Exploring the boundaries of topology-hiding computation

Marshall Ball; Elette Boyle; Tal Malkin; Tal Moran

doi:10.1007/978-3-319-78372-7_10

Exploring the boundaries of topology-hiding computation

Marshall Ball, Elette Boyle, Tal Malkin, Tal Moran

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Topology-hiding computation (THC) is a form of multi-party computation over an incomplete communication graph that maintains the privacy of the underlying graph topology. In a line of recent works [Moran, Orlov & Richelson TCC’15, Hirt et al. CRYPTO’16, Akavia & Moran EUROCRYPT’17, Akavia et al. CRYPTO’17], THC protocols for securely computing any function in the semi-honest setting have been constructed. In addition, it was shown by Moran et al. that in the fail-stop setting THC with negligible leakage on the topology is impossible. In this paper, we further explore the feasibility boundaries of THC. We show that even against semi-honest adversaries, topology-hiding broadcast on a small (4-node) graph implies oblivious transfer; in contrast, trivial broadcast protocols exist unconditionally if topology can be revealed.We strengthen the lower bound of Moran et al. identifying and extending a relation between the amount of leakage on the underlying graph topology that must be revealed in the fail-stop setting, as a function of the number of parties and communication round complexity: Any n-party protocol leaking bits for must have rounds. We then present THC protocols providing close-to-optimal leakage rates, for unrestricted graphs on n nodes against a fail-stop adversary controlling a dishonest majority of the n players. These constitute the first general fail-stop THC protocols. Specifically, for this setting we show: A THC protocol that leaks at most one bit and requires rounds.A THC protocol that leaks at most bits for arbitrarily small non-negligible, and requires rounds. These protocols also achieve full security (with no leakage) for the semi-honest setting. Our protocols are based on one-way functions and a (stateless) secure hardware box primitive. This provides a theoretical feasibility result, a heuristic solution in the plain model using general-purpose obfuscation candidates, and a potentially practical approach to THC via commodity hardware such as Intel SGX. Interestingly, even with such hardware, proving security requires sophisticated simulation techniques.

Original language	English (US)
Title of host publication	Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings
Editors	Jesper Buus Nielsen, Vincent Rijmen
Publisher	Springer Verlag
Pages	294-325
Number of pages	32
ISBN (Print)	9783319783710
DOIs	https://doi.org/10.1007/978-3-319-78372-7_10
State	Published - 2018
Event	37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018 - Tel Aviv, Israel Duration: Apr 29 2018 → May 3 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10822 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018
Country/Territory	Israel
City	Tel Aviv
Period	4/29/18 → 5/3/18

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-78372-7_10

Cite this

Ball, M., Boyle, E., Malkin, T., & Moran, T. (2018). Exploring the boundaries of topology-hiding computation. In J. B. Nielsen, & V. Rijmen (Eds.), Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings (pp. 294-325). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10822 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-78372-7_10

Exploring the boundaries of topology-hiding computation. / Ball, Marshall; Boyle, Elette; Malkin, Tal et al.
Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings. ed. / Jesper Buus Nielsen; Vincent Rijmen. Springer Verlag, 2018. p. 294-325 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10822 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ball, M, Boyle, E, Malkin, T & Moran, T 2018, Exploring the boundaries of topology-hiding computation. in JB Nielsen & V Rijmen (eds), Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10822 LNCS, Springer Verlag, pp. 294-325, 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018, Tel Aviv, Israel, 4/29/18. https://doi.org/10.1007/978-3-319-78372-7_10

Ball M, Boyle E, Malkin T, Moran T. Exploring the boundaries of topology-hiding computation. In Nielsen JB, Rijmen V, editors, Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings. Springer Verlag. 2018. p. 294-325. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-78372-7_10

