SlideShare a Scribd company logo

Computing Cooperatively with People You Don't Trust

Download as PPTX, PDF
David Evans
David Evans

David Evans, UVA Department of Computer Science Talk at University of Richmond, 30 January 2012 Two-party secure computation allows two parties to compute a function that depends on inputs from both parties, but reveals nothing except the output of the function. A general solution to this problem have been known since Andrew Yao's pioneering work on garbled circuits in the 1980s, but only recently has it become conceivable to use this approach in real systems. This talk will provide an introduction to secure computation, and describe the work we are doing at UVa to make secure computation efficient and scalable enough to build real applications. The talk assumes no prior background in cryptography, and should be understandable all computing students.

EducationTechnologySpiritual
1 of 34
Computing Cooperatively with People You Don't Trust University of Richmond 30 January 2012 David Evans University of Virginia http://www.cs.virginia.edu/evans http://MightBeEvil.com
“Genetic Dating” Bob Alice Genome Compatibility Protocol Your offspring will have WARNING! Your offspring will have WARNING! good immune systems! Don’t Reproduce good immune systems! Don’t Reproduce 2
3
Genome Sequencing 1990: Human Genome Project starts, estimate $3B to sequence one genome ($0.50/base) 2000: Human Genome Project declared complete, cost ~$300M Whitehead Institute, MIT 4
$100,000,000 Cost to sequence human genome Moore’s Law prediction (halve every 18 months) $10,000,000 $1,000,000 $100,000 $10,000 Jun 2010 Jun 2005 Sep 2001 Feb 2002 Sep 2006 Feb 2007 May 2003 Aug 2004 Apr 2006 May 2008 Aug 2009 Mar 2004 Jan 2005 Nov 2005 Mar 2009 Jan 2010 Dec 2002 Dec 2007 Jul 2002 Oct 2003 Jul 2007 Oct 2008 Data from National Human Genome Research Institute: http://www.genome.gov/sequencingcosts5
$100,000,000 Cost to sequence human genome Moore’s Law prediction (halve every 18 months) $10,000,000 $1,000,000 $100,000 $10,000 Ion torrent Personal Genome Machine Sep 2001 Feb 2002 Sep 2006 Feb 2007 May 2003 Aug 2004 Nov 2005 Apr 2006 May 2008 Aug 2009 Mar 2004 Jan 2005 Dec 2002 Jun 2005 Mar 2009 Jan 2010 Dec 2007 Jun 2010 Jul 2002 Oct 2003 Jul 2007 Oct 2008 Data from National Human Genome Research Institute: http://www.genome.gov/sequencingcosts6
Human Genome Sequencing Using Unchained Base Reads on Self-Assembling DNA Nanoarrays. Radoje Drmanac, Andrew B. Sparks, Matthew J. Callow, Aaron L. Halpern, Norman L. Burns, Bahram G. Kermani, Paolo Carnevali, Igor Nazarenko, Geoffrey B. Nilsen, George Yeung, Fredrik Dahl, Andres Fernandez, Bryan Staker, Krishna P. Pant, Jonathan Baccash, Adam P. Borcherding, Anushka Brownley, Ryan Cedeno, Linsu Chen, Dan Chernikoff, Alex Cheung, Razvan Chirita, Benjamin Curson, Jessica C. Ebert, Coleen R. Hacker, Robert Hartlage, Brian Hauser, Steve Huang, Yuan Jiang, Vitali Karpinchyk, Mark Koenig, Calvin Kong, Tom Landers, Catherine Le, Jia Liu, Celeste E. McBride, Matt Morenzoni, Robert E. Morey, Karl Mutch, Helena Perazich, Kimberly Perry, Brock A. Peters, Joe Peterson, Charit L. Pethiyagoda, Kaliprasad Pothuraju, Claudia Richter, Abraham M. Rosenbaum, Shaunak Roy, Jay Shafto, Uladzislau Sharanhovich, Karen W. Shannon, Conrad G. Sheppy, Michel Sun, Joseph V. Thakuria, Anne Tran, Dylan Vu, Alexander Wait Zaranek, Xiaodi Wu, Snezana Drmanac, Arnold R. Oliphant, William C. Banyai, Bruce Martin, Dennis G. Ballinger, George M. Church, Clifford A. Reid. Science, January 2010.
Dystopia Personalized Medicine 8
Secure Two-Party Computation Bob’s Genome: ACTG… Alice’s Genome: ACTG… Markers (~1000): *0,1, …, 0+ Markers (~1000): *0, 0, …, 1+ Bob Alice Can Alice and Bob compute a function of their private data, without exposing anything about their data besides the result? 9
Secure Function Evaluation Alice (circuit generator) Bob (circuit evaluator) Garbled Circuit Protocol Andrew Yao, 1982/1986
Regular Logic Inputs Output a b x 0 0 0 0 1 0 1 0 0 1 1 1 a b AND x
Computing with Meaningless Values? Inputs Output a b x a0 b0 x0 a0 b1 x0 a1 b0 x0 a1 b1 x1 a0 or a1 b0 or b1 ai, bi, xi are random values, chosen by the circuit generator but meaningless to the AND circuit evaluator. x0 or x1
Encryption Encrypt 13
Logic with Privacy Inputs Output a b x a0 b0 a0 b1 a1 b0 a1 b1
