1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation
Post on 15-Dec-2015
Embed Size (px)
- Slide 1
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation Slide 2 2 Covert Computation Strengthening of the notion of secure computation, introduced by Ahn-Hopper-Langford05 Talk about privacy of not just input but also whether a party participated in the protocol or not Covert computation has similar relation to secure computation as stenographic communication has to encrypted communication Slide 3 3 Example: Secret Handshake Two (secret) hackers on the internet I suspect he is a member of the hacker group as well. Secure 2pc? Slide 4 4 Example: Secret Handshake Lets run 2pc to see if we are both hackers he is a hacker!! Slide 5 5 Secret Handshake contd.. If only there was a better protocol Slide 6 6 Ideally Internet is such a great resource, I learn so much Completely agree, helps me get good grades in college We are both hackers !! Slide 7 7 Covert Computation Parties talk as usual and hide protocol messages in the normal innocent looking conversation In the end, if: everyone participated output favorable (certificates matched) output and participation revealed to everyone Else, nobody knows who participated (parties just see normal messages) Slide 8 8 More technically The protocol messages hidden in the innocent conversation need to look random (otherwise participation revealed) [vAHL05] Thus: design an MPC protocol w/ messages indistinguishable from random (except when everyone participating and function output favorable, final messages will not look random) Various standard tools like ZK break down Slide 9 9 Covert Computation Ahn-Hopper-Langford05: two party Chandran-Goyal-Ostrovsky-Sahai07: multi-party assuming a broadcast channel Polynomial number of rounds (in s.p., depth of circuit) This work: focus on round complexity, feasibility for point to point channels Slide 10 10 Covert MPC w/ point to point channels Point to point channel: communication using, e.g., individual emails (as opposed to a mailing list) Standard techniques for MPC w/ point to point channels inherently break down Internet is such a great resource, I learn so much he said the same thing!! Slide 11 11 Our Results We first consider the round complexity of covert computation: w/ black-box simulation: constant round covert two-party computation impossible non black-box simulation: constant round covert multi- party computation. Techniques: two slot simulation technique [Pass04, Barak01] crypto in NC0 [Applebaum-Ishai-Kushilevitz04] We observe that our constant round MPC protocol inherits bounded concurrency from Pass04 use this to show feasibility for covert MPC w/ point to point channels for a constant number of parties Slide 12 12 Covert MPC w/ Point to Point Channels Recall: we need protocol to run w/o more than 2 parties agreeing on a message x1x1 x2x2 x3x3 (x 1, x 2 ) Slide 13 13 High level idea contd.. S 2-bounded 4-bounded (x 1, , x 4 ) (x 5, , x 8 ) A C B D Slide 14 14 Thank You!