New notions of security

Secure multi-party computation (MPC, for short) is a powerful cryptographic concept which lets mutually distrusting parties collaborate without compromising their private information (beyond what is required by the functionality for which they collaborate). The functionality allowed in such a collaboration is so general that MPC subsumes virtually all other cryptographic tasks. Much of the two and a half decades of cryptographic research can be seen as striving towards the Holy Grail of realizing secure MPC in the most challenging scenario in which the parties carry out multiple tasks concurrently, the entire communication is adversarially controlled and there are no universally trusted entities. In this thesis, for the first time we show how to realize secure MPC in such a general setting. Our contribution can be considered three-fold: (1) Definition of security. We present a new framework—called Los Angeles Network aware security—for defining security of MPC protocols. This builds on Canetti's Universally Composable security framework, under which it was known that very few distributed tasks can be carried out securely (unless globally trusted entities were used by the protocol). (2)  Protocols and proofs. We build a new protocol for Multi-Party Computation which uses no globally trusted entities, and prove that it is secure in the Los Angeles Network aware security framework, under certain complexity theoretic assumptions. The high-level structure of the protocol and proof of security resembles that in previous works on Multi-Party Computation, but we employ novel approaches in designing the lower level elements of our protocol. (3)  Complexity theoretic assumptions. We introduce new complexity theoretic assumptions, and show their use in proving the security of our protocols. The assumptions we make are somewhat different from those used in previous works. We informally argue why our assumptions are reasonable. Also, we introduce an extension to the Los Angeles Network aware security framework—called monitored security—to obtain a greater security-efficiency trade off. We show how Network aware security guarantees, albeit weak, can be given under this framework for much more efficient and simpler protocols.

[1]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[4]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[8]  Jonathan Katz,et al.  Universally-Composable Two-Party Computation in Two Rounds , 2007, CRYPTO.

[9]  Silvio Micali,et al.  Secure Computation (Abstract) , 1991, CRYPTO.

[10]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[11]  Rafael Pass,et al.  Bounded-concurrent secure two-party computation in a constant number of rounds , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[12]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[13]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[14]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[15]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[16]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[17]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[18]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[19]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[20]  Tal Malkin,et al.  Generalized Environmental Security from Number Theoretic Assumptions , 2006, TCC.

[21]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[22]  Nancy A. Lynch,et al.  Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[23]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[24]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, Annual International Cryptology Conference.

[25]  Birgit Pfitzmann,et al.  Secure Reactive Systems , 2000 .

[26]  Yehuda Lindell,et al.  Strict polynomial-time in simulation and extraction , 2002, STOC '02.

[27]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[28]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[29]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[30]  Birgit Pfitzmann,et al.  Cryptographic Security of Reactive Systems Extended Abstract , 2000 .

[31]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[32]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[33]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[34]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[35]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[36]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[37]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[38]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[39]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[40]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[41]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[42]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[43]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[44]  Amit Sahai,et al.  How to play almost any mental game over the net - concurrent composition via super-polynomial simulation , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[45]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[46]  Tatsuaki Okamoto,et al.  An Extensin of Zero-Knowledge Proofs and Its Applications , 1991, ASIACRYPT.

[47]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[48]  Yehuda Lindell,et al.  A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions , 2003, EUROCRYPT.

[49]  T Okamoto An Extension of Zero-Knowledge Proofs and Its Applications. , 1993 .

[50]  Amit Sahai,et al.  New notions of security: achieving universal composability without trusted setup , 2004, STOC '04.

[51]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[52]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[53]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[54]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[55]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[56]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[57]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[58]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[59]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires ~Omega(log n) Rounds , 2001, Electron. Colloquium Comput. Complex..

[60]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[61]  Mihir Bellare,et al.  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem , 2004, EUROCRYPT.

[62]  Amit Sahai,et al.  On the (im)possibility of cryptography with imperfect randomness , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[63]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[64]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[65]  Amit Sahai,et al.  Relaxing Environmental Security: Monitored Functionalities and Client-Server Computation , 2005, TCC.

[66]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[67]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[68]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[69]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[70]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[71]  Silvio Micali,et al.  Parallel Reducibility for Information-Theoretically Secure Computation , 2000, CRYPTO.

[72]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[73]  Yehuda Lindell,et al.  Concurrent general composition of secure protocols in the timing model , 2005, STOC '05.

[74]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[75]  Donald Beaver,et al.  Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority , 2004, Journal of Cryptology.

[76]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.