Secure Computation of Linear Algebraic Functions. Enav Weinreb – CWI, Amsterdam Joint work with: Matt Franklin, Eike Kiltz, Payman Mohassel and Kobbi Nissim. Talk Overview. Secure Computation in General Secure Linear Algebra Based on “Oblivious Gaussian Elimination”
Enav Weinreb – CWI, Amsterdam
Joint work with: Matt Franklin, Eike Kiltz, Payman Mohassel and Kobbi Nissim
The players cooperate but do not trust each other.
Computational - adversary is computationally limited
Information theoretic - adversary is computationally unbounded.
“Leak no further information”
Boolean circuit that computes f(x,y) with size s(n)
secure two party protocol for computing f(x,y) with:
Boolean circuit that computes f(x1,...,xk) with size s(n) and depth d(n)
A secure k-party protocol for computing f(x1,...,xk) with:
Efficient secure protocol for singularity leads to efficient protocols for:
(with PK only)
Is M singular?
Communication complexity is O(n).
Send data “on demand”
To check if M is singular:
Not solvable – M is singular.Solvable – with high prob. (1 – 1/|F|), M is non-singular
v, Mv, M2v, ..., Mnv
∑aiMiv = 0
With probability (1 – 1/|F|):
m(0) = 0 if and only if det(M)=0
(ii) If m(0)=0 then Det(M) = 0.
fM(0) = Det(M)
We saw before that m(x) | fM(x).
Hence fM(0)=0 and thus Det(M) = 0 □
Communication complexity is O(n2)
Next slide: O(log n) rounds,
O(n2 log n) communication
Yao’s general method applied on Berlekamp/Massey algorithm: O(1) rounds, O(n logn) communication
Decryption of E(m(0)r) where r is a random number.
m(0) =? 0