Ball, Marshall ; Boyle, Elette ; Malkin, Tal et al. / Exploring the boundaries of topology-hiding computation. Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings. editor / Jesper Buus Nielsen ; Vincent Rijmen. Springer Verlag, 2018. pp. 294-325 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f568d9bcb55f4a8fbc7e7fdc7f61985c,

title = "Exploring the boundaries of topology-hiding computation",

abstract = "Topology-hiding computation (THC) is a form of multi-party computation over an incomplete communication graph that maintains the privacy of the underlying graph topology. In a line of recent works [Moran, Orlov & Richelson TCC{\textquoteright}15, Hirt et al. CRYPTO{\textquoteright}16, Akavia & Moran EUROCRYPT{\textquoteright}17, Akavia et al. CRYPTO{\textquoteright}17], THC protocols for securely computing any function in the semi-honest setting have been constructed. In addition, it was shown by Moran et al. that in the fail-stop setting THC with negligible leakage on the topology is impossible. In this paper, we further explore the feasibility boundaries of THC. We show that even against semi-honest adversaries, topology-hiding broadcast on a small (4-node) graph implies oblivious transfer; in contrast, trivial broadcast protocols exist unconditionally if topology can be revealed.We strengthen the lower bound of Moran et al. identifying and extending a relation between the amount of leakage on the underlying graph topology that must be revealed in the fail-stop setting, as a function of the number of parties and communication round complexity: Any n-party protocol leaking bits for must have rounds. We then present THC protocols providing close-to-optimal leakage rates, for unrestricted graphs on n nodes against a fail-stop adversary controlling a dishonest majority of the n players. These constitute the first general fail-stop THC protocols. Specifically, for this setting we show: A THC protocol that leaks at most one bit and requires rounds.A THC protocol that leaks at most bits for arbitrarily small non-negligible, and requires rounds. These protocols also achieve full security (with no leakage) for the semi-honest setting. Our protocols are based on one-way functions and a (stateless) secure hardware box primitive. This provides a theoretical feasibility result, a heuristic solution in the plain model using general-purpose obfuscation candidates, and a potentially practical approach to THC via commodity hardware such as Intel SGX. Interestingly, even with such hardware, proving security requires sophisticated simulation techniques.",

author = "Marshall Ball and Elette Boyle and Tal Malkin and Tal Moran",

note = "Funding Information: M. Ball—Supported in part by the Defense Advanced Research Project Agency (DARPA) and Army Research Office (ARO) under Contract #W911NF-15-C-0236, NSF grants #CNS1445424 and #CCF-1423306, ISF grant no. 1790/13, and the Check Point Institute for Information Security. E. Boyle—Supported in part by ISF grant 1861/16, AFOSR Award FA9550-17-1-0069, and ERC Grant no. 307952. T.Malkin—Supported in part by the Defense Advanced Research Project Agency (DARPA) and Army Research Office (ARO) under Contract #W911NF-15-C-0236, NSF grants #CNS1445424 and #CCF-1423306, and the Leona M. & Harry B. Helmsley Charitable Trust. Any opinions, findings and conclusions or recommendations expressed are those of the authors and do not necessarily reflect the views of the Defense Advanced Research Projects Agency, Army Research Office, the National Science Foundation, or the U.S. Government. T. Moran—Supported in part by ISF grant no. 1790/13 and by the Bar-Ilan Cyber-center. Publisher Copyright: {\textcopyright} 2018, International Association for Cryptologic Research.; 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018 ; Conference date: 29-04-2018 Through 03-05-2018",

year = "2018",

doi = "10.1007/978-3-319-78372-7_10",

language = "English (US)",

isbn = "9783319783710",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "294--325",

editor = "Nielsen, {Jesper Buus} and Vincent Rijmen",

booktitle = "Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings",

}

TY - GEN

T1 - Exploring the boundaries of topology-hiding computation

AU - Ball, Marshall

AU - Boyle, Elette

AU - Malkin, Tal

AU - Moran, Tal

N1 - Funding Information: M. Ball—Supported in part by the Defense Advanced Research Project Agency (DARPA) and Army Research Office (ARO) under Contract #W911NF-15-C-0236, NSF grants #CNS1445424 and #CCF-1423306, ISF grant no. 1790/13, and the Check Point Institute for Information Security. E. Boyle—Supported in part by ISF grant 1861/16, AFOSR Award FA9550-17-1-0069, and ERC Grant no. 307952. T.Malkin—Supported in part by the Defense Advanced Research Project Agency (DARPA) and Army Research Office (ARO) under Contract #W911NF-15-C-0236, NSF grants #CNS1445424 and #CCF-1423306, and the Leona M. & Harry B. Helmsley Charitable Trust. Any opinions, findings and conclusions or recommendations expressed are those of the authors and do not necessarily reflect the views of the Defense Advanced Research Projects Agency, Army Research Office, the National Science Foundation, or the U.S. Government. T. Moran—Supported in part by ISF grant no. 1790/13 and by the Bar-Ilan Cyber-center. Publisher Copyright: © 2018, International Association for Cryptologic Research.

