SLIDE 1
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 1
TPMPC 2018
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 2
MPC across the wire: There is something you require Dragos Rotaru - - PowerPoint PPT Presentation
MPC across the wire: There is something you require Dragos Rotaru - - PowerPoint PPT Presentation
TPMPC 2018 MPC across the wire: There is something you require Dragos Rotaru KU Leuven, University of Bristol 1 Dragos Rotaru imec-Cosic, Dept. Electrical Engineering $6.3M question Brandeis program Enc( K , ) K 2 Dragos Rotaru
SLIDE 2
SLIDE 3
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 3
$6.3M question – Brandeis program
K
SLIDE 4
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 4
$6.3M question – Brandeis program
K
C = Enc(K, )
SLIDE 5
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 5
MPC and Long-term storage some research shortage…
SLIDE 6
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 6
Long-term storage
42 𝑁1
SLIDE 7
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 7
𝑁1 𝑁2 𝑁3
42
+ +
=
𝑁1 𝑁3 𝑁2
Long-term storage
42
SLIDE 8
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 8
𝑁1 𝑁2 𝑁3
42
+ +
=
𝑁1 𝑁3 𝑁2
Long-term storage
SLIDE 9
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 9
𝑁1 𝑁2 𝑁3
42
+ +
=
K 𝑁1 𝑁3 𝑁2
Long-term storage
SLIDE 10
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 10
Long-term storage
𝑁1 𝑁2 𝑁3
42
+ +
=
K 𝑁1 𝑁3 𝑁2
SLIDE 11
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 11
𝑁1 𝑁1 𝑁2 𝑁3
42
+ +
=
𝐿1 𝑁3 𝐿3 𝑁2 𝐿2
Long-term storage
𝐿1 𝐿2 𝐿3
K
+ +
=
SLIDE 12
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 12
𝑁1 𝑁1 𝑁2 𝑁3
42
+ +
=
𝐿1 𝑁2 𝐿2 𝑁3 𝐿3
Long-term storage
Enc(𝐿1, 𝑁1) Enc(𝐿2, 𝑁2) Enc(𝐿3, 𝑁3)
𝐿1 𝐿2 𝐿3
K
+ +
=
SLIDE 13
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 13
𝑁1 𝑁1 𝑁2 𝑁3
42
+ +
=
𝐿1 𝑁3 𝐿3
Too many keys! Let’s keep it simple.
Enc(𝐿1, 𝑁1)
𝑁2 𝐿2 𝑁1 𝑁1 𝑁2 𝑁3
+ +
𝐿1 𝑁3 𝐿3 𝑁2 𝐿2
Long-term storage
Enc(𝐿2, 𝑁2) Enc(𝐿3, 𝑁3)
𝐿1 𝐿2 𝐿3
K
+ +
=
SLIDE 14
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 14
𝑁1 𝐿1 𝑁3 𝐿3 𝑁2 𝐿2 𝑁1 𝑁2 𝑁3
42
+ +
= Long-term storage
𝐿1 𝐿2 𝐿3
K
+ +
=
SLIDE 15
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 15
Enc(K,42) Tag(Enc(K,42))
I can also detect whether parties used incorrect keys.
Long-term storage
K
SLIDE 16
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 16
Enc(K,42) Tag(Enc(K,42))
I can also detect whether parties used incorrect keys.
Long-term storage
K
- Can be used to remove interaction
when providing inputs to SPDZ [DDN+15].
SLIDE 17
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 17
Tricks to get a PhD in crypto*
SLIDE 18
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 18
Line of work - mod p
Enc(42) Tag(Enc(42))
CCS’16
[GRRSS]
FSE’18
[RSS]
PRFs: NR, MiMC, Leg. AE: OTR, PMAC. ?’18
[AGPRRRRS]
Generalized MiMC, Fewer triples per message block.
SLIDE 19
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 19
Authenticated Encryption in MPC
- Useful MPC happens in Fp => Need AE and PRFs modp.
- Look for parallel AE: CTR+PMAC, OTR.
- MPC framework splits computation in 2 phases:
- Input independent pre-processing.
- Online phase where inputs are used.
[42] Enc(42) Tag(42)
SLIDE 20
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 20
Tweak your encryption to MPC
SLIDE 21
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 21
And the winner is…CTR+HtMAC
Ciphertexts can be revealed.
SLIDE 22
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 22
And the winner is…CTR+HtMAC
Ciphertexts can be revealed. Would be cool to have a formal security model:
- What we can reveal.
- What we should hide.
SLIDE 23
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 23
When ideal meets real
SLIDE 24
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 24
When ideal meets real – surprise!
SLIDE 25
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 25
When ideal meets real – surprise!
Legendre MiMC
SLIDE 26
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 26
Can we cripple…the triple(s)?
- Pre-processing cost scales linearly with the number of
blocks.
SLIDE 27
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 27
MiMC
𝑌1 𝐺𝑙 … 𝐺𝑙 𝐷1
73 * L
𝑌2 𝐺𝑙 … 𝐺𝑙 𝐷2 𝑌3 𝐺𝑙 … 𝐺𝑙 𝐷3 𝑌4 𝐺𝑙 … 𝐺𝑙 𝐷4 𝑌2 𝐺𝑙 … 𝐺𝑙 𝐷1 𝑌3 𝐺𝑙 … 𝐺𝑙 𝐷1 𝑌4 𝐺𝑙 … 𝐺𝑙 𝐷1
SLIDE 28
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 28
GMiMC
𝑌4 𝑌3 𝑌2 𝑌1
1.262*128 + 2*L - 1
SLIDE 29
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 29
Putting the (GMi)MC into MPC
SLIDE 30
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 30
Putting the (GMi)MC into MPC
SLIDE 31
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 31
Putting the (GMi)MC into MPC
SLIDE 32
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 32
Putting the (GMi)MC into MPC
SLIDE 33
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 33
Putting the (GMi)MC into MPC
Trust no one. Do your experiments.
SLIDE 34
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 34
My lyrics get stolen by MiMCs, I gotta ‘tag’ my rhymes with MPC; But I keep on generatin' like a PRG 'Cause there's so much drama in the PhD. *
* Adapted from ‘So Much Drama in the PhD’ by Monzy
SLIDE 35
Dragos Rotaru imec-Cosic, Dept. Electrical Engineering 35
My lyrics get stolen by miMCs, I gotta ‘tag’ my rhymes with MPC; But I keep on generatin' like a PRG 'Cause there's so much drama in the PhD. *
* Adapted from ‘So Much Drama in the PhD’ by Monzy