1 / 14

On the Round Complexity of Covert Computation

This paper explores the round complexity and feasibility of covert computation, a privacy-enhancing protocol where messages are hidden in innocent-looking conversations. The goal is to design a multi-party computation protocol with indistinguishable messages. The study focuses on point-to-point channels and considers both black-box and non-black-box simulations. The results show that constant-round covert two-party computation is impossible with black-box simulation, but constant-round covert multi-party computation is feasible without it.

dimmickm
Download Presentation

On the Round Complexity of Covert Computation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. On the Round Complexity of Covert Computation Vipul Goyal Abhishek Jain UCLA UCLA

  2. Covert Computation Strengthening of the notion of secure computation, introduced by Ahn-Hopper-Langford’05 Talk about privacy of not just input but also whether a party participated in the protocol or not Covert computation has similar relation to secure computation as stenographic communication has to encrypted communication

  3. Example: Secret Handshake Two (secret) hackers on the internet I suspect he is a member of the hacker group as well. Secure 2pc?

  4. Example: Secret Handshake he is a hacker!! Lets run 2pc to see if we are both hackers

  5. Secret Handshake contd.. If only there was a better protocol

  6. Ideally Completely agree, helps me get good grades in college Internet is such a great resource, I learn so much We are both hackers !!

  7. Covert Computation Parties talk as usual and hide protocol messages in the normal “innocent looking” conversation In the end, if: everyone participated output favorable (certificates matched) output and participation revealed to everyone Else, nobody knows who participated (parties just see normal messages)

  8. More technically The protocol messages “hidden” in the innocent conversation need to look random (otherwise participation revealed) [vAHL05] Thus: design an MPC protocol w/ messages indistinguishable from random (except when everyone participating and function output favorable, final messages will not look random) Various standard tools like ZK break down

  9. Covert Computation Ahn-Hopper-Langford’05: two party Chandran-Goyal-Ostrovsky-Sahai’07: multi-party assuming a broadcast channel Polynomial number of rounds (in s.p., depth of circuit) This work: focus on round complexity, feasibility for point to point channels

  10. Covert MPC w/ point to point channels Point to point channel: communication using, e.g., individual emails (as opposed to a mailing list) Standard techniques for MPC w/ point to point channels inherently break down Internet is such a great resource, I learn so much he said the same thing!! Internet is such a great resource, I learn so much

  11. Our Results We first consider the round complexity of covert computation: w/ black-box simulation: constant round covert two-party computation impossible non black-box simulation: constant round covert multi-party computation. Techniques: two slot simulation technique [Pass’04, Barak’01] crypto in NC0 [Applebaum-Ishai-Kushilevitz’04] We observe that our constant round MPC protocol inherits bounded concurrency from Pass’04 use this to show feasibility for covert MPC w/ point to point channels for a constant number of parties

  12. Covert MPC w/ Point to Point Channels Recall: we need protocol to run w/o more than 2 parties agreeing on a message (x1, x2) x1 x3 x2

  13. High level idea contd.. D C B A (x5, …, x8) (x1, …, x4) S 2-bounded 4-bounded

  14. Thank You!

More Related