Computing with Garbled Tables Inputs Output a b x Bob can only decrypt a0 b0 Enca0,b0(x0) one of these! a0 b1 Enca0,b1(x0) a1 b0 Enca1,b0(x0) a1 b1 Enca1,b1(x1) a0 or a1 b0 or b1 Garbled And Gate Random Enca0, b1(x0) Permutation AND Enca1,b1(x1) Enca1,b0(x0) x0 or x1 Enca0,b0(x0)
Garbled Circuit Protocol Alice (circuit generator) Bob (circuit evaluator) Garbled Gate Enca0, b1(x0) Enca1,b1(x1) Enca1,b0(x0) Enca0,b0(x0) Sends ai to Bob based on her input value How does the Bob learn his own input wires?
Primitive: Oblivious Transfer Alice Bob Oblivious Transfer Protocol Oblivious: Alice doesn’t learn which secret Bob obtains Transfer: Bob learns one of Alice’s secrets Rabin, 1981; Even, Goldreich, and Lempel, 1985; many subsequent papers
Chaining Garbled Circuits And Gate 1 a0 b0 a1 b1 Enca10, b11(x10) Enca11,b11(x11) AND AND Enca11,b10(x10) x1 Enca10,b10(x10) x0 Or Gate 2 Encx00, x11(x21) Encx01,x11(x21) OR Encx01,x10(x21) x2 Encx00,x10(x20) … We can do any computation privately this way! 18
Building Computing Systems Encx00, x11(x21) Encx01,x11(x21) Encx01,x10(x21) Encx00,x10(x20) Digital Electronic Circuits Garbled Circuits Operate on known data Operate on encrypted wire labels One-bit logical operation requires One-bit logical operation requires moving a few electrons a few performing (up to) 4 encryption nanometers operations: very slow execution (hundreds of Billions per second) Reuse is great! Reuse is not allowed for privacy: huge circuits needed 19
Fairplay Alice Bob SFDL SFDL Compiler Compiler Circuit (SHDL) SFDL Program Garbled Tables Generator Dahlia Malkhi, Noam Nisan, Benny Pinkas and Yaron Sella Garbled Tables [USENIX Sec 2004] Evaluator 20
Faster Garbled Circuits Circuit-Level Application Circuit Structure Circuit Structure GC Framework GC Framework (Generator) (Evaluator) Encx00, x11(x21) Encx20, x21(x30) x21 Encx20,(x2(x41) Encx01,x1x4x3x3 )(x51) x31 Enc 1 0,(x3 1 Encx21,x2x4 ,1x5 )(x61) Enc 1 0 1 01 Encx21(x2(x46 )(x71) x41 Enc Encx01,x1x4 ,x310) x 11 0) Enc0 ,x31 ) Encx21,x2x4x31,(x5 0) Enc0(x311(x6 1 x51 Encx21,x3x3 ,x60) 0) Enc0(x4 1 ) 1,x5 Encx41,x30(x5(x7 1 0 x60 Encx41,x50(x60) x71 Encx31,x60(x71) Gates can be evaluated as they are generated: pipelining Gates can be evaluated in any topological sort order: parallelizing Garbled evaluation can be combined with normal execution 21
Results: Performance Fairplay Binary gates per [PSSW09] millisecond TASTY Our Results 100,000 gates per second 0 10 20 30 40 50 60 70 80 90 100 22
Results: Scalability Fairplay Largest circuit executed [PSSW09] (non-free gates) TASTY Our Results 0 1,000,000,000 23
Private Personal Genomics Applications Privacy-Preserving Biometric Matching Private AES Encryption Private Set Intersection 24
Heterozygous Recessive Risk Alice A a carrier A AA Aa Bob a aA aa cystic fibrosis Alice’s Heterozygous Recessive genes: , 5283423, 1425236, 839523, … - Bob’s Heterozygous Recessive genes: , 5823527, 839523, 169325, … - Goal: find the intersection of A and B 25
Bit Vector Intersection Alice’s Recessive genes: Bob’s Recessive genes: , 5283423, 1425236, 839523, … - , 5823527, 839523, 169325, … - [ PAH, PKU, CF, … + [ 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0] [ 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0] ... AND AND AND ... Bitwise AND 26
Common Contacts
Sort-Compare-Shuffle Sort: Take advantage of total order of elements Compare adjacent elements Shuffle to hide positions 28
SCS-WN Protocol Results 1000 Theoretical Projection Experimental Observation Seconds 100 10 1 128 256 512 1024 2048 4096 8192 Set Size (each set) 32-bit values
30
Best Previous Problem Result Our Result Speedup NDSS Private Set Intersection (contact Competitive with best custom 2012 matching, common disease carrier) protocols, scales to millions of 32-bit elements Hamming Distance (Face 213s 0.051s 4176 Recognition) [SCiFI, 2010] USENIX Security 2011 Levenshtein Distance 534s 18.4s 29 (genome, text comparison) – two [Jha+, 2008] 200-character inputs Smith-Waterman (genome [Not 447s - alignment) – two 60-nucleotide Implementable] sequences AES Encryption 3.3s 0.2s 16.5 [Henecka, 2010] NDSS Fingerprint Matching (1024-entry ~83s 18s 4.6 2011 database, 640x8bit vectors) [Barni, 2010] 31
Research Group and Alumni 32
Peter Chapman Yan Huang (UVa BACS 2012) (UVa Computer Science PhD Student) Funding: Jonathan Katz NSF, MURI (AFOSR), Google (University of Maryland) 33
MightBeEvil.com 34