PY - 2018

Y1 - 2018

N2 - Topology-hiding computation (THC) is a form of multi-party computation over an incomplete communication graph that maintains the privacy of the underlying graph topology. In a line of recent works [Moran, Orlov & Richelson TCC’15, Hirt et al. CRYPTO’16, Akavia & Moran EUROCRYPT’17, Akavia et al. CRYPTO’17], THC protocols for securely computing any function in the semi-honest setting have been constructed. In addition, it was shown by Moran et al. that in the fail-stop setting THC with negligible leakage on the topology is impossible. In this paper, we further explore the feasibility boundaries of THC. We show that even against semi-honest adversaries, topology-hiding broadcast on a small (4-node) graph implies oblivious transfer; in contrast, trivial broadcast protocols exist unconditionally if topology can be revealed.We strengthen the lower bound of Moran et al. identifying and extending a relation between the amount of leakage on the underlying graph topology that must be revealed in the fail-stop setting, as a function of the number of parties and communication round complexity: Any n-party protocol leaking bits for must have rounds. We then present THC protocols providing close-to-optimal leakage rates, for unrestricted graphs on n nodes against a fail-stop adversary controlling a dishonest majority of the n players. These constitute the first general fail-stop THC protocols. Specifically, for this setting we show: A THC protocol that leaks at most one bit and requires rounds.A THC protocol that leaks at most bits for arbitrarily small non-negligible, and requires rounds. These protocols also achieve full security (with no leakage) for the semi-honest setting. Our protocols are based on one-way functions and a (stateless) secure hardware box primitive. This provides a theoretical feasibility result, a heuristic solution in the plain model using general-purpose obfuscation candidates, and a potentially practical approach to THC via commodity hardware such as Intel SGX. Interestingly, even with such hardware, proving security requires sophisticated simulation techniques.

AB - Topology-hiding computation (THC) is a form of multi-party computation over an incomplete communication graph that maintains the privacy of the underlying graph topology. In a line of recent works [Moran, Orlov & Richelson TCC’15, Hirt et al. CRYPTO’16, Akavia & Moran EUROCRYPT’17, Akavia et al. CRYPTO’17], THC protocols for securely computing any function in the semi-honest setting have been constructed. In addition, it was shown by Moran et al. that in the fail-stop setting THC with negligible leakage on the topology is impossible. In this paper, we further explore the feasibility boundaries of THC. We show that even against semi-honest adversaries, topology-hiding broadcast on a small (4-node) graph implies oblivious transfer; in contrast, trivial broadcast protocols exist unconditionally if topology can be revealed.We strengthen the lower bound of Moran et al. identifying and extending a relation between the amount of leakage on the underlying graph topology that must be revealed in the fail-stop setting, as a function of the number of parties and communication round complexity: Any n-party protocol leaking bits for must have rounds. We then present THC protocols providing close-to-optimal leakage rates, for unrestricted graphs on n nodes against a fail-stop adversary controlling a dishonest majority of the n players. These constitute the first general fail-stop THC protocols. Specifically, for this setting we show: A THC protocol that leaks at most one bit and requires rounds.A THC protocol that leaks at most bits for arbitrarily small non-negligible, and requires rounds. These protocols also achieve full security (with no leakage) for the semi-honest setting. Our protocols are based on one-way functions and a (stateless) secure hardware box primitive. This provides a theoretical feasibility result, a heuristic solution in the plain model using general-purpose obfuscation candidates, and a potentially practical approach to THC via commodity hardware such as Intel SGX. Interestingly, even with such hardware, proving security requires sophisticated simulation techniques.

UR - http://www.scopus.com/inward/record.url?scp=85045911094&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045911094&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-78372-7_10

DO - 10.1007/978-3-319-78372-7_10

M3 - Conference contribution

AN - SCOPUS:85045911094

SN - 9783319783710

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 294

EP - 325

BT - Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings

A2 - Nielsen, Jesper Buus

A2 - Rijmen, Vincent

PB - Springer Verlag

T2 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018

Y2 - 29 April 2018 through 3 May 2018

ER -

Exploring the boundaries of topology-hiding computation

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this