We revisit the problem of general-purpose private function evaluation (PFE) wherein a single party P 1 holds a circuit C, while each P i for 1 ≤ i ≤ n holds a private input x i , and the goal is for a subset (or all) of the parties to learn C(x 1 , . . . , x n ) but nothing else. We put forth a general framework for designing PFE where the task of hiding the circuit and securely evaluating its gates are addressed independently: First, we reduce the task of hiding the circuit topology to oblivious evaluation of a mapping that encodes the topology of the circuit, which we refer to as oblivious extended permutation (OEP) since the mapping is a generalization of the permutation mapping. Second, we design a subprotocol for private evaluation of a single gate (PFE for one gate), which we refer to as private gate evaluation (PGE). Finally, we show how to naturally combine the two components to obtain efficient and secure PFE.We apply our framework to several well-known general-purpose MPC constructions, in each case, obtaining the most efficient PFE construction to date, for the considered setting. Similar to the previous work we only consider semi-honest adversaries in this paper.• In the multiparty case with dishonest majority, we apply our techniques to the seminal GMW protocol [GMW87] and obtain the first general-purpose PFE with linear complexity in the circuit size.• In the two-party case, we transform Yao's garbled circuit protocol [Yao86] into a constant-round two-party PFE. Depending on the instantiation of the underlying subprotocol, we either obtain a two-party PFE with linear complexity that improves on the only other work with similar asymptotic efficiency (Katz and Malka, ASIACRYPT 2011 [KM11]), or a two-party PFE that provides the best concrete efficiency to date despite not being linear.• The above two constructions are for boolean circuits. In case of arithmetic circuits, we obtain the first PFE with linear complexity based on any additively homomorphic encryption scheme.Though each construction uses different techniques, a common feature in all three is that the overhead of hiding the circuit C is essentially equal to the cost of running the OEP protocol on a vector of size |C|. As a result, to improve efficiency, one can focus on lowering the cost of the underlying OEP protocol. OEP can be instantiated using a singly homomorphic encryption or any general-purpose MPC but we introduce a new construction that we show is significantly more efficient than these alternatives, in practice. The main building block in our OEP construction is an efficient protocol for oblivious switching network evaluation (OSN), a generalization of the previously studied oblivious shuffling problem which is of independent interest. Our results noticeably improve efficiency of the previous solutions to oblivious shuffling, yielding a factor of 25 or more gain in computation and communication. * email address: pmohasse@cpsc.ucalgary.ca † email address: sadeghis@ucalgary.ca
No abstract
Abstract. We propose the first general framework for designing actively secure private function evaluation (PFE), not based on universal circuits. Our framework is naturally divided into pre-processing and online stages and can be instantiated using any generic actively secure multiparty computation (MPC) protocol. Our framework helps address the main open questions about efficiency of actively secure PFE. On the theoretical side, our framework yields the first actively secure PFE with linear complexity in the circuit size. On the practical side, we obtain the first actively secure PFE for arithmetic circuits with O(g · log g) complexity where g is the circuit size. The best previous construction (of practical interest) is based on an arithmetic universal circuit and has complexity O(g 5 ).We also introduce the first linear Zero-Knowledge proof of correctness of "extended permutation" of ciphertexts (a generalization of ZK proof of correct shuffles) which maybe of independent interest.
We introduce ZIDS, a client-server solution for private detection of intrusions that is suitable for private detection of zero-day attacks in input data. The system includes an IDS server that has a set of sensitive signatures for zero-day attacks and IDS clients that possess some sensitive data (e.g. files, logs). Using ZIDS, each IDS client learns whether its input data matches any of the zero-day signatures, but neither party learns any additional information. In other words, the IDS client learns nothing about the zero-day signatures and the IDS server learns nothing about the input data and the analysis results. To solve this problem, we reduce privacy-preserving intrusion detection to an instance of secure two-party oblivious deterministic finite automata evaluation (ODFA). Then, motivated by the fact that the DFAs associated with attack signature are often sparse, we propose a new and efficient ODFA protocol that takes advantage of this sparsity. Our new construction is considerably more efficient than the existing solutions and at the same time does not leak any sensitive information about the nature of the sparsity in the private DFA. We provide a full implementation of our privacy-preserving system which includes optimizations that lead to better memory usage and evaluate its performance on rule sets from the Snort IDS.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.