MASCOT协议的参与方自适应变体

doi:10.11896/jsjkx.200400091

摘要/Abstract

摘要： 在过去十年中,安全多方计算(secure Multi-Party Computation,MPC)已经从纯理论研究发展到成为构建隐私保护应用程序的重要多功能工具。在CCS 2016上,Keller等提出安全多方计算协议-MASCOT,其预处理阶段基于不经意传输协议,而不是类似经典SPDZ协议采用的部分同态加密技术。这使得MASCOT的性能相比SPDZ提升了两个数量级。由于其出色性能和高可用性,MASCOT引起了工业界的广泛关注。但在实际应用环境中,仍然存在MASCOT不能满足的用户需求。其中主要的缺点是MASCOT无法支持在线计算阶段中发生的参与方变更。一个直观的解决方式是在对新的参与方集合重新运行预处理阶段,重新生成在线计算所需的数据材料。但是这明显造成了数据资源与时间的浪费。针对这一实际应用需求,文中在MASCOT的主要组件中进行技术微调,使其适应各类参与方集合发生变化的情况,包括新参与方加入、旧参与方退出以及新参与方替代旧参与方。将对预处理数据材料的处理限制在发生变更的参与方之间,或发生变更的参与方与未发生变更的参与方之间,避免在参与方集合中重新执行整个预处理阶段,有效降低适应参与方变更所需的数据与时间资源。此外,对MASCOT的微调是在保证与原MASCOT一致的功能、性能与安全性的前提下进行的。因此,MASCOT的参与方自适应变体更接近实际应用环境,适合广泛配置在隐私保护应用程序中。对已经配置了MASCOT协议的应用程序,也能快速地采用所提技术添加参与方自适应性。

关键词: MASCOT, SPDZ, 安全多方计算, 参与方自适应, 乘法三元组, 可认证加法分片, 隐私保护

Abstract: Over the last decade,secure multi-party computation (MPC) has made a great stride from a major theoretical area to the multi-functional tool for building privacy-preserving applications.At CCS 2016,Keller et al.presented MPC protocol MASCOT with preprocessing phase based on oblivious transfer (OT),instead of somewhat homomorphic encryption that classical SPDZ adopts,which improves by two orders of magnitude compared to SPDZ.Due to its superior performance and high availability,MASCOT has drew a lot of attention from industry.But in practical application environment,there are still users' needs that MASCOT cannot satisfy.The main disadvantage is that it is unable to handle changes in the set of parties during online computing phase.A straight forward solution is to regenerate the raw data materials required for online computation by rerunning the entire preprocessing phase among the new set of parties,which obviously results in a serious waste of data and time resources.For this practical issue,the main components of MASCOT are tweaked to adapt to the various changes of the set of parties,including new parties joining in,old parties dropping out and new parties replacing old parties.By strictly restricting the communications for pre-processed data to parties that have changed,or between parties those have changed and who have not changed,the whole preprocessing phase is avoided to be redone among parties remained after change,and it effectively reduces the data and time for suit parties changing.In addition,the minor modification of MASCOT is carried out on the premise of ensuring the functionality,performance and security consistent with the original MASCOT.In a word,the participant-adaptive variant of MASCOT is closer to the actual application environment and is suitable for extensive deployment in applications with privacy.The technique can also be easily used to add participant adaptability to deployed MASCOT protocol as it only fine-tunes the preprocessing phase in a subtle way.

Key words: Authenticated additive sharing, MASCOT, Multi-party computation, Multiplication triple, Participant-adaptive, Privacy-preserving, SPDZ

中图分类号:

TP309.2

李艳斌, 刘瑜, 李木舟, 吴韧韬, 王鹏达. MASCOT协议的参与方自适应变体[J]. 计算机科学, 2020, 47(11A): 380-387. https://doi.org/10.11896/jsjkx.200400091

LI Yan-bin, LIU Yu, LI Mu-zhou, WU Ren-tao, WANG Peng-da. Participant-adaptive Variant of MASCOT[J]. Computer Science, 2020, 47(11A): 380-387. https://doi.org/10.11896/jsjkx.200400091

