Thomas P. Jakobsen

A practical implementation of secure auctions based on multiparty integer computation

In this paper we consider the problem of constructing secure auctions based on techniques from modern cryptography. We combine knowledge from economics, threshold cryptography and security engineering to implement secure auctions for practical real-world problems.

Soaking morselized allograft in bisphosphonate can impair implant fixation

The use of impacted, morselized allograft is a well-established way to provide initial stability of revision joint replacements. We investigated whether rinsing morselized allograft in bisphosphonate and subsequently impacting it around experimental titanium-coated implants would further facilitate biomechanical implant fixation and graft incorporation. In 10 dogs, a pair of titanium implants surrounded by a 2.5-mm gap was inserted into the proximal part of each humerus during two separate surgeries to allow two observation periods. The gap was filled with impacted, morselized allograft soaked in either bisphosphonate (alendronate, 2 mg/mL) or saline (control). Unbound alendronate was not rinsed away. During the first surgery, one pair of implants (alendronate and control) was inserted into one humerus. Eight weeks later, a second pair of implants was inserted into the contralateral humerus. The first pair of implants was observed for 12 weeks and the second pair for 4 weeks. Implants were evaluated by histomorphometry and biomechanical pushout test. We found substantially decreased biomechanical implant fixation for all implants surrounded by impacted, morselized allograft that had been soaked in alendronate. Furthermore, the alendronate treatment blocked formation of new bone and inhibited resorption of the graft material. Although limited by the specific dose of alendronate used and the omission of rinsing away excess bisphosphonate, this study warrants caution and calls for further experimental research before impacting alendronate-soaked morselized allograft around clinical joint replacements.

MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions

One of the main tools to construct secure two-party computation protocols are Yao garbled circuits. Using the cut-and-choose technique, one can get reasonably efficient Yao-based protocols with security against malicious adversaries. At TCC 2009, Nielsen and Orlandi [28] suggested to apply cut-and-choose at the gate level, while previously cut-and-choose was applied on the circuit as a whole. This idea allows for a speed up with practical significance (in the order of the logarithm of the size of the circuit) and has become known as the “LEGO” construction. Unfortunately the construction in [28] is based on a specific number-theoretic assumption and requires public-key operations per gate of the circuit. The main technical contribution of this work is a new XOR-homomorphic commitment scheme based on oblivious transfer, that we use to cope with the problem of connecting the gates in the LEGO construction. Our new protocol has the following advantages:

Faster Maliciously Secure Two-Party Computation Using the GPU

We present a new protocol for maliciously secure two-party computation based on cut-and-choose of garbled circuits using the recent idea of “forge-and-loose”, which eliminates around a factor 3 of garbled circuits that needs to be constructed and evaluated. Our protocol introduces a new way to realize the “forge-and-loose” approach, which avoids an auxiliary secure two-party computation protocol, does not rely on any number theoretic assumptions and parallelizes well in a same instruction, multiple data (SIMD) framework.

Effect of topical alendronate treatment on fixation of implants inserted with bone compaction.

Bone compaction has been shown to enhance the critical initial implant stability that is important for secure long-term fixation. We investigated whether topical bisphosphonate treatment improves fixation of implants inserted with bone compaction. Porous-coated titanium implants were inserted with bone compaction into the knees of eight dogs. In the right knee, topical bisphosphonate treatment was applied before bone compaction. Saline was used as a control in the left knee. The knees were observed for 4 weeks. We found an increase in total bone-to-implant contact and total bone density around the implants in the bisphosphonate-treated group. These were results of increased nonvital bone-to-implant contact and increased nonvital periimplant bone density. No change in biomechanical fixation was found. Studies with a longer followup are needed to investigate whether the preservative effect of alendronate on nonvital bone might enhance implant fixation by osteoconduction.

On the Complexity of Additively Homomorphic UC Commitments

We present a new constant round additively homomorphic commitment scheme with amortized computational and communication complexity linear in the size of the string committed to. Our scheme is based on the non-homomorphic commitment scheme of Cascudo et al. presented at PKC 2015. However, we manage to add the additive homomorphic property, while at the same time reducing the constants. In fact, when opening a large enough batch of commitments we achieve an amortized communication complexity converging to the length of the message committed to, i.e., we achieve close to rate 1 as the commitment protocol by Garay et al. from Eurocrypt 2014.i¾?A main technical improvement over the scheme mentioned above, and other schemes based on using error correcting codes for UC commitment, we develop a new technique which allows to based the extraction property on erasure decoding as opposed to error correction. This allows to use a code with significantly smaller minimal distance and allows to use codes without efficient decoding. n nOur scheme only relies on standard assumptions. Specifically we require a pseudorandom number generator, a linear error correcting code and an ideal oblivious transfer functionality. Based on this we prove our scheme secure in the Universal Composability UC framework against a static and malicious adversary corrupting any number of parties. n nOn a practical note, our scheme improves significantly on the non-homomorphic scheme of Cascudo et al. Based on their observations in regards to efficiency of using linear error correcting codes for commitments we conjecture that our commitment scheme might in practice be more efficient than all existing constructions of UC commitment, even non-homomorphic constructions and even constructions in the random oracle model. In particular, the amortized price of computing one of our commitments is less than that of evaluating a hash function once.

A Framework for Outsourcing of Secure Computation

We study the problem of how to efficiently outsource a sensitive computation on secret inputs to a number of untrusted workers, under the assumption that at least one worker is honest. In our setting there is a number of clients C_1,…,Cn with inputs x1,…,xn. The clients want to delegate a secure computation of f(x1,…,xn) to a set of untrusted workers W1,…,Wm. We want do so in such a way that as long at there is at least one honest worker (and everyone else might be actively corrupted) the following holds 1) the privacy of the inputs is preserved 2) the output of the computation is correct (in particular workers cannot change the inputs of honest clients). We propose a solution where the clients work is minimal and the interaction pattern simple (one message to upload inputs, one to receive results), while at the same time reducing the overhead for the workers to a minimum. Our solution is generic and can be instantiated with any underlying reactive MPC protocol where linear operations are ``for free. In contrast previous solutions were less generic and could only be instantiated for specific numbers of clients/workers.

Secure Key Management in the Cloud

We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can --- and cannot --- obtain in this model, propose light-weight protocols achieving maximal security, and report on their practical performance.