Realistic Models for Secure Computation

Vassilis Zikas - postdoctoral researcher at the University of Maryland
Communication systems

Date: July 25th 2012
Location: Eurecom - Eurecom

Consider the following problems: -- A number of small IT companies wish to join forces to collaboratively offer a secure cloud-computing service; yet they are worried that their clients might not trust all the participating providers. -- The major European banks wish to perform data mining over their treasury to complete the ``stress-tests'', but do not want to share their customer datasets with each other or with a third party. -- Hospitals and medical research institutes wish to perform studies on joint patient data, yet legal restriction make this impossible. All the above tasks are special cases of a cryptographic problem known as secure multi-party computation (MPC): A set of mutually distrustful parties wish to perform some joint computation on their private inputs in a secure manner. In fact, the general paradigm is so powerful that almost any cryptographic problem can be described as a special case of secure computation. Several theoretical solutions to the problem have been suggested over the past 20 years and robust security definitions have been developed guaranteeing strong properties such as universal composition. However, one of the most challenging directions of contemporary MPC research is to increase the applicability of the suggested solutions by tuning the security models to tightly capture reality as well as improving their efficiency. In this talk I will discuss realistic adversarial models for secure multi-party computation and focus on newly introduced notions that capture the parties' incentive to deviate and are therefore appropriate for secure computation of games. In such game-theoretic settings, it is essential to eliminate party collusions which might be formed by use of (subliminal) communication. I will describe my definition of collusion-preserving computation---a powerful security notion which allows for universally composable collusion-free protocols---and sketch a protocol construction which satisfies this definition under minimal trust assumptions (CRYPTO 2012). Finally, I will introduce the rational adversary model and discuss implications on feasibility and efficiency of Byzantine agreement and, more generally, secure computation (ICALP 2012).

Permalink: https://www.eurecom/seminar/29839