参考文献

[1] YAO A.Protocols for Secure Computations (Extended Abstract)[C]//IEEE Annual Symposium on Foundations of Computer Science(FOCS).1982:160-164.
[2] LIPMAA H,ASOKAN N,NIEMI V.Secure Vickrey Auctions without Threshold Trust[C]//Financial Cryptography.2002:87-101.
[3] PARKES D,RABIN M,SHIEBER S,et al.Practical Secrecy-Preserving,Verifiably Correct and Trustworthy Auctions[J].Electronic Commerce Research and Applications,2006,7(3):70-81.
[4] RABIN M,MANSOUR Y,MUTHUKRISHNAN S,et al.Strictly-Black-Box Zero-Knowledge and Efficient Validation of Financial Transactions[C]// International Colloquium on Automata,Languages,and Programming (ICALP).2012:738-749.
[5] KUSTERS R,TRUDERUNG T,VOGT A.A Game-based Definition of Coercion Resistance and its Applications[J].Journal of Computer Security,2012,20(6):709-764.
[6] ZHONG H,HUANG L,LUO Y.A Multi-Candidate Electronic Voting Scheme Based on Secure Sum Protocol[J].Journal of Computer Research and Development,2006,43(8):1405-1410.
[7] LUO Y,XU Z,HUANG L.Secure Multi-party Statistical Analysis Problems and Their Applications[J].Computer Engineering and Application.2005,24:145-147.
[8] LIU J,JUUTI M,LU Y,et al.Oblivious Neural Network Predictions via MiniONN Transformations[C]//ACM Conference on Computer and Communications Security.2017:619-631.
[9] YAGA D,MELL P,ROBY N,et al.Blockchain TechnologyOverview:NIST Interagency/Internal Report (NISTIR)-8202[R].2018.
[10] WANG T,MA W,LUO W.Information Sharingand SecureMulti-party Computing Model Based on Blockchain[J].ComputerScience,2019,46(9):162-168.
[11] KOSBA A,MILLER A,SHI E,et al.Hawk:The BlockchainModel of Cryptography and Privacy-Preserving Smart Contracts[C]//IEEE Symposium on Security and Privacy.2016:839-858.
[12] ZYSKIND G,NATHAN O,PENTLAND A.Decentralizing Privacy:Using Blockchain to Protect Personal Data[C]//IEEE Symposium on Security and Privacy Workshops.2015:180-184.
[13] YAO A.Howto Generate and Exchange Secrets (Extended Abstract)[C]//IEEE Annual Symposium on Foundations of Computer Science (FOCS).1986:162-167.
[14] GOLDREICH O.The Foundations of Cryptography-Volume 2:Basic Applications[M].Cambridge University Press,2004.
[15] GOLDREICH O,MICALI S,WIGDERSON A.How to Play any Mental Game or A Completeness Theorem for Protocols withHonest Majority[C]//ACM Symposium on Theory of Computing (STOC).1987:218-229.
[16] BEN-OR M,GOLDWASSER S,WIGDERSON A.Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract)[C]//ACM Symposium on Theory of Computing(STOC).1988:1-10.
[17] BEAVER D,MICALI S,ROGAWAY P.The Round Complexity of Secure Protocols (Extended Abstract)[C]//ACM Symposium on Theory of Computing(STOC).1990:503-513.
[18] KOLESNIKOV V.GateEvaluationSecret SharingandSecureOne-RoundTwo-PartyComputation[C]//The 11^th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT).2005:136-155.
[19] KOLESNIKOV V.Secure Two-party Computation and Communication [D].Canada:University of Toronto,2006.
[20] BENDLIN R,DAMGARD I,ORLANDI C,et al.Semi-homo-morphic Encryption and MultipartyComputation[C]//The 30^th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).2011:169-188.
[21] DAMGARD I,PASTRO V,SMART N,et al.Multiparty Computation from Somewhat Homomorphic Encryption[C]//The 32^nd Annual Cryptology Conference (CRYPTO).2012:643-662.
[22] CRAMER R,DAMGARD I.On the Amortized Complexity ofZero-Knowledge Protocols[C]//The 29^th Annual Cryptology Conference (CRYPTO).2009:177-191.
[23] DAMGARD I,KELLER M,LARRAIA E,et al.Practical Covertly Secure MPC for Dishonest Majority-Or:Breaking the SPDZ Limits[C]//European Symposium on Research in Computer Security(ESORICS).2013:1-18.
[24] KELLER M,ORSINI E,SCHOLL P.MASCOT:Faster Malicious Arithmetic Secure Computation with Oblivious Transfer[C]//ACM Conference on Computer and Communications Security.2016:830-842.
[25] KELLER M,PASTRO V,ROTARU D.Overdrive:Making SPDZ Great Again[C]//The 37^th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).2018:158-189.
[26] MOHASSELP,RINDAL P.ABY 3:A Mixed Protocol Framework for Machine Learning[C]//ACM Conference on Computer and Communications Security.2018:35-52.
[27] BUSCHER N,HOLZER A,WEBER A,et al.Compiling LowDepth Circuits for Practical Secure Computation[C]//European Symposium on Research in Computer Security (ESORICS).2016:80-98.
[28] WANG X,MALOZEMOFF A J,KATZ J.EMP-toolkit:Effi-cient Multi-Party computation toolkit[EB/OL].(2016-11-03) [2016-11-03].https://github.com/emp-toolkit.
[29] Alexandra Institute.FRESCO-A Framework for Efficient Secure Computation[EB/OL].(2020-01-07) [2020-01-07].https://github.com/aicis/fresco.
[30] MOODB,GUPTA D,CARTER H,et al.Frigate:A Validated,Extensible,and Efficient Compiler and Interpreter for Secure Computation[C]//IEEE European Symposium on Security and Privacy (EuroS&P).2016:112-127.
[31] Multiparty.org Development Team.JavaScript implementation of federated functionalities[EB/OL].(2020-04-07) [2020-04-07].https://github.com/multiparty/jiff.
[32] SCHOENMAKERS B.MPyC:Secure Multiparty Computationin Python[EB/OL].(2020-06-06) [2020-06-06].https://github.com/lschoe/mpyc.
[33] ZAHUR S,EVANS D.Obliv-C:A Language for Extensible Data Oblivious Computation[R].Cryptology ePrint Archive,Report 2015:1153.
[34] LIU C,WANG X S,NAYAK K,et al.ObliVM:A Programming Framework for Secure Computation[C]//IEEE Symposium on Security and Privacy.2015:359-376.
[35] ZHANG Y,STEELE A,BLANTON M.PICCO:a General-purpose Compiler for Private Distributed Computation[C]//ACM Conference on Computer and Communications Security.2013:813-826.
[36] KU Leuven COSIC.SCALE-MAMBA[EB/PL].(2020-05-06)[2020-05-06].https://github.com/KULeuven-COSIC/SCALE-MAMBA.
[37] KELLER M.MP-SPDZ:A Versatile Framework for Multi-Party Computation[J].Cryptology ePrint Archive,Report 2020:521.
[38] BEAVER D.Efficient Multiparty Protocols Using Circuit Randomization[C]//The 11^th Annual International Cryptology Conference (CRYPTO).1991:420-432.
[39] LARRAIA E.Extending Oblivious Transfer Efficiently-or-How to Get Active Security with ConstantCryptographic Overhead[C]//The 3^rdInternational Conference on Cryptology and Information Security in Latin America (LATINCRYPT).2014:368-386.

相关文章 15

[1]	鲁晨阳, 邓苏, 马武彬, 吴亚辉, 周浩浩. 基于分层抽样优化的面向异构客户端的联邦学习 Federated Learning Based on Stratified Sampling Optimization for Heterogeneous Clients 计算机科学, 2022, 49(9): 183-193. https://doi.org/10.11896/jsjkx.220500263
[2]	汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3]	吕由, 吴文渊. 隐私保护线性回归方案与应用 Privacy-preserving Linear Regression Scheme and Its Application 计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190
[4]	窦家维. 保护隐私的汉明距离与编辑距离计算及应用 Privacy-preserving Hamming and Edit Distance Computation and Applications 计算机科学, 2022, 49(9): 355-360. https://doi.org/10.11896/jsjkx.220100241
[5]	卫宏儒, 李思月, 郭涌浩. 基于智能合约的秘密重建协议 Secret Reconstruction Protocol Based on Smart Contract 计算机科学, 2022, 49(6A): 469-473. https://doi.org/10.11896/jsjkx.210700033
[6]	王健. 基于隐私保护的反向传播神经网络学习算法 Back-propagation Neural Network Learning Algorithm Based on Privacy Preserving 计算机科学, 2022, 49(6A): 575-580. https://doi.org/10.11896/jsjkx.211100155
[7]	李利, 何欣, 韩志杰. 群智感知的隐私保护研究综述 Review of Privacy-preserving Mechanisms in Crowdsensing 计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077
[8]	王美珊, 姚兰, 高福祥, 徐军灿. 面向医疗集值数据的差分隐私保护技术研究 Study on Differential Privacy Protection for Medical Set-Valued Data 计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032
[9]	吕由, 吴文渊. 基于同态加密的线性系统求解方案 Linear System Solving Scheme Based on Homomorphic Encryption 计算机科学, 2022, 49(3): 338-345. https://doi.org/10.11896/jsjkx.201200124
[10]	孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008
[11]	金华, 朱靖宇, 王昌达. 视频隐私保护技术综述 Review on Video Privacy Protection 计算机科学, 2022, 49(1): 306-313. https://doi.org/10.11896/jsjkx.201200047
[12]	雷羽潇, 段玉聪. 面向跨模态隐私保护的AI治理法律技术化框架 AI Governance Oriented Legal to Technology Bridging Framework for Cross-modal Privacy Protection 计算机科学, 2021, 48(9): 9-20. https://doi.org/10.11896/jsjkx.201000011
[13]	王辉, 朱国宇, 申自浩, 刘琨, 刘沛骞. 基于用户偏好和位置分布的假位置生成方法 Dummy Location Generation Method Based on User Preference and Location Distribution 计算机科学, 2021, 48(7): 164-171. https://doi.org/10.11896/jsjkx.200800069
[14]	季琰, 戴华, 姜莹莹, 杨庚, 易训. 面向混合云的可并行多关键词Top-k密文检索技术 Parallel Multi-keyword Top-k Search Scheme over Encrypted Data in Hybrid Clouds 计算机科学, 2021, 48(5): 320-327. https://doi.org/10.11896/jsjkx.200300160
[15]	郭蕊, 芦天亮, 杜彦辉. WSN中基于目标决策的源位置隐私保护方案 Source-location Privacy Protection Scheme Based on Target Decision in WSN 计算机科学, 2021, 48(5): 334-340. https://doi.org/10.11896/jsjkx.200400099

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed