CRYPTOGRAPHY - Secure computation

Contents

• Secure Multi-Party Computation (MPC)
• FHE - Fully Homomorphic encryption
• FE - Functional Encryption
• e-Voting

MPC

Basics

• Local MPC files

• MPC - Wikipedia
• Yao's millionaires' problem (1982) - Wikipedia
• Nigel Smart
• UnboundNigel Smart and Yehuda Lindell
• Rosario Gennaro
• Steven Goldfeder
• Gennaro and Goldfeder Threshold ECDSA
• Dragos Rotaru - awesome mpc on github - some theory, some practice

• Private set intersection (PSI) of two (or more) parties lists
• Sign a message with a private key, without revealing the private key to any party (splitted among several parties)
• Compute a function on a private input, without revealing the input (shared on several parties)
• Match some orders from remote orderbooks, without revealing the orders (shared on several parties)
• Do survey results aggregation, without revealing the answers (shared on several parties)
• Vote on a secret ballot, without revealing the vote (shared on several parties)

Concepts

• securecomputation.org great intro
• Andrew Yao - Wikipedia
• Garbled circuit - Wikipedia
• Yao is credited for the idea.
• First written document about this technique was by Goldreich, Micali, and Wigderson in STOC'87.
• Yao's principle a way to prove lower bounds on the worst-case performance of randomized algorithms, by comparing them to deterministic (non-random) algorithms.
• Doleve-Yao model 'On the security of public key protocols'
• The adversary can overhear, intercept, and synthesize any message and is only limited by the constraints of the cryptographic methods used. In other words: "the attacker carries the message."
• Yao's millionaire problem Yao's protocol solving Yao's Millionaires' Problem was the beginning example of secure computation, yet it is not directly related to garbled circuits.

Implementations

• github.com - garbled circuits - set of repositories
• github.com - TinyGarble
• Two parts
1. Circuit synthesis (output examples of this is stored in scd/netlist/v.tar.bz and will be unzipped and translated in bin/scd/netlist/ after make). Based on upon hardware synthesis and sequential circuit concept and outputs a netlist Verilog (.v) file (not included in this repository).
2. Secure function evaluation - a GC framework implemented based on JustGarble project.
• TinyGarble general flow
• Write a Verilog file (.v) describing the function.
• Synthesis the Verilog file using TinyGarble's circuit synthesis to generate a netlist Verilog file (.v).
• Translate the netlist file (.v) to a simple circuit description file (SCD) using TinyGarble's V2SCD_Main and then provide both parties with the file. (We have done steps 1-3 for a number of functions, and you can find their scd files after compiling in bin/scd/netlists/.)
• Execute TinyGarble using --alice flag on one party and --bob flag on the other plus other appropriate arguments.
• github.com - JavaScript MPC RockEngine
• Secured N-parties (N>=2) multi-party computation - using garbled circuits - in golang. The input algorithms are in Javascript, making it easy to use in the browser, or in Node.js.
• Steps
• The function f is written as a JavaScript algorithm.
• One of the users compile the JavaScript file into a logical circuit. This circuit has the .re extension in rockengine.
• A uses this logical circuit to create a garbled circuit, which is equivalent but every input, operations and outputs are encrypted. We denote this garbled circuit as F.
• A sends F to B.
• A encrypts its input x, whose encrypted form we denote X. Hen he sends it to B.
• B encrypts its own input using oblivious transfer with A in order to get the right encrypted value without revealing anything about it. We denote by Y this encrypted input.
• B computes F(X,Y), i.e. he runs the garbled circuit on encrypted inputs. Thus he gets a encrypted output Z.
• A sends part of the decryption key d to B so that he can decrypt a certain part of Z. B sends to A the other part of Z which will also decrypt it. The two can share their information if they want.

• Microsoft's EzPC - Secure multi party computation
• Microsoft's EzPC on github

FHE - Fully Homomorphic encryption

Basics

• Homomorphic encryption - Wikipedia
• Homomorphic encryption consortium - a consortium of industry, government and academia to standardise homomorphic encryption

• OpenFHE DARPA involvement
• OpenFHE - github DARPA involvement
• FHE for arithmetic over integers (BFV - Brakerski-Fan-Vercauteren - ring learning with errors)
• FHE for arithmetic over integers (BGV)
• FHE for arithmetic over real numbers (CKKS) a.k.a. Homomorphic Encryption for Arithmetic of Approximate Numbers (HEAAN), was proposed to offer homomorphic computation on real numbers.
• FHE for Boolean circuits and larger plaintext spaces (FHEW/TFHE)
• Threshold FHE

Systems and schemes

• HE standard
• Paillier - Wikipedia
• Invented by and named after Pascal Paillier in 1999
• Is a probabilistic asymmetric algorithm for public key cryptography
• Based on the problem of computing n-th residue classes, i.e. the decisional composite residuosity assumption
• Is an additive homomorphic cryptosystem; this means that, given only the public key and the encryption of m₁ and m₂ , one can compute the encryption of m₁ + m₂.

Applications

• Zama - building applications with FHE
• Inferati - building AI and ML applications with FHE

Nigel Smart et al.

• Nigel Smart
• Unbound - acquired by CoinBaseNigel Smart and Yehuda Lindell
• Rosario Gennaro
• Steven Goldfeder
• Gennaro and Goldfeder Threshold ECDSA

Functional encryption

• FE - Wikipedia

E-voting

• Local e-voting - i-voting files - crypto
• Local e-voting - i-voting files - applications

E-voting basics

• E-voting - Wikipedia
• E-voting in Estonia- Wikipedia
• In 2005, EE became the first nation to hold legally binding general elections over the Internet with their pilot project for municipal elections.
• E-voting can refer to both fixed voting locations (as in voting booths) and remote (as in over the Internet) electronic voting. To reduce confusion between the two, electronic voting is known as i-Voting in Estonia.
• E-voting homepage of Estonia
• E-voting via internet - homepage of Estonia movie at https://youtu.be/uz9CUK0Ii6Q
• E-voting internet guidelines
• Source internet voting of Estonia
• E-voting in India- Wikipedia - using Electronic Voting Machines
• Indian EVMs are stand-alone machines built with Write once read many memory.
• The EVMs are produced with secure manufacturing practices, and by design, are self-contained, battery-powered and lack any networking capability.
• EVMs with voter-verified paper audit trail (VVPAT) system were introduced between 2012 and 2013.
• Stanford notes on crypto voting

E-voting crypto

• Using blind signatures (Chaum, Okamoto-Fujisaki-Ohta)
• Cryptographic counters, as in additively homomorphic encryption e.g. (Paillier '97)
• Mix nets, e.g. Neff mix