Recommended

Venezuelan Macroeconomic Outlook (Updated, May 2010)
Venezuelan Macroeconomic Outlook (Updated, May 2010)Venezuelan Macroeconomic Outlook (Updated, May 2010)
Venezuelan Macroeconomic Outlook (Updated, May 2010)Center for International Development, Harvard University
 
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE Mine ISIK
 
Cottonwood Stats Report for October
Cottonwood Stats Report for OctoberCottonwood Stats Report for October
Cottonwood Stats Report for October
Damian Bruno
 
The Rise and Rise of the Virtual Health Record
The Rise and Rise of the Virtual Health RecordThe Rise and Rise of the Virtual Health Record
The Rise and Rise of the Virtual Health Record
Health Informatics New Zealand
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in Paradise
David Evans
 
MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...
MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...
MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...
David Evans
 
Multi-Party Computation in 2029: Boom, Bust, or Bonanza?
Multi-Party Computation in 2029: Boom, Bust, or Bonanza?Multi-Party Computation in 2029: Boom, Bust, or Bonanza?
Multi-Party Computation in 2029: Boom, Bust, or Bonanza?
David Evans
 
Scaling Secure Computation
Scaling Secure ComputationScaling Secure Computation
Scaling Secure Computation
David Evans
 

Recommended

Venezuelan Macroeconomic Outlook (Updated, May 2010)
Venezuelan Macroeconomic Outlook (Updated, May 2010)Venezuelan Macroeconomic Outlook (Updated, May 2010)
Venezuelan Macroeconomic Outlook (Updated, May 2010)Center for International Development, Harvard University
 
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE Mine ISIK
 
Cottonwood Stats Report for October
Cottonwood Stats Report for OctoberCottonwood Stats Report for October
Cottonwood Stats Report for October
Damian Bruno
 
The Rise and Rise of the Virtual Health Record
The Rise and Rise of the Virtual Health RecordThe Rise and Rise of the Virtual Health Record
The Rise and Rise of the Virtual Health Record
Health Informatics New Zealand
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in Paradise
David Evans
 
MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...
MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...
MOOCs, KOOCS, and SMOOCHs (or, Reports of the Death of Traditional Higher Edu...
David Evans
 
Multi-Party Computation in 2029: Boom, Bust, or Bonanza?
Multi-Party Computation in 2029: Boom, Bust, or Bonanza?Multi-Party Computation in 2029: Boom, Bust, or Bonanza?
Multi-Party Computation in 2029: Boom, Bust, or Bonanza?
David Evans
 
Scaling Secure Computation
Scaling Secure ComputationScaling Secure Computation
Scaling Secure Computation
David Evans
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
David Evans
 
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
David Evans
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
David Evans
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
David Evans
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
David Evans
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
David Evans
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
David Evans
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
David Evans
 
Mining
MiningMining
Mining
David Evans
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
David Evans
 
Becoming More Paranoid
Becoming More ParanoidBecoming More Paranoid
Becoming More Paranoid
David Evans
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
David Evans
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
David Evans
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
David Evans
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
David Evans
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
David Evans
 
Silk Road
Silk RoadSilk Road
Silk Road
David Evans
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
David Evans
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
David Evans
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
David Evans
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 

More Related Content

More from David Evans

Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
David Evans
 
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
David Evans
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
David Evans
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
David Evans
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
David Evans
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
David Evans
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
David Evans
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
David Evans
 
Mining
MiningMining
Mining
David Evans
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
David Evans
 
Becoming More Paranoid
Becoming More ParanoidBecoming More Paranoid
Becoming More Paranoid
David Evans
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
David Evans
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
David Evans
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
David Evans
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
David Evans
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
David Evans
 
Silk Road
Silk RoadSilk Road
Silk Road
David Evans
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
David Evans
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
David Evans
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
David Evans
 

More from David Evans (20)

Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
 
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
 
Mining
MiningMining
Mining
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
 
Becoming More Paranoid
Becoming More ParanoidBecoming More Paranoid
Becoming More Paranoid
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
 
Silk Road
Silk RoadSilk Road
Silk Road
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
 

Recently uploaded

Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
gb193092
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
ArianaBusciglio
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 

Recently uploaded (20)

Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 

Computing Cooperatively with People You Don't Trust

  • 1. Computing Cooperatively with People You Don't Trust University of Richmond 30 January 2012 David Evans University of Virginia http://www.cs.virginia.edu/evans http://MightBeEvil.com
  • 2. “Genetic Dating” Bob Alice Genome Compatibility Protocol Your offspring will have WARNING! Your offspring will have WARNING! good immune systems! Don’t Reproduce good immune systems! Don’t Reproduce 2
  • 3. 3
  • 4. Genome Sequencing 1990: Human Genome Project starts, estimate $3B to sequence one genome ($0.50/base) 2000: Human Genome Project declared complete, cost ~$300M Whitehead Institute, MIT 4
  • 5. $100,000,000 Cost to sequence human genome Moore’s Law prediction (halve every 18 months) $10,000,000 $1,000,000 $100,000 $10,000 Jun 2010 Jun 2005 Sep 2001 Feb 2002 Sep 2006 Feb 2007 May 2003 Aug 2004 Apr 2006 May 2008 Aug 2009 Mar 2004 Jan 2005 Nov 2005 Mar 2009 Jan 2010 Dec 2002 Dec 2007 Jul 2002 Oct 2003 Jul 2007 Oct 2008 Data from National Human Genome Research Institute: http://www.genome.gov/sequencingcosts5
  • 6. $100,000,000 Cost to sequence human genome Moore’s Law prediction (halve every 18 months) $10,000,000 $1,000,000 $100,000 $10,000 Ion torrent Personal Genome Machine Sep 2001 Feb 2002 Sep 2006 Feb 2007 May 2003 Aug 2004 Nov 2005 Apr 2006 May 2008 Aug 2009 Mar 2004 Jan 2005 Dec 2002 Jun 2005 Mar 2009 Jan 2010 Dec 2007 Jun 2010 Jul 2002 Oct 2003 Jul 2007 Oct 2008 Data from National Human Genome Research Institute: http://www.genome.gov/sequencingcosts6
  • 7. Human Genome Sequencing Using Unchained Base Reads on Self-Assembling DNA Nanoarrays. Radoje Drmanac, Andrew B. Sparks, Matthew J. Callow, Aaron L. Halpern, Norman L. Burns, Bahram G. Kermani, Paolo Carnevali, Igor Nazarenko, Geoffrey B. Nilsen, George Yeung, Fredrik Dahl, Andres Fernandez, Bryan Staker, Krishna P. Pant, Jonathan Baccash, Adam P. Borcherding, Anushka Brownley, Ryan Cedeno, Linsu Chen, Dan Chernikoff, Alex Cheung, Razvan Chirita, Benjamin Curson, Jessica C. Ebert, Coleen R. Hacker, Robert Hartlage, Brian Hauser, Steve Huang, Yuan Jiang, Vitali Karpinchyk, Mark Koenig, Calvin Kong, Tom Landers, Catherine Le, Jia Liu, Celeste E. McBride, Matt Morenzoni, Robert E. Morey, Karl Mutch, Helena Perazich, Kimberly Perry, Brock A. Peters, Joe Peterson, Charit L. Pethiyagoda, Kaliprasad Pothuraju, Claudia Richter, Abraham M. Rosenbaum, Shaunak Roy, Jay Shafto, Uladzislau Sharanhovich, Karen W. Shannon, Conrad G. Sheppy, Michel Sun, Joseph V. Thakuria, Anne Tran, Dylan Vu, Alexander Wait Zaranek, Xiaodi Wu, Snezana Drmanac, Arnold R. Oliphant, William C. Banyai, Bruce Martin, Dennis G. Ballinger, George M. Church, Clifford A. Reid. Science, January 2010.
  • 8. Dystopia Personalized Medicine 8
  • 9. Secure Two-Party Computation Bob’s Genome: ACTG… Alice’s Genome: ACTG… Markers (~1000): *0,1, …, 0+ Markers (~1000): *0, 0, …, 1+ Bob Alice Can Alice and Bob compute a function of their private data, without exposing anything about their data besides the result? 9
  • 10. Secure Function Evaluation Alice (circuit generator) Bob (circuit evaluator) Garbled Circuit Protocol Andrew Yao, 1982/1986
  • 11. Regular Logic Inputs Output a b x 0 0 0 0 1 0 1 0 0 1 1 1 a b AND x
  • 12. Computing with Meaningless Values? Inputs Output a b x a0 b0 x0 a0 b1 x0 a1 b0 x0 a1 b1 x1 a0 or a1 b0 or b1 ai, bi, xi are random values, chosen by the circuit generator but meaningless to the AND circuit evaluator. x0 or x1
  • 14. Logic with Privacy Inputs Output a b x a0 b0 a0 b1 a1 b0 a1 b1
  • 15. Computing with Garbled Tables Inputs Output a b x Bob can only decrypt a0 b0 Enca0,b0(x0) one of these! a0 b1 Enca0,b1(x0) a1 b0 Enca1,b0(x0) a1 b1 Enca1,b1(x1) a0 or a1 b0 or b1 Garbled And Gate Random Enca0, b1(x0) Permutation AND Enca1,b1(x1) Enca1,b0(x0) x0 or x1 Enca0,b0(x0)
  • 16. Garbled Circuit Protocol Alice (circuit generator) Bob (circuit evaluator) Garbled Gate Enca0, b1(x0) Enca1,b1(x1) Enca1,b0(x0) Enca0,b0(x0) Sends ai to Bob based on her input value How does the Bob learn his own input wires?
