Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Talk] Ghada Almashaqbeh: Gage MPC: Bypassing Residual Function Leakage for Non-Interactive MPC #50

Open
ninitrava opened this issue Nov 18, 2021 · 2 comments
Assignees
Labels

Comments

@ninitrava
Copy link

Speaker name

Institution

  • University of Connecticut

Suggested topic

Abstract: Existing models for non-interactive MPC cannot provide full privacy for inputs, because they inherently leak the residual function (i.e., the output of the function on the honest parties’ input together with all possible values of the adversarial inputs). For example, in any non-interactive sealed-bid auction, the last bidder can figure out what was the highest previous bid.
We present a new MPC model which avoids this privacy leak. To achieve this, we utilize a blockchain in a novel way, incorporating smart contracts and arbitrary parties that can be incentivized to perform computation (“bounty hunters,” akin to miners). Security is maintained under a monetary assumption about the parties: an honest party can temporarily supply a recoverable collateral of value higher than the computational cost an adversary can expend. We thus construct non-interactive MPC protocols with strong security guarantees (full security, no residual leakage) in the short term. Over time, as the adversary can invest more and more computational resources, the security guarantee decays. Thus, our model, which we call Gage MPC, is suitable for secure computation with limited-time secrecy, such as auctions.
A key ingredient in our protocols is a primitive we call “Gage Time Capsules” (GaTC): a time capsule that allows a party to commit to a value that others are able to reveal but only at a designated computational cost. A GaTC allows a party to commit to a value together with a monetary collateral. If the original party properly opens the GaTC, it can recover the collateral. Otherwise, the collateral is used to incentivize bounty hunters to open the GaTC. This primitive is used to ensure completion of Gage MPC protocols on the desired inputs. As a requisite tool (of independent interest), we present a generalization of garbled circuit that are more robust: they can tolerate exposure of extra input labels. This is in contrast to Yao’s garbled circuits, whose secrecy breaks down if even a single extra label is exposed.

This is a joint work with Fabrice Benhamouda, Seungwook Han, Daniel Jaroslawicz, Tal Malkin, Alex Nicita, Tal Rabin, Abhishek Shah, and Eran Tromer.

Relevant paper (if any)

Relevant groups at PL

  • CryptoNet, CryptoCompute
@tjd233
Copy link
Contributor

tjd233 commented Nov 19, 2021

@ninitrava do you happen to know Ghada personally/professionally? If I were to mention your name when reaching out would they know you? Thanks!

@jsoares jsoares added the talk label Nov 25, 2021
@jsoares jsoares changed the title Ghada Almashaqbeh: Gage MPC: Bypassing Residual Function Leakage for Non-Interactive MPC [Talk] Ghada Almashaqbeh: Gage MPC: Bypassing Residual Function Leakage for Non-Interactive MPC Nov 25, 2021
@jpeg07
Copy link
Contributor

jpeg07 commented Feb 2, 2022

talk is currently scheduled for Feb 22, 2022. Will close issue when YouTube link is uploaded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants