論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
論文名稱 Title |
安全且可重覆使用之模糊隨機存取機器 Secure Reusable Garbled Random Access Machine |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
59 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2015-06-24 |
繳交日期 Date of Submission |
2015-08-18 |
關鍵字 Keywords |
亂碼電路、安全計算、亂碼隨機存取機器、惡意模型 Garbled Circuits, Malicious Model, Garbled RAM, Secure Computation |
||
統計 Statistics |
本論文已被瀏覽 5731 次,被下載 39 次 The thesis/dissertation has been browsed 5731 times, has been downloaded 39 times. |
中文摘要 |
在1980年代,Yao提出了一種安全計算方式,可以使得任兩方,一方持有函式f,一方持有資料x的環境中,在不洩漏f和x的情形下計算出f(x),因為這項特性讓亂碼電路得應用變得廣泛,例如雲端外包、委外運算以及資料探勘等方面的應用。但是每次當我們想要模糊一個程式的時候,都必須先將它轉換成電路型式才能加以模糊。在2013年,Lu和Ostrovsky提出了亂碼隨機存取機器,利用虛擬隨機函數以及Beaver-Micali-Rogaway的方法來建構在半誠實模型上的模糊隨機存取機器,這使得隨機存取機器程式可以直接地被模糊化。 在Lu和Ostrovsky的設計中,亂碼資料是可以被重複使用的,但亂碼程式並不能被重複使用。因此我們提出了可以重複使用的模糊隨機存取機器,亂碼資料和亂碼程式都可以重複使用。我們第一個架構設計在半誠實模型上,具有較低的計算成本,但無法防禦惡意攻擊者,適合在信任度較高的環境下運作;而第二個架構構築在Lindell和Pinkas的方法上,Lindell和Pinkas利用Cut-and-Choose演算法來抵禦在安全雙方運算中的惡意攻擊者,我們利用此項特性來協助我們設計能抵擋有惡意攻擊者存在的機制。 |
Abstract |
In 1980s, Yao proposed a secure computation which can allow two parties, one of which has a function f(⋅) and the other one has data x, to compute f(x) without revealing anything about f and x. Garbled circuits got numerous applications. But every time we want to garble a program, we need to convert it into a circuit first. In 2013, Lu and Ostrovsky proposed the garbled random-access machines, which can garble a RAM program directly. They constructed garbled RAM based on the pseudo-random functions and the Beaver-Micali-Rogaway paradigm in the semi-honest model. In Lu-Ostrovsky construction, the garbled data is reusable, but the garbled programs are not reusable. Therefore, we propose a reusable garbled RAM with both the reusable data and programs. Our first construction is designed in the semi-honest model for less computational cost. The second construction is based on the approach of Lindell and Pinkas, which used the cut-and-choose technique to resist the malicious adversary. |
目次 Table of Contents |
論文審定書i Acknowledgments iv 摘要v Abstract vi List of Figures ix List of Tables x Chapter 1 Introduction 1 1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 2 Preliminaries 4 2.1 Random Access Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Oblivious Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3 Secure Two-Party Computation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.4 Identity-Based Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.5 Semi-Honest Model versus Malicious Model . . . . . . . . . . . . . . . . . . . . 9 Chapter 3 Related Works 10 3.1 Yao’s Protocol [38] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Abadi et al.’s Protocol [1] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.2.1 Review of Abadi et al.’s Protocol . . . . . . . . . . . . . . . . . . . . . . 12 3.3 Beaver et al.’s Protocol [7] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.3.1 Review of Beaver et al.’s Protocol . . . . . . . . . . . . . . . . . . . . . 14 3.4 Feige et al.’s Protocol [14] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4.1 Review of Feige et al.’s Protocol . . . . . . . . . . . . . . . . . . . . . . 19 3.5 Gentry et al.’s Protocol [16] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.5.1 Review of Gentry et al.’s Protocol . . . . . . . . . . . . . . . . . . . . . 22 Chapter 4 Our Construction 23 4.1 Garbling RAM programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.2 Approach Against Malicious Adversary . . . . . . . . . . . . . . . . . . . . . . . 27 Chapter 5 Security Analysis 30 5.1 Security Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.2 Double-Encryption Security [30] . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.3 Security Proof of Garbled Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5.4 Security Proof in Semi-Honest Model . . . . . . . . . . . . . . . . . . . . . . . . 34 5.5 Security Proof in Malicious Model . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.5.1 Security Against a Malicious P . . . . . . . . . . . . . . . . . . . . . . . 38 5.5.2 Security Against a Malicious D . . . . . . . . . . . . . . . . . . . . . . . 39 Chapter 6 Comparison 41 Chapter 7 Conclusion 43 Bibliography 44 |
參考文獻 References |
[1] Martin Abadi and Joan Feigenbaum. Secure circuit evaluation. Journal of Cryptology, 2(1):1–12, 1990. [2] Benny Applebaum. Key-dependent message security: Generic amplification and completeness. Journal of Cryptology, 27(3):429–451, 2014. [3] Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz. Computationally private randomizing polynomials and their applications. Computational Complexity, 15(2):115–162, 2006. [4] Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz. From secrecy to soundness: Efficient verification via secure computation. In Automata, Languages and Programming, pages 152–163. Springer, 2010. [5] Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz. How to garble arithmetic circuits. SIAM Journal on Computing, 43(2):905–929, 2014. [6] Boaz Barak, Iftach Haitner, Dennis Hofheinz, and Yuval Ishai. Bounded key-dependent message security. In Advances in Cryptology–EUROCRYPT 2010, pages 423–444. Springer, 2010. [7] Donald Beaver, Silvio Micali, and Phillip Rogaway. The round complexity of secure protocols. In Proceedings of the twenty-second annual ACM symposium on Theory of computing, pages 503–513. ACM, 1990. [8] Dan Boneh and Matt Franklin. Identity-based encryption from the weil pairing. In Advances in Cryptology—CRYPTO 2001, pages 213–229. Springer, 2001. [9] Michael Brenner, Jan Wiebelitz, Gabriele von Voigt, and Matthew Smith. Secret program execution in the cloud applying homomorphic encryption. In Digital Ecosystems and Technologies Conference (DEST), 2011 Proceedings of the 5th IEEE International Conference on, pages 114–119. IEEE, 2011. [10] Christian Cachin, Jan Camenisch, Joe Kilian, and Joy Müller. One-round secure computation and secure autonomous mobile agents. Springer, 2000. [11] Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143–202, 2000. [12] Clifford Cocks. An identity based encryption scheme based on quadratic residues. In Cryptography and coding, pages 360–363. Springer, 2001. [13] Shimon Even, Oded Goldreich, and Abraham Lempel. A randomized protocol for signing contracts. Communications of the ACM, 28(6):637–647, 1985. [14] Uri Feige, Joe Killian, and Moni Naor. A minimal model for secure computation. In Proceedings of the twenty-sixth annual ACM symposium on Theory of computing, pages 554–563. ACM, 1994. [15] Matthew Franklin and Moti Yung. Communication complexity of secure computation. In Proceedings of the twenty-fourth annual ACM symposium on Theory of computing, pages 699–710. ACM, 1992. [16] Craig Gentry, Shai Halevi, Steve Lu, Rafail Ostrovsky, Mariana Raykova, and Daniel Wichs. Garbled ram revisited. In Advances in Cryptology–EUROCRYPT 2014, pages 405–422. Springer, 2014. [17] Oded Goldreich. Cryptography and cryptographic protocols. 2001. [18] Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game. In Proceedings of the nineteenth annual ACM symposium on Theory of computing, pages 218–229. ACM, 1987. [19] Oded Goldreich and Rafail Ostrovsky. Software protection and simulation on oblivious rams. Journal of the ACM (JACM), 43(3):431–473, 1996. [20] Yuval Ishai and Eyal Kushilevitz. Randomizing polynomials: A new representation with applications to round-efficient secure computation. In Foundations of Computer Science, 2000. Proceedings. 41st Annual Symposium on, pages 294–304. IEEE, 2000. [21] Yuval Ishai and Eyal Kushilevitz. Perfect constant-round secure computation via perfect randomizing polynomials. In Automata, Languages and Programming, pages 244–256. Springer, 2002. [22] Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. Cryptography with constant computational overhead. In Proceedings of the fortieth annual ACM symposium on Theory of computing, pages 433–442. ACM, 2008. [23] Stanisław Jarecki and Vitaly Shmatikov. Efficient two-party secure computation on committed inputs. In Advances in Cryptology-EUROCRYPT 2007, pages 97–114. Springer, 2007. [24] S Kamara and L Wei. Special-purpose garbled circuits. Unpublished manuscript, 2012. [25] Seny Kamara, Payman Mohassel, and Mariana Raykova. Outsourcing multi-party computation. IACR Cryptology ePrint Archive, 2011:272, 2011. [26] Jonathan Katz and Rafail Ostrovsky. Round-optimal secure two-party computation. In Advances in Cryptology–CRYPTO 2004, pages 335–354. Springer, 2004. [27] Mehmet Kiraz. Secure and fair two-party computation. In Proc. of EUROCRYPT, volume 3, 2008. [28] Yehuda Lindell and Benny Pinkas. A proof of yao’s protocol for secure two-party computation. In Electronic Colloquium on Computational Complexity, 2004. [29] Yehuda Lindell and Benny Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In Advances in Cryptology-EUROCRYPT 2007, pages 52–78. Springer, 2007. [30] Yehuda Lindell and Benny Pinkas. A proof of security of yao’s protocol for two-party computation. Journal of Cryptology, 22(2):161–188, 2009. [31] Yehuda Lindell and Benny Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. Journal of cryptology, 25(4):680–722, 2012. [32] Steve Lu and Rafail Ostrovsky. How to garble ram programs. In EUROCRYPT, volume 7881, pages 719–734. Springer, 2013. [33] Benjamin Mood, Lara Letaw, and Kevin Butler. Memory-efficient garbled circuit generation for mobile devices. In Financial Cryptography and Data Security, pages 254–268. Springer, 2012. [34] Moni Naor, Benny Pinkas, and Reuban Sumner. Privacy preserving auctions and mechanism design. In Proceedings of the 1st ACM conference on Electronic commerce, pages 129–139. ACM, 1999. [35] Michael O Rabin. How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive, 2005:187, 2005. [36] Amit Sahai and Hakan Seyalioglu. Worry-free encryption: functional encryption with public keys. In Proceedings of the 17th ACM conference on Computer and communications security, pages 463–472. ACM, 2010. [37] Adi Shamir. Identity-based cryptosystems and signature schemes. In Advances in cryptology, pages 47–53. Springer, 1985. [38] Andrew C Yao. How to generate and exchange secrets. In Foundations of Computer Science, 1986., 27th Annual Symposium on, pages 162–167. IEEE, 1986. [39] Andrew Chi-Chih Yao. Protocols for secure computations. In FOCS, volume 82, pages 160–164, 1982. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:自定論文開放時間 user define 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus: 已公開 available |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |