#### DMCA

## From oblivious AES to efficient and secure database join in the multiparty setting

Citations: | 6 - 4 self |

### Citations

843 |
Universal classes of hash functions
- Carter, Wegman
- 1979
(Show Context)
Citation Context ... Such a function can be used to reduce the length of the unique key that spans over several columns. However, this function must support efficient oblivious evaluation. The Carter-Wegman construction =-=[16]-=- h(k, x) = xsks + · · · + x2k2 + x1k1 is a good candidate for our application as it consist of a few simple operations and it is 2 −ℓ almost universal when computations are done over the field F 2 ℓ. ... |

818 | Universally Composable Security: A New Paradigm for Cryptographic Protocols
- Canetti
- 2002
(Show Context)
Citation Context ...ttack against real protocol can be converted to an attack against ideal protocol such that both attacks have comparable resource consumption and roughly the same success rate, see standard treatments =-=[22,14,15]-=- for further details. A canonical security proof uses a wrapper (simulator) to link a real world adversary with the ideal world execution model. More precisely, the simulator has to correctly fake mis... |

457 | Security and Composition of Multiparty Cryptographic Protocols
- Canetti
(Show Context)
Citation Context ...ttack against real protocol can be converted to an attack against ideal protocol such that both attacks have comparable resource consumption and roughly the same success rate, see standard treatments =-=[22,14,15]-=- for further details. A canonical security proof uses a wrapper (simulator) to link a real world adversary with the ideal world execution model. More precisely, the simulator has to correctly fake mis... |

287 | Efficient Private Matching and Set Intersection
- Freedman, Nissim, et al.
(Show Context)
Citation Context ...arty case [3]. However, their protocol reveals the resulting database. Freedman et al. showed how oblivious polynomial evaluation and balanced hashing can be used to implement secure set intersection =-=[20]-=-. The resulting two-party protocol is based on additively homomorphic encryption and has complexity Θ(m1m2) without balanced hashing. The latter significantly reduces the amount of computations by spl... |

272 |
Foundations of Cryptography: Volume 2, Basic Applications
- Goldreich
- 2004
(Show Context)
Citation Context ...ttack against real protocol can be converted to an attack against ideal protocol such that both attacks have comparable resource consumption and roughly the same success rate, see standard treatments =-=[22,14,15]-=- for further details. A canonical security proof uses a wrapper (simulator) to link a real world adversary with the ideal world execution model. More precisely, the simulator has to correctly fake mis... |

263 | Information Sharing Across Private Databases
- Agrawal, Evfimievski, et al.
(Show Context)
Citation Context ...e in our model where input and output tables are secret shared. One of the first articles on privacy-preserving datamining showed how exponentiation can be used to compute equi-join in two-party case =-=[3]-=-. However, their protocol reveals the resulting database. Freedman et al. showed how oblivious polynomial evaluation and balanced hashing can be used to implement secure set intersection [20]. The res... |

146 | FairplayMP: a system for secure multi-party computation
- Ben-David, Nisan, et al.
- 2008
(Show Context)
Citation Context ...not learn anything about private data unless the size of a coalition is over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP =-=[6]-=-, SecureSCM [2], SEPIA [13], Sharemind [8], VMCrypt [30] and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied ... |

130 | Implementing Gentry’s fully-homomorphic encryption scheme
- Gentry, Halevi
- 2011
(Show Context)
Citation Context ...one can carry out on encrypted data is rather limited unless we use fully homomorphic encryption. Unfortunately, such encryption schemes are far from being practical even for moderate-sized data sets =-=[21]-=-. Another compelling alternative is share-computing, since it assures data confidentiality and provides a way to compute on secret shared data, which is several magnitudes more efficient than fully ho... |

119 | Faster secure two-party computation using garbled circuits
- Huang, Evans, et al.
- 2011
(Show Context)
Citation Context ...ret key are secret-shared in this context. The resulting AES-evaluation protocol is interesting in its own right. First, AES is becoming a standard performance benchmark for share-computing platforms =-=[18,25,33,28]-=- and thus we can directly compare how well the implementation on the Sharemind platform does. Second, a secret-shared version of AES can be used to reduce security requirements put onto the key manage... |

100 | Secure two-party computation is practical
- Pinkas, Schneider, et al.
- 2009
(Show Context)
Citation Context ...ret key are secret-shared in this context. The resulting AES-evaluation protocol is interesting in its own right. First, AES is becoming a standard performance benchmark for share-computing platforms =-=[18,25,33,28]-=- and thus we can directly compare how well the implementation on the Sharemind platform does. Second, a secret-shared version of AES can be used to reduce security requirements put onto the key manage... |

92 | Sharemind: A framework for fast privacy-preserving computations
- Bogdanov, Laur, et al.
- 2008
(Show Context)
Citation Context ...ss the size of a coalition is over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP [6], SecureSCM [2], SEPIA [13], Sharemind =-=[8]-=-, VMCrypt [30] and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world settings [10,9]. Note that v... |

83 | Multiparty computation from somewhat homomorphic encryption
- Damg̊ard, Pastro, et al.
- 2012
(Show Context)
Citation Context ...s. Although the bitwise sharing alone is not secure against malicious corruption, shared message authentication codes can be used to guarantee integrity of secret sharings throughout the computations =-=[19,32]-=-. Security definitions and proofs. We use standard security definitions based on ideal versus real world paradigm. In brief, security is defined by comparing a real protocol with an ideal implementati... |

83 | Tasty: tool for automating secure two-party computations
- Henecka, Kögl, et al.
- 2010
(Show Context)
Citation Context ...s over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP [6], SecureSCM [2], SEPIA [13], Sharemind [8], VMCrypt [30] and TASTY =-=[24]-=- computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world settings [10,9]. Note that various database operations ar... |

22 | Vmcrypt - modular software architecture for scalable secure computation
- Malka, Katz
- 2011
(Show Context)
Citation Context ...f a coalition is over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP [6], SecureSCM [2], SEPIA [13], Sharemind [8], VMCrypt =-=[30]-=- and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world settings [10,9]. Note that various databas... |

22 |
Sai Sheshank Burra. A new approach to practical active-secure two-party computation
- Nielsen, Nordholt, et al.
- 2012
(Show Context)
Citation Context ...s. Although the bitwise sharing alone is not secure against malicious corruption, shared message authentication codes can be used to guarantee integrity of secret sharings throughout the computations =-=[19,32]-=-. Security definitions and proofs. We use standard security definitions based on ideal versus real world paradigm. In brief, security is defined by comparing a real protocol with an ideal implementati... |

20 | Energy Scalable Universal Hashing
- Kaps, Yüksel, et al.
(Show Context)
Citation Context ...ctions with lower multiplicative complexity or to prove that current constructions are optimal. The circuit complexity of universal hash functions has been studied in the context of energy efficiency =-=[27]-=-, the main goal has been minimisation of total circuit complexity which is a considerably different minimisation goal. Acknowledgments. The work of Riivo Talviste was supported by European Social Fund... |

19 | A new combinational logic minimization technique with applications to cryptology. Experimental Algorithms
- Boyar, Peralta
- 2010
(Show Context)
Citation Context ...n to boost efficiency further. Circuit minimisation for the AES S-box is a widely studied problem in the hardware design with many known results. In this work, we use the designs by Boyar and Peralta =-=[11,12]-=-. Note that their aim was to minimise the total number of gates and the overall circuit depth, while we need a circuit with minimal number of multiplication gates (AND operations) and with paths that ... |

16 |
Deploying secure multi-party computation for financial data analysis
- Bogdanov
- 2012
(Show Context)
Citation Context ...[13], Sharemind [8], VMCrypt [30] and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world settings =-=[10,9]-=-. Note that various database operations are particularly important in privacypreserving data processing. Efficient and secure protocols for most key operations on secret-shared databases are already k... |

15 |
Xenofontas Dimitropoulos. SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics
- Burkhart, Strasser, et al.
- 2010
(Show Context)
Citation Context ...rivate data unless the size of a coalition is over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP [6], SecureSCM [2], SEPIA =-=[13]-=-, Sharemind [8], VMCrypt [30] and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world settings [10,... |

12 |
Secure multiparty aes
- Damgård, Keller
- 2010
(Show Context)
Citation Context ...ret key are secret-shared in this context. The resulting AES-evaluation protocol is interesting in its own right. First, AES is becoming a standard performance benchmark for share-computing platforms =-=[18,25,33,28]-=- and thus we can directly compare how well the implementation on the Sharemind platform does. Second, a secret-shared version of AES can be used to reduce security requirements put onto the key manage... |

11 | ChaCha, a variant of Salsa20. http://cr.yp.to/papers.html# chacha - Bernstein - 2008 |

11 | Round-efficient oblivious database manipulation - Laur, Willemson, et al. - 2011 |

8 | A small depth-16 circuit for the AES S-Box
- Boyar, Peralta
- 2012
(Show Context)
Citation Context ...n to boost efficiency further. Circuit minimisation for the AES S-box is a widely studied problem in the hardware design with many known results. In this work, we use the designs by Boyar and Peralta =-=[11,12]-=-. Note that their aim was to minimise the total number of gates and the overall circuit depth, while we need a circuit with minimal number of multiplication gates (AND operations) and with paths that ... |

6 |
János Komlós, and Endre Szemerédi. Sorting in log n parallel steps
- Ajtai
- 1983
(Show Context)
Citation Context ...two such tables, we can filter out rows that contain fake entries (ci = 1 for either one or both tables). The oblivious sorting step can be performed in Θ(m log m) steps using the AKS sorting network =-=[4]-=- and the ordering predicate 8 (ki, bi) ≼ (kj, bj) ⇔ ki ≤ kj ∧ bi ≤ bj . 8 For practical database sizes, other networks with Θ(m log 2 m) are more efficient but they are still sub-quadratic.Mask-and-m... |

6 | Efficient lookup-table protocol in secure multiparty computation
- Launchbury, Diatchki, et al.
- 2012
(Show Context)
Citation Context |

4 |
report D9.1: Secure Computation Models and Frameworks
- Technical
- 2008
(Show Context)
Citation Context ...ing about private data unless the size of a coalition is over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP [6], SecureSCM =-=[2]-=-, SEPIA [13], Sharemind [8], VMCrypt [30] and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world s... |

1 |
P1 sends s-bit shares m1, k1,1
- Miner
(Show Context)
Citation Context ...e in our model where input and output tables are secret shared. One of the first articles on privacy-preserving datamining showed how exponentiation can be used to compute equi-join in two-party case =-=[3]-=-. However, their protocol reveals the resulting database. Freedman et al. showed how oblivious polynomial evaluation and balanced hashing can be used to implement secure set intersection [20]. The res... |