1
Vipul GoyalAbhishek Jain
UCLAUCLA
On the Round Complexity of Covert Computation
2
Covert Computation• Strengthening of the notion of secure computation,
introduced by Ahn-Hopper-Langford’05
• Talk about privacy of not just input but also whether a party participated in the protocol or not
• Covert computation has similar relation to secure computation as stenographic communication has to encrypted communication
3
Example: Secret Handshake• Two (secret) hackers on the internet
I suspect he is a member of the
hacker group as well. Secure 2pc?
4
Example: Secret Handshake
Lets run 2pc to see if we are both
hackers he is a hacker!!
5
Secret Handshake contd..
If only there was a better
protocol
6
Ideally
Internet is such a great resource, I learn so much
Completely agree, helps me get good grades in college
We are both hackers !!
7
Covert Computation• Parties talk as usual and hide protocol messages in
the normal “innocent looking” conversation
• In the end, if:– everyone participated– output favorable (certificates matched)
output and participation revealed to everyone
• Else, nobody knows who participated (parties just see normal messages)
8
More technically• The protocol messages “hidden” in the innocent
conversation need to look random (otherwise participation revealed) [vAHL05]
• Thus: design an MPC protocol w/ messages indistinguishable from random (except when everyone participating and function output favorable, final messages will not look random)
• Various standard tools like ZK break down
9
Covert Computation• Ahn-Hopper-Langford’05: two party
• Chandran-Goyal-Ostrovsky-Sahai’07: multi-party assuming a broadcast channel
• Polynomial number of rounds (in s.p., depth of circuit)
• This work: focus on round complexity, feasibility for point to point channels
10
Covert MPC w/ point to point channels
• Point to point channel: communication using, e.g., individual emails (as opposed to a mailing list)– Standard techniques for MPC w/ point to point channels inherently
break down
Internet is such a great resource, I learn so much
Internet is such a great resource, I learn so much
he said the same thing!!
11
Our Results• We first consider the round complexity of covert
computation:– w/ black-box simulation: constant round covert two-party
computation impossible– non black-box simulation: constant round covert multi-
party computation. Techniques:• two slot simulation technique [Pass’04, Barak’01]• crypto in NC0 [Applebaum-Ishai-Kushilevitz’04]
• We observe that our constant round MPC protocol inherits bounded concurrency from Pass’04– use this to show feasibility for covert MPC w/ point to point
channels for a constant number of parties
12
Covert MPC w/ Point to Point Channels
• Recall: we need protocol to run w/o more than 2 parties agreeing on a message
x1 x2x3
(x1, x2)
13
High level idea contd..
S
2-bounded
4-bounded
(x1, …, x4) (x5, …, x8)
A CB D
14
Thank You!