第1页 / 共52页
第2页 / 共52页
第3页 / 共52页
第4页 / 共52页
第5页 / 共52页
第6页 / 共52页
第7页 / 共52页
第8页 / 共52页
安全多方计算以及密钥共享.pdf
Introduction
The problem
Motivation and applications
Basic Terminology
Corrupted parties
Definitions of security
Protocols for Multi-Party Computations
Overview
Passive secure protocol
Active secure protocol
Appendix
Secure Multi-Party Computations
Secure Multi-Party Computations
An Introduction
Christian Zielinski
Last updated in 2015
1 / 52
Secure Multi-Party Computations
Outline
1 Introduction
The problem
Motivation and applications
2 Basic Terminology
Corrupted parties
Definitions of security
3 Protocols for Multi-Party Computations
Overview
Passive secure protocol
Active secure protocol
References
2 / 52
Secure Multi-Party Computations
Introduction
Outline
1 Introduction
The problem
Motivation and applications
2 Basic Terminology
Corrupted parties
Definitions of security
3 Protocols for Multi-Party Computations
Overview
Passive secure protocol
Active secure protocol
References
3 / 52
Secure Multi-Party Computations
Introduction
The problem
Secure multi-party computations
• Consider n parties, with private inputs x1, . . . , xn
• They want to compute a function f (x1, . . . , xn) in a secure way
• Security means here
• Privacy: The respective inputs remain private
• Correctness: The output is guaranteed to be correct
• Fairness: Each party learns the result
• This should even hold when some parties try to cheat
• The following presentation is primarily based on Ref. [1, 2]
4 / 52
Secure Multi-Party Computations
Introduction
The problem
Questions at hand
• How to carry out computations without revealing the inputs?
• How to deal with cheating (corrupted) parties?
• How to define security formally?
• What is the upper limit of corrupted parties allowed?
• How does this bound depend on the assumption made about the
attacker?
5 / 52
Secure Multi-Party Computations
Introduction
Motivation and applications
Motivation and applications
• Multi-party computations (MPCs) have a wide
range of applications
• Auctions
• Several parties are bidding for a product
• Winning party and maximum bid should be determined, without
revealing bids of other parties
• Electronic voting schemes
• Each party votes for a candidate
• Only the result is made public, the votes remain secret
• Yao’s Millionaires’ Problem, c.f. Ref. [3]
• A group of millionaires wants to find out who is the richest
• Nobody wants to reveal how wealthy they are
6 / 52
Secure Multi-Party Computations
Basic Terminology
Outline
1 Introduction
The problem
Motivation and applications
2 Basic Terminology
Corrupted parties
Definitions of security
3 Protocols for Multi-Party Computations
Overview
Passive secure protocol
Active secure protocol
References
7 / 52
Secure Multi-Party Computations
Basic Terminology
Corrupted parties
Adversaries
• To discuss secure MPCs, we have to define security
• Hence we have to make assumptions about cheating parties
• Typically one models them by considering an adversary
• This adversary can take over (corrupt) certain subsets of parties
• We assume one adversary, assuming the worst-case scenario of
coordinated corrupted parties (monolithic adversary)
• We assume that at the beginning of the protocol honest (i.e. not
corrupted) parties do not know which parties are corrupted
8 / 52
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
