1 / 25

Socio-Rational Secret Sharing as a New Direction in Rational Cryptography

Socio-Rational Secret Sharing as a New Direction in Rational Cryptography. Secret Sharing in a Multidisciplinary Model. Contents. Trust Calculation A new model for trust adjustment in a social network Social Secret Sharing (SSS) Application: reliability evaluation in cloud computing

carlow
Download Presentation

Socio-Rational Secret Sharing as a New Direction in Rational Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Socio-Rational Secret Sharing as a New Direction in Rational Cryptography

  2. Secret Sharing in a Multidisciplinary Model

  3. Contents • Trust Calculation • A new model for trust adjustment in a social network • Social Secret Sharing (SSS) • Application: reliability evaluation in cloud computing • A construction with malicious and honest players • Socio-Rational Secret Sharing (SRSS) • Application: repeated secret sharing games • A construction with rational foresighted players

  4. 0.4 A1 0.5 A4 A2 A3 0.6 Trust and Reputation n 4 (p) = 1/(4-1)  4j (p) = 1/3 (0.4 + 0.5 + 0.6) = 0.5 j=1 • Trust versus Reputation: • Trust is a personal quantity, created between “2” players, whereas • Reputation is a social quantity in a network of “n” players. • Trust Function:Let ij (p) be the trust value assigned by player Pj to Pi in period “p”. Let i be the trust function representing the reputation of Pi. Example: If all players have an equal view, trust = reputation.

  5. Review of a Well-Known Solution T(p) > 0 T(p) < 0 T(p) > 0 T(p) < 0 T(p) = 0 T(p) = 0 Previous Solution:trust value T(p+1) is given by the following equations and it depends on the previous trust rating where:   0 and   0 [CIA’00].

  6. Trust Value Cooperation Defection TBad Pi [-1,) Encourage Penalize T New Pi: [,] Give/Take Opportunities TGood Pi (,+1] Reward Discourage 1. Trust Calculation Approach Bad Pi (D) Bad Pi (C) Good Pi (D) Good Pi (C)   Newcomer Pi (D) Newcomer Pi (C) • Our Functionis not just a function of a single round, but of the history: • Reward more (or same) the better a participant is, • Penalize more (or same) the worse a participant is.

  7. Intuition and Motivation Impact of the brain’s history  There exist some common principles for trust modeling A lies to B for the 1st time: defection A lies to B for the 2nd time: same defection + past history A cheat on B: costly defection

  8. Contents • Trust Calculation • A new model for trust adjustment in a social network • Social Secret Sharing (SSS) • Application: reliability evaluation in cloud computing • A construction with malicious and honest players • Socio-Rational Secret Sharing (SRSS) • Application: repeated secret sharing games • A construction with rational foresighted players

  9. Secret = 1 Shamir Secret Sharing • Sharing:a secret is divided into n shares in order to be distributed among n players. • Reconstruction:an authorize subset of players then cooperate to reveal the secret, e.g., t players where t < n is the threshold. Example: t = 2 points are sufficient to define a line: ( 1, 2 ), ( 2, 3 ), ( 3, 4 ), ( 4, 5 )  y = x+1 t = 3 points are sufficient to define a parabola. t = 4 points are sufficient to define a cubic curve. In general, it takes t points to define a polynomial of degree t-1.

  10. Application of Secret Sharing sharing reconstruction computation P1: x1 Sealed-Bid 1st-Price Auctions: the bidder who proposes the highest bid β wins & pays $β. (x1, …, xn) P2 : x2 … … …   Pn : xn • Secure Multiparty Computation: compute  with private inputs. • Sealed-Bid Auctions: preserve the privacy of different parameters. • Secrecy of the selling price and winner’s identity are optional. • To have a fair auction, confidentiality of the losing bids is important: They can be used in future auctions and negotiations by different parties, e.g., auctioneers to maximize their revenues or competitors to win the auction.

  11. 2. Social Secret Sharing 1= 3 2= 2 1= 4 2= 2 Amazon Google Amazon Google s4 s4 s3 s3 s3 s5 s5 s5 s1 s1 s1 s6 s6 s6 s2 s2 s2 Dealer Dealer Free s13 Microsoft Yahoo Microsoft Yahoo s11 s11 s11 s14 s9 s9 s9 s13 s13 s10 s10 s10 3= 3 4= 2 4= 1 3= 3 • Cooperation Pi (C): is available during secret recovery and sends correct shares. • Defection Pi(D): is not available at the required time or may respond with delay. • Corruption Pi(X):has been compromised by a passive or active adversary.

  12. Intuition and Motivation Humans share more secrets with whom they really trust and vice versa Systems using distributed threshold cryptography should be adjusted automatically based on the resource availability

  13. Contents • Trust Calculation • A new model for trust adjustment in a social network • Social Secret Sharing (SSS) • Application: reliability evaluation in cloud computing • A construction with malicious and honest players • Socio-Rational Secret Sharing (SRSS) • Application: repeated secret sharing games • A construction with rational foresighted players

  14. Rational Secret Sharing Pj 11 Pi Pk only Pk learns the secret “3” 11 6 18 6 selfish unknown real recovery round fake secret recovery rounds … • Problem: the players deny to reveal their shares in the secret recovery phase, therefore, the secret is not reconstructed at all. Example: f (x) = 3 + 2 x + x2 t=3 shares are enough for recovery. • Model: players are selfish rather than being honest or malicious. If all players act selfishly, secret recovery fails. • Solution:

  15. STOC’04 Paper 0 0 1 0 1 s1 s2 s3 all players are selfish 0 P1 P2 P3 0 1 0 0 3 1 0 , 2 • Problem: 3-out-of-3 rational secret sharing. • Solution: a multi-round recovery approach. • In each round, dealer initiates a fresh secret sharing of the same secret. • During an iteration, each Pi flips a biased coin ci with Pr[ci = 1] = . • Players then compute c* =  ci by MPC without revealing ci-s. • If c* = ci = 1, player Pi broadcast his share. There are 3 possibilities: • If all shares are revealed, the secret is recovered and the protocol ends. • If c* = 1 and 0 or 2 shares are revealed, players terminate the protocol. • In any other cases, the dealer and players proceed to the next round.

  16. 3. Socio-Rational Secret Sharing • Motivation: we would like to consider a repeated secret sharing game where players enter into a long-term interaction for executing an unknown number of independent secret sharing schemes. • Contribution:a public trust network is constructed to incentivize players to be cooperative; they can then gain extra utilities. In other words, players avoid selfish behaviors due to the social reinforcement of the trust network. • Reminder:the concept of socio-rational secret sharing is new. • Social Secret Sharing: to update weightsof players in a setting with “honest” and “malicious” players. • Rational Secret Sharing: to deal with secret recovery in a rational setting with “selfish” players.

  17. Application in Repeated Games • Sealed-Bid Auctions: consider a repeated secret sharing game. • Bidders select “n” out of “N” auctioneers based on their reputation. • Each bidder then acts as an independent dealer and shares his bid. • Auctioneers simulate a secure MPC protocol to define the outcome. • In the last round of the MPC, they need to recover the selling price. • Only auctioneers who learn (report) the selling price are rewarded. • At the end of each game, the reputation of each auctioneer is updated.

  18. Our Construction in Nutshell decision making $ despite all the existing protocols • Utility Estimation Function: is used by a rational foresighted player. • Estimation of the future gain/loss due to the trust adjustment (virtual). • Learning the secret at the current time (real). • The number of other players learning the secret at the moment (real). • Prominent Properties: our solution • Has a single reconstruction round. • Provides a stable solution concept. • Is immune to rushing attack. • Prevents the players to abort.

  19. Utility Assumption Socio-Rational Rational • Rational vs Socio-Rational Secret Sharing: : whether Pi has learned the secret or not, and let . • The first preference illustrates that whether Pi learns the secret or not, he prefers to stay reputable. • The second assumption means Pi prefers the outcome in which he learns the secret. • The third one means Pi prefers the outcome in which the fewest number of other players learn the secret.

  20. Utility Computation assume Pi has contributed in two consecutive periods p and p-1 i [1 , 3] [-3 , -1] or [1 , 3]  = $100 ui’ Sample Function: which satisfies our utility assumptions.

  21. Protocol: Socio-Rational SS Non-reputable Newcomer Reputable %10 %30%60 Sharing Phase:

  22. Protocol: Socio-Rational SS Action Profile Reputation Profile Three Actions consider the current and a few games further only consider the current game Reconstruction Phase:

  23. Comparison (2,2)- Secret Sharing with Selfish Players (2,2)- Socio-Rational Secret Sharing (2,2)-Socio-Rational Secret Sharing: despite rational secret sharing, Cooperation is always the best strategy even if the other party defects. Utility Comparison: where

  24. Intuition and Motivation Reputation is a key point for having a successful social collaboration Rational players should have a long-term vision as reputable persons or companies gain more profit all the time

  25. Thank You Very Much Questions?

More Related