Elette Boyle
Shafi Goldwasser
ABSTRACT
We construct a multiparty computation (MPC) protocol that is secure even if a malicious adversary, in addition to corrupting 1-ε fraction of all parties for an arbitrarily small constant ε >0, can leak information about the secret state of each honest party. This leakage can be continuous for an unbounded number of executions of the MPC protocol, computing different functions on the same or different set of inputs. We assume a (necessary) "leak-free" preprocessing stage. We emphasize that we achieve leakage resilience without weakening the security guarantee of classical MPC. Namely, an adversary who is given leakage on honest parties' states, is guaranteed to learn nothing beyond the input and output values of corrupted parties. This is in contrast with previous works on leakage in the multi-party protocol setting, which weaken the security notion, and only guarantee that a protocol which leaks l bits about the parties' secret states, yields at most l bits of leakage on the parties' private inputs. For some functions, such as voting, such leakage can be detrimental.
Our result relies on standard cryptographic assumptions, and our security parameter is polynomially related to the number of parties.
Supplemental Material
- Joel Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, and Daniel Wichs. Public-key encryption in the bounded-retrieval model. In EUROCRYPT, pages 113--134, 2010. Google Scholar
Digital Library
- Joel Alwen, Yevgeniy Dodis, and Daniel Wichs. Leakage-resilient public-key cryptography in the bounded-retrieval model. In CRYPTO, pages 36--54, 2009. Google ScholarDigital Library
- Adi Akavia, Shafi Goldwasser, and Vinod Vaikuntanathan. Simultaneous hardcore bits and cryptography against memory attacks. In TCC, pages 474--495, 2009. Google ScholarDigital Library
- Ross Anderson and Markus Kuhn. Tamper resistance: a cautionary note. In WOEC'96: Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce, pages 1--11, 1996. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, Shafi Goldwasser, Shai Halevi, Yael Tauman Kalai, and Guy N. Rothblum. Program obfuscation with leaky hardware. In ASIACRYPT, 2011. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, and Shai Halevi. Leakage tolerant interactive protocols. Cryptology ePrint Archive, Report 2011/204, 2011.Google Scholar
- Manuel Blum, Paul Feldman, and Silvio Micali. Non-interactive zero-knowledge and its applications (extended abstract). In STOC, pages 103--112, 1988. Google ScholarDigital Library
- Zvika Brakerski and Shafi Goldwasser. Circular and leakage resilient public-key encryption under subgroup indistinguishability - (or: Quadratic residuosity strikes back). In CRYPTO, pages 1--20, 2010. Google ScholarDigital Library
- Elette Boyle, Sanjam Garg, Shafi Goldwasser, Abhishek Jain, Yael Tauman Kalai, and Amit Sahai. Leakage-resilient multiparty computation. Manuscript, 2011.Google Scholar
- Elette Boyle, Shafi Goldwasser, and Yael Tauman Kalai. Leakage-resilient coin tossing. In DISC, 2011. Google ScholarDigital Library
- Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. Fully homomorphic encryption without bootstrapping. ECCC, Report 2011/111, 2011.Google Scholar
- Zvika Brakerski, Yael Tauman Kalai, Jonathan Katz, and Vinod Vaikuntanathan. Overcoming the hole in the bucket: Public-key cryptography resilient to continual memory leakage. In FOCS, pages 501--510, 2010. Google ScholarDigital Library
- Manuel Blum, Alfredo De Santis, Silvio Micali, and Giuseppe Persiano. Noninteractive zero-knowledge.SIAM J. Comput., 20(6):1084--1118, 1991. Google ScholarDigital Library
- Elette Boyle, Gil Segev, and Daniel Wichs. Fully leakage-resilient signatures. In EUROCRYPT, 2011. Google ScholarDigital Library
- Zvika Brakerski and Vinod Vaikuntanathan. Efficient fully homomorphic encryption from (standard) lwe. In FOCS, 2011. Google ScholarDigital Library
- Giovanni Di Crescenzo, Yuval Ishai, and Rafail Ostrovsky. Non-interactive and non-malleable commitment. In STOC, pages 141--150, 1998. Google ScholarDigital Library
- Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai. Universally composable two-party and multi-party secure computation. In STOC, pages 494--503, 2002. Google ScholarDigital Library
- Yevgeniy Dodis, Shafi Goldwasser, Yael Tauman Kalai, Chris Peikert, and Vinod Vaikuntanathan. Public-key encryption schemes with auxiliary inputs. In TCC, pages 361--381, 2010. Google ScholarDigital Library
- Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt, and Daniel Wichs. Cryptography against continuous memory attacks. In FOCS, pages 511--520, 2010. Google ScholarDigital Library
- Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt, and Daniel Wichs. Efficient public-key cryptography in the presence of key leakage. In ASIACRYPT, pages 613--631, 2010.Google ScholarCross Ref
- Ivan Damgard, Carmit Hazay, and Arpita Patra. Leakage resilient two-party computation. Cryptology ePrint Archive, Report 2011/256, 2011.Google Scholar
- Yevgeniy Dodis, Yael Tauman Kalai, and Shachar Lovett. On cryptography with auxiliary input. InSTOC, pages 621--630, 2009. Google ScholarDigital Library
- Yevgeniy Dodis, Allison Lewko, Brent Waters, and Daniel Wichs. Storing secrets on continually leaky devices. In FOCS, 2011. Google ScholarDigital Library
- Stefan Dziembowski and Krzysztof Pietrzak. Leakage-resilient cryptography. In FOCS, pages 293--302, 2008. Google ScholarDigital Library
- Yevgeniy Dodis and Krzysztof Pietrzak. Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In CRYPTO, pages 21--40, 2010. Google ScholarDigital Library
- Danny Dolev and H. Raymond Strong. Authenticated algorithms for byzantine agreement.SIAM J. Comput., 12(4):656--666, 1983.Google ScholarCross Ref
- Uriel Feige. Noncryptographic selection protocols. In Proceedings of the 40th Annual Symposium on Foundations of Computer Science, 1999. Google ScholarDigital Library
- Sebastian Faust, Eike Kiltz, Krzysztof Pietrzak, and Guy N. Rothblum. Leakage-resilient signatures. In TCC, pages 343--360, 2010. Google ScholarDigital Library
- Uriel Feige, Dror Lapidot, and Adi Shamir. Multiple non-interactive zero knowledge proofs based on a single random string (extended abstract). In FOCS, pages 308--317, 1990. Google ScholarDigital Library
- Sebastian Faust, Tal Rabin, Leonid Reyzin, Eran Tromer, and Vinod Vaikuntanathan. Protecting circuits from leakage: the computationally-bounded and noisy cases. In EUROCRYPT, pages 135--156, 2010. Google ScholarDigital Library
- Uriel Feige and Adi Shamir. Zero knowledge proofs of knowledge in two rounds. In CRYPTO, pages 526--544, 1989. Google ScholarDigital Library
- Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC, pages 169--178, 2009. Google ScholarDigital Library
- Sanjam Garg, Abhishek Jain, and Amit Sahai. Leakage-resilient zero knowledge. In CRYPTO, pages 297--315, 2011. Google ScholarDigital Library
- Karine Gandolfi, Christophe Mourtel, and Francis Olivier. Electromagnetic analysis: Concrete results. In CHES, pages 251--261, 2001. Google ScholarDigital Library
- Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In STOC, pages 218--229, 1987. Google ScholarDigital Library
- Jens Groth, Rafail Ostrovsky, and Amit Sahai. Perfect non-interactive zero knowledge for np. In EUROCRYPT, pages 339--358, 2006. Google ScholarDigital Library
- Shafi Goldwasser and Guy N. Rothblum. Securing computation against continuous leakage. In CRYPTO, pages 59--79, 2010. Google ScholarDigital Library
- Shafi Goldwasser and Guy N. Rothblum. How to compute in the presence of leakage. Electronic Colloquium on Computational Complexity (ECCC), 19, 2012.Google Scholar
- J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Lest we remember: Cold boot attacks on encryption keys. In USENIX Security Symposium, pages 45--60, 2008. Google ScholarDigital Library
- Yuval Ishai, Amit Sahai, and David Wagner. Private circuits: Securing hardware against probing attacks. In CRYPTO, pages 463--481, 2003.Google ScholarCross Ref
- Ali Juma and Yevgeniy Vahlis. Protecting cryptographic keys against continual leakage. In CRYPTO, pages 41--58, 2010. Google ScholarDigital Library
- Paul C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In CRYPTO, pages 104--113, 1996. Google ScholarDigital Library
- Eike Kiltz and Krzysztof Pietrzak. Leakage resilient elgamal encryption. In ASIACRYPT, pages 595--612, 2010.Google ScholarCross Ref
- Jonathan Katz and Vinod Vaikuntanathan. Signature schemes with bounded leakage resilience. In ASIACRYPT, pages 703--720, 2009. Google ScholarDigital Library
- Allison Lewko, Mark Lewko, and Brent Waters. How to leak on key updates. In STOC, 2011. Google ScholarDigital Library
- Allison Lewko, Yannis Rouselakis, and Brent Waters. Achieving leakage resilience through dual system encryption. In TCC, 2011. Google ScholarDigital Library
- Silvio Micali and Leonid Reyzin. Physically observable cryptography (extended abstract). In TCC, pages 278--296, 2004.Google ScholarCross Ref
- Tal Malkin, Isamu Teranishi, Yevgeniy Vahlis, and Moti Yung. Signatures resilient to continual leakage on memory and computation. In EUROCRYPT, 2011. Google ScholarDigital Library
- Moni Naor and Gil Segev. Public-key cryptosystems resilient to key leakage. In CRYPTO, pages 18--35, 2009. Google ScholarDigital Library
- Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: The case of aes. InCT-RSA, pages 1--20, 2006. Google ScholarDigital Library
- Krzysztof Pietrzak. A leakage-resilient mode of operation. In EUROCRYPT, pages 462--482, 2009. Google ScholarDigital Library
- Jean-Jacques Quisquater and David Samyde. Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In E-smart, pages 200--210, 2001. Google ScholarDigital Library
- Andrew C. Yao. Theory and applications of trapdoor functions. In Proc.23rd FOCS, pages 80--91, 1982. Google ScholarCross Ref
Index Terms
- Multiparty computation secure against continual memory leakage
Recommendations
Leakage-resilient coin tossing
The ability to collectively toss a common coin among $$n$$ n parties in the presence of faults is an important primitive in the arsenal of randomized distributed protocols. In the case of dishonest majority, it was shown to be impossible to achieve less than $$\frac{1}{r}$$ 1 r ...
Optimizing Semi-Honest Secure Multiparty Computation for the Internet
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityIn the setting of secure multiparty computation, a set of parties with private inputs wish to compute some function of their inputs without revealing anything but their output. Over the last decade, the efficiency of secure two-party computation has ...
Protocols for Multiparty Coin Toss with a Dishonest Majority
Coin-tossing protocols are protocols that generate a random bit with uniform distribution, although some corrupted parties might try to bias the output. These protocols are used as a building block in many cryptographic protocols. Cleve (Proc. of the ...
Comments