Engineering Secure Two-Party Computation Protocols

ing from the underlying cryptographic details. Our corresponding language and tool, called Tool for Automating Secure Two-party Computations (TASTY), allow one to describe, automatically generate, execute, and benchmark such modular and efficient SFE protocols. As an application example we consider privacy-preserving face recognition. Comments and Errata. Your feedback on the book or any errors you may find are highly appreciated. Please e-mail your comments and errata to thomaschneider@ gmail.com. A list of known errata will be maintained at http://thomaschneider. de/engineeringSFEbook. viii Preface

[1]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[2]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[3]  Ahmad-Reza Sadeghi,et al.  Generalized Universal Circuits for Secure Evaluation of Private Functions with Application to Data Classification , 2009, IACR Cryptol. ePrint Arch..

[4]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[5]  A. Benjamin Premkumar,et al.  Securely utilizing external computing power , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[6]  Lior Malka,et al.  VMCrypt: modular software architecture for scalable secure computation , 2011, CCS '11.

[7]  Alptekin Küpçü,et al.  ZKPDL: A Language-Based System for Efficient Zero-Knowledge Proofs and Electronic Cash , 2010, USENIX Security Symposium.

[8]  Ahmad-Reza Sadeghi,et al.  Ask Your E-Doctor Without Telling: Privacy-Preserving Medical Diagnostics (Poster) , 2009 .

[9]  Benny Pinkas,et al.  Secure Hamming Distance Based Computation and Its Applications , 2009, ACNS.

[10]  Marc Stevens,et al.  Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.

[11]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[12]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[13]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[14]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[15]  Roopa Vishwanathan,et al.  Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology , 2009, DBSec.

[16]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[17]  Amir Herzberg,et al.  Secure Guaranteed Computation , 2010, IACR Cryptol. ePrint Arch..

[18]  Sergei P. Skorobogatov,et al.  Data Remanence in Flash Memory Devices , 2005, CHES.

[19]  Alex Pentland,et al.  Face recognition using eigenfaces , 1991, Proceedings. 1991 IEEE Computer Society Conference on Computer Vision and Pattern Recognition.

[20]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[21]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[22]  Yehuda Lindell,et al.  Constructions of truly practical secure protocols using standardsmartcards , 2008, CCS.

[23]  Sean W. Smith,et al.  Fairy Dust, Secrets, and the Real World , 2003, IEEE Secur. Priv..

[24]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[25]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[26]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[27]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[28]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[29]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[30]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[31]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[32]  Sean W. Smith,et al.  More Efficient Secure Function Evaluation Using Tiny Trusted Third Parties , 2005 .

[33]  Sean W. Smith,et al.  Hardware-Assisted Secure Computation , 2009 .

[34]  Krzysztof Pietrzak,et al.  Provable Security for Physical Cryptography ⋆ , 2010 .

[35]  Ahmad-Reza Sadeghi,et al.  Practical Secure Evaluation of Semi-Private Functions , 2009, IACR Cryptol. ePrint Arch..

[36]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[37]  Priti Shankar,et al.  The Compiler Design Handbook: Optimizations and Machine Code Generation , 2002, The Compiler Design Handbook.

[38]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[39]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[40]  Kerstin Lemke,et al.  Embedded Security: Physical Protection against Tampering Attacks , 2006 .

[41]  Ahmad-Reza Sadeghi,et al.  Efficient Secure Two-Party Computation with Untrusted Hardware Tokens , 2010 .

[42]  Vladimir Kolesnikov,et al.  A Practical Universal Circuit Construction and Secure Evaluation of Private Functions , 2008, Financial Cryptography.

[43]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[44]  Florian Kerschbaum,et al.  L1 - An Intermediate Language for Mixed-Protocol Secure Computation , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[45]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[46]  Ke Xu,et al.  On Garbled Circuits and Constant Round Secure Function Evaluation , 2012 .

[47]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[48]  Yehuda Lindell,et al.  Secure Multiparty Computation for Privacy-Preserving Data Mining , 2009, IACR Cryptol. ePrint Arch..

[49]  Yehuda Lindell,et al.  A Proof of Yao's Protocol for Secure Two-Party Computation , 2004, Electron. Colloquium Comput. Complex..

[50]  Claude E. Shannon,et al.  The synthesis of two-terminal switching circuits , 1949, Bell Syst. Tech. J..

[51]  Makoto Yokoo,et al.  Secure computation for combinatorial auctions and market exchanges , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[52]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[53]  Jörn Müller-Quade,et al.  Universally composable zero-knowledge arguments and commitments from signature cards , 2007 .

[54]  Peter Sanders Algorithm Engineering - An Attempt at a Definition , 2009, Efficient Algorithms.

[55]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[56]  Michael K. Reiter,et al.  Automatic generation of two-party computations , 2003, CCS '03.

[57]  Ahmad-Reza Sadeghi,et al.  Property-Based TPM Virtualization , 2008, ISC.

[58]  Michael I. Schwartzbach,et al.  A domain-specific programming language for secure multiparty computation , 2007, PLAS '07.

[59]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[60]  Ahmad-Reza Sadeghi,et al.  Embedded SFE: Offloading Server and Network Using Hardware Tokens , 2010, Financial Cryptography.

[61]  Ahmad-Reza Sadeghi,et al.  Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs - (Full Version) , 2010, CHES.

[62]  Ahmad-Reza Sadeghi,et al.  From Dust to Dawn: Practically Efficient Two-Party Secure Function Evaluation Protocols and their Modular Design , 2010, IACR Cryptol. ePrint Arch..

[63]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[64]  A. Sadeghi,et al.  Token-Based Cloud Computing Secure Outsourcing of Data and Arbitrary Computations with Lower Latency , 2010 .

[65]  Ke Xu,et al.  Mobile Agent Security Through Multi-Agent Cryptographic Protocols , 2003, International Conference on Internet Computing.

[66]  Vladimir Kolesnikov,et al.  Truly Efficient String Oblivious Transfer Using Resettable Tamper-Proof Tokens , 2010, TCC.

[67]  Philipp Woelfel,et al.  Bounds on the OBDD-size of integer multiplication via universal hashing , 2001, J. Comput. Syst. Sci..

[68]  Vladimir Kolesnikov Gate Evaluation Secret Sharing and Secure One-Round Two-Party Computation , 2005, ASIACRYPT.

[69]  Ke Xu,et al.  Universally Composable Secure Mobile Agent Computation , 2004, ISC.

[70]  Yu Yu,et al.  On Developing Privacy-Preserving Compilers , 2006 .

[71]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[72]  Jonathan Katz,et al.  Efficient Privacy-Preserving Biometric Identification , 2011, NDSS.

[73]  Rafail Ostrovsky,et al.  Efficient Non-interactive Secure Computation , 2011, EUROCRYPT.

[74]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[75]  Berry Schoenmakers,et al.  A protocol issue for the malicious case of Yao's garbled circuit construction , 2006 .

[76]  Bradley Malin,et al.  Preserving privacy by de-identifying face images , 2005, IEEE Transactions on Knowledge and Data Engineering.

[77]  Jesper Buus Nielsen,et al.  Extending Oblivious Transfers Efficiently - How to get Robustness Almost for Free , 2007, IACR Cryptol. ePrint Arch..

[78]  Ahmad-Reza Sadeghi,et al.  Verschlüsselt Rechnen: Sichere Verarbeitung verschlüsselter medizinischer Daten am Beispiel der Klassifikation von EKG-Daten , 2010, perspeGKtive.

[79]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[80]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[81]  Steve H. Weingart Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences , 2000, CHES.

[82]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[83]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[84]  Vandana Gunupudi,et al.  Generalized Non-Interactive Oblivious Transfer Using Count-Limited Objects with Applications to Secure Mobile Agents , 2008, Financial Cryptography.

[85]  B.C.H. Turton Extending Quine-McCluskey for Exclusive-Or logic synthesis , 1996 .

[86]  Ahmad-Reza Sadeghi,et al.  Efficient Privacy-Preserving Face Recognition , 2009, ICISC.

[87]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[88]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[89]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[90]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[91]  Heribert Vollmer,et al.  Introduction to Circuit Complexity: A Uniform Approach , 2010 .

[92]  Patrick Schaumont,et al.  Design methods for Security and Trust , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[93]  Thomas Schneider,et al.  Practical Secure Function Evaluation , 2008, Informatiktage.

[94]  Radha Poovendran,et al.  The AES-CMAC Algorithm , 2006, RFC.

[95]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[96]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[97]  Sean W. Smith,et al.  Faerieplay on Tiny Trusted Third Parties ( Work in Progress ) ∗ , 2007 .

[98]  Leslie G. Valiant,et al.  Universal circuits (Preliminary Report) , 1976, STOC '76.

[99]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[100]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[101]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[102]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[103]  Stefan Katzenbeisser,et al.  Privacy preserving error resilient dna searching through oblivious automata , 2007, CCS '07.

[104]  Somesh Jha,et al.  Secure function evaluation with ordered binary decision diagrams , 2006, CCS '06.

[105]  Adam D. Smith,et al.  Efficient Two Party and Multi Party Computation Against Covert Adversaries , 2008, EUROCRYPT.

[106]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[107]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[108]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[109]  Jin-Yi Cai,et al.  Circuit minimization problem , 2000, STOC '00.

[110]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.