Exploring the Boundaries of Topology-Hiding Computation

  • Marshall Ball
  • Elette Boyle
  • Tal Malkin
  • Tal Moran
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10822)

Abstract

Topology-hiding computation (THC) is a form of multi-party computation over an incomplete communication graph that maintains the privacy of the underlying graph topology. In a line of recent works [Moran, Orlov & Richelson TCC’15, Hirt et al. CRYPTO’16, Akavia & Moran EUROCRYPT’17, Akavia et al. CRYPTO’17], THC protocols for securely computing any function in the semi-honest setting have been constructed. In addition, it was shown by Moran et al. that in the fail-stop setting THC with negligible leakage on the topology is impossible.

In this paper, we further explore the feasibility boundaries of THC.

  • We show that even against semi-honest adversaries, topology-hiding broadcast on a small (4-node) graph implies oblivious transfer; in contrast, trivial broadcast protocols exist unconditionally if topology can be revealed.

  • We strengthen the lower bound of Moran et al. identifying and extending a relation between the amount of leakage on the underlying graph topology that must be revealed in the fail-stop setting, as a function of the number of parties and communication round complexity: Any n-party protocol leaking \(\delta \) bits for \(\delta \in (0,1]\) must have \(\varOmega (n/\delta )\) rounds.

We then present THC protocols providing close-to-optimal leakage rates, for unrestricted graphs on n nodes against a fail-stop adversary controlling a dishonest majority of the n players. These constitute the first general fail-stop THC protocols. Specifically, for this setting we show:
  • A THC protocol that leaks at most one bit and requires \(O(n^2)\) rounds.

  • A THC protocol that leaks at most \(\delta \) bits for arbitrarily small non-negligible \(\delta \), and requires \(O(n^3/\delta )\) rounds.

These protocols also achieve full security (with no leakage) for the semi-honest setting. Our protocols are based on one-way functions and a (stateless) secure hardware box primitive. This provides a theoretical feasibility result, a heuristic solution in the plain model using general-purpose obfuscation candidates, and a potentially practical approach to THC via commodity hardware such as Intel SGX. Interestingly, even with such hardware, proving security requires sophisticated simulation techniques.

