Carmit Hazay

Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries

In this paper we construct efficient secure protocols for set intersection and pattern matching. Our protocols for securely computing the set intersection functionality are based on secure pseudorandom function evaluations, in contrast to previous protocols that used secure polynomial evaluation. In addition to the above, we also use secure pseudorandom function evaluation in order to achieve secure pattern matching. In this case, we utilize specific properties of the Naor-Reingold pseudorandom function in order to achieve high efficiency. Our results are presented in two adversary models. Our protocol for secure pattern matching and one of our protocols for set intersection achieve security against malicious adversaries under a relaxed definition where one corruption case is simulatable and for the other only privacy (formalized through indistinguishability) is guaranteed. We also present a protocol for set intersection that is fully simulatable in the model of covert adversaries. Loosely speaking, this means that a malicious adversary can cheat, but will then be caught with good probability.

Efficient set operations in the presence of malicious adversaries

We revisit the problem of constructing efficient secure two-party protocols for set-intersection and set-union, focusing on the model of malicious parties. Our main results are constant-round protocols that exhibit linear communication and a linear number of exponentiations with simulation based security. In the heart of these constructions is a technique based on a combination of a perfectly hiding commitment and an oblivious pseudorandom function evaluation protocol. Our protocols readily transform into protocols that are UC-secure.

Secure two-party computation with low communication

We propose a 2-party UC-secure protocol that can compute any function securely. The protocol requires only two messages, communication that is poly-logarithmic in the size of the circuit description of the function, and the workload for one of the parties is also only poly-logarithmic in the size of the circuit. This implies, for instance, delegatable computation that requires no expensive off-line phase and remains secure even if the server learns whether the client accepts its results. To achieve this, we define two new notions of extractable hash functions, propose an instantiation based on the knowledge of exponent in an RSA group, and build succinct zero-knowledge arguments in the CRS model.

Constructions of truly practical secure protocols using standardsmartcards

In this paper we show that using standard smartcards it is possible to construct truly practical secure protocols for a variety of tasks. Our protocols achieve full simulation-based security in the presence of malicious adversaries, and can be run on very large inputs. We present protocols for secure set intersection, oblivious database search and more. We have also implemented our set intersection protocol in order to show that it is truly practical: on sets of size 30,000 elements takes 20 seconds for one party and 30 minutes for the other (where the latter can be parallelized to further reduce the time). This demonstrates that in settings where physical smartcards can be sent between parties (as in the case of private data mining tasks between security and governmental agencies), it is possible to use secure protocols with proven simulation-based security.

Towards a game theoretic view of secure computation

We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of two-party protocols in the face of malicious fail-stop faults, we first show how the traditional notions of secrecy and correctness of protocols can be captured as properties of Nash equilibria in games for rational players. Next, we concentrate on fairness. Here we demonstrate a Game Theoretic notion and two different cryptographic notions that turn out to all be equivalent. In addition, we provide a simulation based notion that implies the previous three. All four notions are weaker than existing cryptographic notions of fairness. In particular, we show that they can be met in some natural setting where existing notions of fairness are provably impossible to achieve.

Efficient Secure Two-Party Protocols

Thats it, a book to wait for in this month. Even you have wanted for long time for releasing this book efficient secure two party protocols techniques and constructions information security and cryptography; you may not be able to get in some stress. Should you go around and seek fro the book until you really get it? Are you sure? Are you that free? This condition will force you to always end up to get a book. But now, we are coming to give you excellent solution.

Concurrently-secure blind signatures without random oracles or setup assumptions

We show a new protocol for blind signatures in which security is preserved even under arbitrarily-many concurrent executions. The protocol can be based on standard cryptographic assumptions and is the first to be proven secure in a concurrent setting (under any assumptions) without random oracles or a trusted setup assumption such as a common reference string. Along the way, we also introduce new definitions of security for blind signature schemes.

Text search protocols with simulation based security

This paper presents an efficient protocol for securely computing the fundamental problem of pattern matching. This problem is defined in the two-party setting, where party P1 holds a pattern and party P2 holds a text. The goal of P1 is to learn where the pattern appears in the text, without revealing it to P2 or learning anything else about P2’s text. Our protocol is the first to address this problem with full security in the face of malicious adversaries. The construction is based on a novel protocol for secure oblivious automata evaluation which is of independent interest. In this problem party P1 holds an automaton and party P2 holds an input string, and they need to decide if the automaton accepts the input, without learning anything else.

Approximate parameterized matching

Two equal length strings <i>s</i> and <i>s</i>′, over alphabets Σ_<i>s</i> and Σ_<i>s</i>′, <i>parameterize match</i> if there exists a bijection π : Σ_<i>s</i> → Σ_<i>s</i>′ such that π (<i>s</i>) = <i>s</i>′, where π (<i>s</i>) is the renaming of each character of <i>s</i> via π. <i>Parameterized matching</i> is the problem of finding all parameterized matches of a pattern string <i>p</i> in a text <i>t</i>, and <i>approximate parameterized matching</i> is the problem of finding at each location a bijection π that maximizes the number of characters that are mapped from <i>p</i> to the appropriate |<i>p</i>|-length substring of <i>t</i>. Parameterized matching was introduced as a model for software duplication detection in software maintenance systems and also has applications in image processing and computational biology. For example, approximate parameterized matching models image searching with variable color maps in the presence of errors. We consider the problem for which an error threshold, <i>k</i>, is given, and the goal is to find all locations in <i>t</i> for which there exists a bijection π which maps <i>p</i> into the appropriate |<i>p</i>|-length substring of <i>t</i> with at most <i>k</i> mismatched mapped elements. Our main result is an algorithm for this problem with <i>O</i>(<i>nk</i>^1.5 + <i>mk</i> log <i>m</i>) time complexity, where <i>m</i> = |<i>p</i>| and <i>n</i>=|<i>t</i>|. We also show that when |<i>p</i>| = |<i>t</i>| = <i>m</i>, the problem is equivalent to the maximum matching problem on graphs, yielding a <i>O</i>(<i>m</i> + <i>k</i>^1.5) solution.

Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries

In this paper, we construct efficient secure protocols for set intersection and pattern matching. Our protocols for secure computing the set intersection functionality are based on secure pseudorandom function evaluations, in contrast to previous protocols that are based on polynomials. In addition to the above, we also use secure pseudorandom function evaluation in order to achieve secure pattern matching. In this case, we utilize specific properties of the Naor–Reingold pseudorandom function in order to achieve high efficiency.Our results are presented in two adversary models. Our protocol for secure pattern matching and one of our protocols for set intersection achieve security against malicious adversaries under a relaxed definition where one corruption case is simulatable and, for the other, only privacy (formalized through indistinguishability) is guaranteed. We also present a protocol for set intersection that is fully simulatable in the model of covert adversaries. Loosely speaking, this means that a malicious adversary can cheat but will then be caught with good probability.