  • 17. Primitive: Oblivious Transfer Alice Bob Oblivious Transfer Protocol Oblivious: Alice doesn’t learn which secret Bob obtains Transfer: Bob learns one of Alice’s secrets Rabin, 1981; Even, Goldreich, and Lempel, 1985; many subsequent papers
  • 18. Chaining Garbled Circuits And Gate 1 a0 b0 a1 b1 Enca10, b11(x10) Enca11,b11(x11) AND AND Enca11,b10(x10) x1 Enca10,b10(x10) x0 Or Gate 2 Encx00, x11(x21) Encx01,x11(x21) OR Encx01,x10(x21) x2 Encx00,x10(x20) … We can do any computation privately this way! 18
  • 19. Building Computing Systems Encx00, x11(x21) Encx01,x11(x21) Encx01,x10(x21) Encx00,x10(x20) Digital Electronic Circuits Garbled Circuits Operate on known data Operate on encrypted wire labels One-bit logical operation requires One-bit logical operation requires moving a few electrons a few performing (up to) 4 encryption nanometers operations: very slow execution (hundreds of Billions per second) Reuse is great! Reuse is not allowed for privacy: huge circuits needed 19
  • 20. Fairplay Alice Bob SFDL SFDL Compiler Compiler Circuit (SHDL) SFDL Program Garbled Tables Generator Dahlia Malkhi, Noam Nisan, Benny Pinkas and Yaron Sella Garbled Tables [USENIX Sec 2004] Evaluator 20
  • 21. Faster Garbled Circuits Circuit-Level Application Circuit Structure Circuit Structure GC Framework GC Framework (Generator) (Evaluator) Encx00, x11(x21) Encx20, x21(x30) x21 Encx20,(x2(x41) Encx01,x1x4x3x3 )(x51) x31 Enc 1 0,(x3 1 Encx21,x2x4 ,1x5 )(x61) Enc 1 0 1 01 Encx21(x2(x46 )(x71) x41 Enc Encx01,x1x4 ,x310) x 11 0) Enc0 ,x31 ) Encx21,x2x4x31,(x5 0) Enc0(x311(x6 1 x51 Encx21,x3x3 ,x60) 0) Enc0(x4 1 ) 1,x5 Encx41,x30(x5(x7 1 0 x60 Encx41,x50(x60) x71 Encx31,x60(x71) Gates can be evaluated as they are generated: pipelining Gates can be evaluated in any topological sort order: parallelizing Garbled evaluation can be combined with normal execution 21
  • 22. Results: Performance Fairplay Binary gates per [PSSW09] millisecond TASTY Our Results 100,000 gates per second 0 10 20 30 40 50 60 70 80 90 100 22
  • 23. Results: Scalability Fairplay Largest circuit executed [PSSW09] (non-free gates) TASTY Our Results 0 1,000,000,000 23
  • 24. Private Personal Genomics Applications Privacy-Preserving Biometric Matching Private AES Encryption Private Set Intersection 24
  • 25. Heterozygous Recessive Risk Alice A a carrier A AA Aa Bob a aA aa cystic fibrosis Alice’s Heterozygous Recessive genes: , 5283423, 1425236, 839523, … - Bob’s Heterozygous Recessive genes: , 5823527, 839523, 169325, … - Goal: find the intersection of A and B 25
  • 26. Bit Vector Intersection Alice’s Recessive genes: Bob’s Recessive genes: , 5283423, 1425236, 839523, … - , 5823527, 839523, 169325, … - [ PAH, PKU, CF, … + [ 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0] [ 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0] ... AND AND AND ... Bitwise AND 26
  • 28. Sort-Compare-Shuffle Sort: Take advantage of total order of elements Compare adjacent elements Shuffle to hide positions 28
  • 29. SCS-WN Protocol Results 1000 Theoretical Projection Experimental Observation Seconds 100 10 1 128 256 512 1024 2048 4096 8192 Set Size (each set) 32-bit values
  • 30. 30
  • 31. Best Previous Problem Result Our Result Speedup NDSS Private Set Intersection (contact Competitive with best custom 2012 matching, common disease carrier) protocols, scales to millions of 32-bit elements Hamming Distance (Face 213s 0.051s 4176 Recognition) [SCiFI, 2010] USENIX Security 2011 Levenshtein Distance 534s 18.4s 29 (genome, text comparison) – two [Jha+, 2008] 200-character inputs Smith-Waterman (genome [Not 447s - alignment) – two 60-nucleotide Implementable] sequences AES Encryption 3.3s 0.2s 16.5 [Henecka, 2010] NDSS Fingerprint Matching (1024-entry ~83s 18s 4.6 2011 database, 640x8bit vectors) [Barni, 2010] 31
  • 32. Research Group and Alumni 32
  • 33. Peter Chapman Yan Huang (UVa BACS 2012) (UVa Computer Science PhD Student) Funding: Jonathan Katz NSF, MURI (AFOSR), Google (University of Maryland) 33

Editor's Notes

  1. .