References

  1. 1.
    diaspora*: The online social world where you are in controlGoogle Scholar
  2. 2.
    Akavia, A., LaVigne, R., Moran, T.: Topology-hiding computation on all graphs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 447–467. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_15CrossRefGoogle Scholar
  3. 3.
    Akavia, A., Moran, T.: Topology-hiding computation beyond logarithmic diameter. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 609–637. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56617-7_21CrossRefGoogle Scholar
  4. 4.
    Beimel, A.: On private computation in incomplete networks. Distrib. Comput. 19(3), 237–252 (2007)CrossRefMATHGoogle Scholar
  5. 5.
    Beimel, A., Franklin, M.K.: Reliable communication over partially authenticated networks. Theor. Comput. Sci. 220(1), 185–210 (1999)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Beimel, A., Gabizon, A., Ishai, Y., Kushilevitz, E., Meldgaard, S., Paskin-Cherniavsky, A.: Non-interactive secure multiparty computation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 387–404. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44381-1_22CrossRefGoogle Scholar
  7. 7.
    Beimel, A., Malka, L.: Efficient reliable communication over partially authenticated networks. Distrib. Comput. 18(1), 1–19 (2005)CrossRefMATHGoogle Scholar
  8. 8.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computations. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), pp. 1–10 (1988)Google Scholar
  9. 9.
    Bhurman, H., Christandl, M., Unger, F., Wehner, S., Winter, A.: Implications of superstrong nonlocality for cryptography. Proc. R. Soc. A 462(2071), 1919–1932 (2006)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Bläser, M., Jakoby, A., Liskiewicz, M., Manthey, B.: Private computation: k-connected versus 1-connected networks. J. Cryptol. 19(3), 341–357 (2006)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Boyle, E., Goldwasser, S., Tessaro, S.: Communication locality in secure multi-party computation: how to run sublinear algorithms in a distributed setting. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 356–376. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36594-2_21CrossRefGoogle Scholar
  12. 12.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Reif, J.H. (ed.) Proceedings on 34th Annual ACM Symposium on Theory of Computing, 19–21 May 2002, Montréal, Québec, Canada, pp. 494–503. ACM (2002)Google Scholar
  13. 13.
    Chandran, N., Chongchitmate, W., Garay, J.A., Goldwasser, S., Ostrovsky, R., Zikas, V.: The hidden graph model: communication locality and optimal resiliency with adaptive faults. In: Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS 2015, pp. 153–162. ACM, New York (2015)Google Scholar
  14. 14.
    Chandran, N., Garay, J.A., Ostrovsky, R.: Edge fault tolerance on sparse networks. In: Czumaj, A., Mehlhorn, K., Pitts, A., Wattenhofer, R. (eds.) ICALP 2012. LNCS, vol. 7392, pp. 452–463. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31585-5_41CrossRefGoogle Scholar
  15. 15.
    Chandran, N., Goyal, V., Sahai, A.: New constructions for UC secure computation using tamper-proof hardware. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 545–562. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_31CrossRefGoogle Scholar
  16. 16.
    Chang, H., Govindan, R., Jamin, S., Shenker, S.J., Willinger, W.: Towards capturing representative AS-level Internet topologies. Comput. Netw. 44(6), 737–755 (2004)CrossRefGoogle Scholar
  17. 17.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  18. 18.
    Chaum, D., Crepeau, C., Damgard, I.: Multiparty unconditionally secure protocols. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), pp. 11–19 (1988)Google Scholar
  19. 19.
    Chiesa, A., Tromer, E.: Proof-carrying data and hearsay arguments from signature cards. In: Yao, A.C. (ed.) Proceedings of the Innovations in Computer Science – ICS 2010, Tsinghua University, Beijing, China, 5–7 January 2010, pp. 310–331. Tsinghua University Press (2010)Google Scholar
  20. 20.
    Choi, S.G., Katz, J., Schröder, D., Yerukhimovich, A., Zhou, H.-S.: (Efficient) universally composable oblivious transfer using a minimal number of stateless tokens. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 638–662. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54242-8_27CrossRefGoogle Scholar
  21. 21.
    Chor, B., Kushilevitz, E.: A zero-one law for boolean privacy. SIAM J. Discrete Math. 4(1), 36–47 (1991)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: STOC, pp. 364–369 (1986)Google Scholar
  23. 23.
    Cleve, R., Impagliazzo, R.: Martingales, collective coin flipping and discrete control processes (1993, unpublished)Google Scholar
  24. 24.
    Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the black-box complexity of optimally-fair coin tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19571-6_27CrossRefGoogle Scholar
  25. 25.
    Deng, J., Han, R., Mishra, S.: Decorrelating wireless sensor network traffic to inhibit traffic analysis attacks. Pervasive Mob. Comput. 2(2), 159–186 (2006)CrossRefGoogle Scholar
  26. 26.
    Dolev, D.: The Byzantine generals strike again. J. Algorithms 3(1), 14–30 (1982)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. J. ACM 40(1), 17–47 (1993)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Dwork, C., Peleg, D., Pippenger, N., Upfal, E.: Fault tolerance in networks of bounded degree. SIAM J. Comput. 17(5), 975–988 (1988)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Fisch, B., Freund, D., Naor, M.: Physical zero-knowledge proofs of physical properties. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 313–336. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44381-1_18CrossRefGoogle Scholar
