## HOW TO PLAN A COUP D’ETAT

YINMENG ZHANG

COVERT MULTI-PARTY COMPUTATION

HOW TO PLAN A COUP D’ETAT

LUIS VON AHN

MANUEL BLUM

CHARLIE’S

ANGEL

ALLOWS TWO PARTIES WITH SECRET INPUTS X AND Y TO LEARN F(X,Y) BUT NOTHING ELSE

COVERT

IDEAL MODEL

MULTI-PARTY COMPUTATION

TWO-PARTY COMPUTATION

BOB

ALICE

THERE ARE ONLY THREE ANGELS.

NONE OF THEM KNOW ALICE.

OR BOB.

LET’S

NOT GET MARRIED

1 IF X>Y

0 OTHERWISE

F(X,Y) =

JEN

BEN

\$45 MILLION

\$32 MILLION

F(X,Y)=1

I ALICE

ALICE

BOB

EVERYBODY!

BOB LIKES ME!

WHAT A LOSER!

LET’S FIND OUT IF WE BOTH LIKE EACH OTHER!

WHY WOULD WE WANT TO DO THAT?

OMG

COVERT TWO PARTY COMPUTATION:

VON AHN,HOPPER,LANGFORD

COVERT TWO-PARTY

COMPUTATION

EXTERNAL COVERTNESS

NO OUTSIDE OBSERVER CAN TELL IF THE TWO PARTIES ARE RUNNING A COMPUTATION OR JUST COMMUNICATING AS NORMAL

INTERNAL COVERTNESS

AFTER LEARNING F(X,Y), EACH PARTY CAN ONLY TELL WHETHER THE OTHER PARTICIPATED IF THEY CAN DISTINGUISH F(X,Y) FROM RANDOM BITS

WHO KNOWS WHAT?

WE ASSUME THAT BOTH PARTIES KNOW THE FUNCTION THEY WISH TO EVALUATE

BOTH KNOW WHICH ROLE THEY ARE TO PLAY IN THE EVALUATION

BOTH KNOW WHEN TO START COMPUTING

ORDINARY COMMUNICATION

MESSAGES ARE DRAWN FROM A SET D

TIME PROCEEDS IN DISCRETE TIMESTEPS

EACH PARTY MAINTAINS A HISTORY h OF ALL DOCUMENTS THEY SENT AND RECEIVED

TO EACH PARTY P, WE ASSOCIATE A FAMILY OF PROBABILITY DISTRIBUTIONS ON D:

{BhP}

CHANNEL ORACLE

ORDINARY-LIKE COMMUNICATION

GIVEN ANY HISTORY h, P WANTS TO BE ABLE TO SAMPLE FROM THE CHANNEL BhP

YOU LEFT

IT NEXT TO MY

THE AXIS OF EVIL SHALL PREVAIL!

I GUESS I

CAN USE MY BAZOOKA

HAVE YOU SEEN MY

AK-47?

THE WAR ON TERROR

HE WORKS FOR MI-6

CIA AGENT

HE WORKS FOR CIA

MI-6 AGENT

HE WORKS FOR MI-6

HE WORKS FOR CIA

THE WAR ON TERROR

THE UTTERANCES CONTAINED A COVERT TWO-PARTYCOMPUTATION

THE FUNCTION F VERIFIED THE CREDENTIALS

SINCE BOTH WERE VALID, IT OUTPUT 1K

X WAS A CREDENTIAL SIGNED BY CIA AND Y WAS SIGNED BY MI-6

FOR ANY OTHER INPUTS, F OUTPUTS

A RANDOM VALUE

SECURE MULTI PARTY COMPUTATION:

GOLDREICH,MICALI,WIGDERSON

SECURE MULTI PARTY COMPUTATION:

YINMENG ZHANG???

WHAT I DID ON MY SUMMER VACATION

[THE TEASER TRAILER]

COVERT MULTI-PARTY COMPUTATION

EVERYTHING IS HARDER WITH MORE PEOPLE

ALLOWS N PARTIES

WITH SECRET INPUTS

X1…XN TO LEARN F(X1,…,XN) BUT NOTHING ELSE

COVERT MULTI-PARTY COMPUTATION:

WIMPY BUSYBODIES [SEMI-HONEST]

ALL’S FAIR IN LOVE AND CRYPTOGRAPHY [MALICIOUS]

WHAT THINGS ARE IMPOSSIBLE TO PROTECT AGAINST?

COVERT MULTI-PARTY COMPUTATION:

WHO KNOWS WHAT?

WHO’S COMPUTING?

HOW MANY PEOPLE ARE COMPUTING?

HOW MANY PEOPLE WERE COMPUTING, GOT BORED AND STOPPED[ABORT]?