Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MPC] Specify actively secure two-party authenticated bit protocol #63

Open
Tracked by #47
jschneider-bensch opened this issue Apr 18, 2024 · 5 comments
Open
Tracked by #47

[MPC] Specify actively secure two-party authenticated bit protocol #63

jschneider-bensch opened this issue Apr 18, 2024 · 5 comments
Assignees
@jschneider-bensch

Comments

@jschneider-bensch
Copy link
Contributor

jschneider-bensch commented Apr 18, 2024
edited
Loading

Specify the Ferret Correlated OT KOS15 correlated OT extension.

Original Issue

abit

The main building block for n-party authenticated bits is the two-party authenticated bit protcol.
The above diagram from the original TinyOT paper shows what basic building blocks are required, namely an oblivious transfer protocol and a secure equality check protocol. These are then used to build successively less leaky authenticated bit protocol LaBit, WaBit and finally aBit which has no leakage.
@jschneider-bensch jschneider-bensch self-assigned this Apr 18, 2024
This was referenced Apr 18, 2024
Closed
Closed
Merged
@jschneider-bensch
Copy link
Contributor Author

jschneider-bensch commented Apr 25, 2024
edited
Loading

Currently (as of #72) , the two-party bit authentication subprotocol uses the passively secure base OT directly as a correlated OT to authenticate bits between parties, i.e. it does not implement active security countermeasures against cheating. If active security for the whole protocol is required, then fundamentally the bit authentication must also provide active security.

A point to note here is that AFAICT, contrary to the prevailing description of the MPC engine in the paper, this would require all authenticated shares (and therefore all authenticated bits) to be computed upfront all at once instead of being able to iteratively call the bit authentication protocol on demand. This change would also improve performance since malicious security checks would only be performed once for the whole batch of bit authentications, cf. #73.

@jschneider-bensch jschneider-bensch changed the title [MPC] Specify two-party authenticated bit protocol [MPC] Specify actively secure two-party authenticated bit protocol Apr 25, 2024
@franziskuskiefer
Copy link
Member

Moved this back to backlog for this month

@jschneider-bensch jschneider-bensch mentioned this issue Jul 1, 2024
Open
13 tasks
@jschneider-bensch
Copy link
Contributor Author

As KOS15, a building block of the Ferret OT extension, is itself a correlated OT extension it makes sense to specify as a baseline actively secure COT extension. In case we ultimately decide to implement Ferret on top, we need it anyway, otherwise it itself can be used in the actively secure two-party bit authentication spec.

@jschneider-bensch jschneider-bensch mentioned this issue Jul 8, 2024
Open
@jschneider-bensch
Copy link
Contributor Author

The protocol itself works, it still lacks integration with the MPC engine.

@jschneider-bensch
Copy link
Contributor Author

Moving the deadline to the end of the year on this, since we might make use of it for automated checks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jschneider-bensch jschneider-bensch

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@franziskuskiefer @jschneider-bensch