Faster secure two-party computation with less memory
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
More efficient oblivious transfer and extensions for faster secure computation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Privacy-preserving matrix factorization
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Lessons learned with PCF: scaling secure computation
Proceedings of the First ACM workshop on Language support for privacy-enhancing technologies
GPU and CPU parallelization of honest-but-curious secure two-party computation
Proceedings of the 29th Annual Computer Security Applications Conference
Secure outsourced garbled circuit evaluation for mobile devices
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Known protocols for secure two-party computation that are designed to provide full security against malicious behavior are significantly less efficient than protocols intended only to thwart semi-honest adversaries. We present a concrete design and implementation of protocols achieving security guarantees that are much stronger than are possible with semi-honest protocols, at minimal extra cost. Specifically, we consider protocols in which a malicious adversary may learn a single (arbitrary) bit of additional information about the honest party's input. Correctness of the honest party's output is still guaranteed. Adapting prior work of Mohassel and Franklin, the basic idea in our protocols is to conduct two separate runs of a (specific) semi-honest, garbled-circuit protocol, with the parties swapping roles, followed by an inexpensive secure equality test. We provide a rigorous definition and prove that this protocol leaks no more than one additional bit against a malicious adversary. In addition, we propose some heuristic enhancements to reduce the overall information a cheating adversary learns. Our experiments show that protocols meeting this security level can be implemented at cost very close to that of protocols that only achieve semi-honest security. Our results indicate that this model enables the large-scale, practical applications possible within the semi-honest security model, while providing dramatically stronger security guarantees.