  30. 30.
    Fisch, B.A., Freund, D., Naor, M.: Secure physical computation using disposable circuits. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 182–198. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46494-6_9Google Scholar
  31. 31.
    Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Algorithmic Tamper-Proof (ATP) security: theoretical foundations for security against hardware tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258–277. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24638-1_15CrossRefGoogle Scholar
  32. 32.
    Glaser, A., Barak, B., Goldston, R.: A zero-knowledge protocol for nuclear warhead verification. Nature 510, 497–502 (2004)CrossRefGoogle Scholar
  33. 33.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229. ACM (1987)Google Scholar
  34. 34.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431–473 (1996)MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_3CrossRefGoogle Scholar
  36. 36.
    Gordon, S.D., Malkin, T., Rosulek, M., Wee, H.: Multi-party computation of polynomials and branching programs without simultaneous interaction. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 575–591. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_34CrossRefGoogle Scholar
  37. 37.
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-11799-2_19CrossRefGoogle Scholar
  38. 38.
    Halevi, S., Ishai, Y., Jain, A., Kushilevitz, E., Rabin, T.: Secure multiparty computation with general interaction patterns. In: Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science, ITCS 2016, pp. 157–168. ACM, New York (2016)Google Scholar
  39. 39.
    Halevi, S., Lindell, Y., Pinkas, B.: Secure computation on the web: computing without simultaneous interaction. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 132–150. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_8CrossRefGoogle Scholar
  40. 40.
    Hazay, C., Lindell, Y.: Constructions of truly practical secure protocols using standardsmartcards. In: Ning, P., Syverson, P.F., Jha, S. (eds.) Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, 27–31 October 2008, pp. 491–500. ACM (2008)Google Scholar
  41. 41.
    Hinkelmann, M., Jakoby, A.: Communications in unknown networks: preserving the secret of topology. Theoret. Comput. Sci. 384(2–3), 184–200 (2007). Structural Information and Communication Complexity (SIROCCO 2005)MathSciNetCrossRefMATHGoogle Scholar
  42. 42.
    Hirt, M., Maurer, U., Tschudi, D., Zikas, V.: Network-hiding communication and applications to multi-party protocols. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 335–365. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_12CrossRefGoogle Scholar
  43. 43.
    Hofheinz, D., Muller-Quade, J., Unruh, D.: Universally composable zero-knowledge arguments and commitments from signature cards. In: 5th Central European Conference on Cryptology (2005)Google Scholar
  44. 44.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_27CrossRefGoogle Scholar
  45. 45.
    Kamat, P., Zhang, Y., Trappe, W., Ozturk, C.: Enhancing source-location privacy in sensor network routing. In: 25th International Conference on Distributed Computing Systems (ICDCS 2005), 6–10 June 2005, Columbus, OH, USA, pp. 599–608 (2005)Google Scholar
  46. 46.
    Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72540-4_7CrossRefGoogle Scholar
  47. 47.
    Kilian, J.: A general completeness theorem for two-party games. In: Koutsougeras, C., Vitter, J.S. (eds.) Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, 5–8 May 1991, New Orleans, Louisiana, USA, pp. 553–560. ACM (1991)Google Scholar
  48. 48.
    Kumar, M.V.N.A., Goundan, P.R., Srinathan, K., Rangan, C.P.: On perfectly secure communication over arbitrary networks. In: PODC, pp. 193–202 (2002)Google Scholar
  49. 49.
    Kushilevitz, E.: Privacy and communication complexity. SIAM J. Discrete Math. 5(2), 273–284 (1992)MathSciNetCrossRefMATHGoogle Scholar
  50. 50.
    Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. Theor. Comput. Sci. 411(10), 1283–1310 (2010)MathSciNetCrossRefMATHGoogle Scholar
  51. 51.
    Moran, T., Naor, M., Segev, G.: An optimally fair coin toss. J. Cryptol. 29(3), 491–513 (2016)MathSciNetCrossRefMATHGoogle Scholar
  52. 52.
    Moran, T., Orlov, I., Richelson, S.: Topology-hiding computation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 159–181. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46494-6_8Google Scholar
  53. 53.
    Reiter, M.K., Rubin, A.D.: Anonymous web transactions with crowds. Commun. ACM 42(2), 32–38 (1999)CrossRefGoogle Scholar
  54. 54.
    Spring, N.T., Mahajan, R., Wetherall, D.: Measuring ISP topologies with Rocketfuel. In: Proceedings of SIGCOMM 2002 (2002)Google Scholar
  55. 55.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: 1997 IEEE Symposium on Security and Privacy, 4–7 May 1997, Oakland, CA, USA, pp. 44–54 (1997)Google Scholar
  56. 56.
    Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 160–164 (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Marshall Ball
    • 1
    • 2
  • Elette Boyle
    • 2
  • Tal Malkin
    • 1
  • Tal Moran
    • 2
  1. 1.Columbia UniversityNew YorkUSA
  2. 2.IDC HerzliyaHerzliyaIsrael

Personalised recommendations