. ‡Microsoft Research, India, [email protected].

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

New Approach to Practical Leakage-Resilient Public-Key Cryptography

We present a new approach to construct several leakage-resilient cryptographic primitives, including leakage-resilient public-key encryption (PKE) schemes, authenticated key exchange (AKE) protocols and low-latency key exchange (LLKE) protocols. To this end, we introduce a new primitive called leakage-resilient non-interactive key exchange (LR-NIKE) protocol. We introduce a generic security mod...

متن کامل

A Simple Leakage-Resilient Authenticated Key Establishment Protocol, Its Extensions, and Applications

Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review the previous AKE protocols, all of which turn out to be insecure, under the following realistic assumptions: (1) High-entropy secrets that should be stored on devices may leak out due to accidents such as bugs or m...

متن کامل

An Efficient and Leakage-Resilient RSA-Based Authenticated Key Exchange Protocol with Tight Security Reduction

Both mutual authentication and generation of session keys can be accomplished by an authenticated key exchange (AKE) protocol. Let us consider the following situation: (1) a client, who communicates with many different servers, remembers only one password and has insecure devices (e.g., mobile phones or PDAs) with very-restricted computing power and built-in memory capacity; (2) the counterpart...

متن کامل

On the Orthogonal Vector Problem and the Feasibility of Unconditionally Secure Leakage-Resilient Computation

We consider unconditionally secure leakage resilient two-party computation, where security means that the leakage obtained by an adversary can be simulated using a similar amount of leakage from the private inputs or outputs. A related problem is known as circuit compilation, where there is only one device doing a computation on public input and output. Here the goal is to ensure that the adver...

متن کامل

Leakage Resilient Secure Two-Party Computation

In the traditional secure function evaluation setting, some set of distrusting parties jointly compute a function of their respective inputs securely as if the computation is executed in an ideal setting where the parties send inputs to a trusted party that performs the computation and returns its result. Almost independently of secure computation, the area of leakage resilient cryptography has...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012