an efficient and probabilistic secure bit …rlu1/slide/20140523ximengliu.pdfoutline main references...
TRANSCRIPT
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
An Efficient and Probabilistic SecureBit-Decomposition
Reporter:Ximeng LiuSupervisor: Rongxing Lu
School of EEE, NTUhttp://www.ntu.edu.sg/home/rxlu/seminars.htm
May 22, 2014
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
1 Main References
2 Introduction
3 Problem Statement
4 Preliminaries
5 The proposal scheme
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Main References
Samanthula B K K, Chun H, Jiang W. An efficient andprobabilistic secure bit-decomposition[C]//Proceedings of the 8thACM SIGSAC symposium on Information, computer andcommunications security. ACM, 2013: 541-546.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Introduction
Statistical data analysis is an essential task in many data miningand business intelligence applications. However, when the datacome from multiple parties and where user privacy is a big concern,we need to perform the data analysis task in a privacypreservingmanner. The data analysis task becomes even more challengingwhen the data is in encrypted form which is quite common inoutsourced databases.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
secure bit-decomposition (SBD)
SBD acts as an important primitive in various secure multi-partycomputation (MPC) protocols such as secure comparison, publicmodulo and private exponentiation on encrypted integers.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Problem Statement
We consider two semi-honest (also referred to ashonest-but-curious) parties Alice and Bob. We assume that Alicegenerates a Paillier public/secret key pair (pk; sk) and broadcaststhe public key pk to Bob.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
k-Nearest Neighbor algorithm
Let < E ;D > be the encryption and decryption functionsassociated with the public/secret key pair (pk, sk). Without loss ofgenerality, assume that Bob holds the Paillier encrypted valueE (x), where 0 ≤ x < 2m (here m is referred to as the domain sizeof x in bits).
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Problem Statement
We explicitly assume that x is not known to Alice and Bob.Suppose (x0, · · · , xm−1) denotes the binary representation of xwhere x0 and xm−1 are the least and most significant bitsrespectively. The goal of this paper is to convert encryption of xinto the encryptions of the individual bits of x without disclosingany information regarding x to both Alice and Bob.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
More formally, we define the SBD protocol as follows:
SBD(E (x)) =< E (x0), · · · ,E (xm−1) >
At the end of the SBD protocol, the values E (x0), · · · ,E (xm−1)are known only to Bob and nothing is revealed to Alice. Note thatsince SBD protocol is used as a sub-routine in many secureapplications, leaking either the value of x or any of the bit values(xi ’s) to either Alice or Bob may not be allowed.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Preliminaries
Our protocol uses standard binary conversion algorithm as abaseline. Let x be an integer such that 0 ≤ x < 2m. The overallsteps involved in the standard binary conversion method arehighlighted in Algorithm 1. Briefly, we first divide x by 2. Theremainder 0 or 1 (i.e., x mod 2) will be the bit in question andthen x is replaced by the quotient (denoted by q0, whereq0 = b x2c). This process is repeated until m iterations.
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Standard Binary Conversion Method
Figure: Security model
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Paillier Cryptosystem
Paillier cryptosystem exhibits the following properties:a. Homomorphic Addition: E (y + z) = E (y) ∗ E (z) mod N2;b. Homomorphic Multiplication: E (z ∗ y) = E (y)z mod N2;
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
SBD protocol
Figure: Security model
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Encrypted LSB protocol
Figure: Security model
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Secure Verification of Result(SVR)
Figure: Security model
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition
OutlineMain References
IntroductionProblem Statement
PreliminariesThe proposal scheme
Thank youRongxing’s Homepage:
http://www.ntu.edu.sg/home/rxlu/index.htmPPT available @: http://www.ntu.edu.sg/home/rxlu/seminars.htm
Ximeng’s Homepage:http://www.nbnix.com/
http://www.ntu.edu.sg/home/rxlu/seminars.htm An Efficient and Probabilistic Secure Bit-Decomposition