上海交通大学郁昱教授学术报告

来源:信息科学与技术学院  作者:刘永中  日期:2021-10-14  点击数:774

报告人:上海交通大学计算机科学与工程系郁昱教授
报告题目:Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting)
报告时间:2021年10月15日上午9:00-10:30
报告地点:腾讯会议ID:915 819 430
主持人:唐小虎
报告摘要:We study the concrete security of high-performance implementations of half-gates garbling, which all rely on (hardware-accelerated)~AES. We find that current instantiations using k-bit wire labels can be completely broken---in the sense that the circuit evaluator learns all the inputs of the circuit garbler---in time O(2^k/C), where C is the total number of (non-free) gates that are garbled, possibly across multiple independent executions. The attack can be applied to existing circuit-garbling libraries using k=80 when C≈10^9, and would require 267 machine-months and cost about USD 3500 to implement on the Google Cloud Platform. Since the attack can be entirely parallelized, the attack could be carried out in about a month using ≈250 machines.
With this as our motivation, we seek a way to instantiate the hash function in the half-gates scheme so as to achieve better concrete security. We present a construction based on AES that achieves optimal security in the single-instance setting (when only a single circuit is garbled). We also show how to modify the half-gates scheme so that its concrete security does not degrade in the multi-instance setting. Our modified scheme is as efficient as prior work in networks with up to 2 Gbps bandwidth. This is a joint work with Chun Guo and Jonathan Katz and Xiao Wang and Chenkai Weng.