[147026] in cryptography@c2.net mail archive
Re: [Cryptography] SPDZ,
daemon@ATHENA.MIT.EDU (Max Kington)
Wed Sep 11 13:19:22 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130911112129.GY10405@leitl.org>
Date: Wed, 11 Sep 2013 18:14:42 +0100
From: Max Kington <mkington@webhanger.com>
To: Eugen Leitl <eugen@leitl.org>
Cc: Cryptography List <cryptography@metzdowd.com>, cypherpunks@al-qaeda.net,
cryptography@randombit.net
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5922074890471655667==
Content-Type: multipart/alternative; boundary=047d7b414254dd224704e61ec184
--047d7b414254dd224704e61ec184
Content-Type: text/plain; charset=ISO-8859-1
On 11 Sep 2013 18:01, "Eugen Leitl" <eugen@leitl.org> wrote:
>
>
>
http://www.mathbulletin.com/research/Breakthrough_in_cryptography_could_result_in_more_secure_computing.asp
>
> Breakthrough in cryptography could result in more secure computing
> (9/10/2013)
>
> Tags: computer science, research, security, cryptography
>
> Nigel Smart, Professor of Cryptology
>
> New research to be presented at the 18th European Symposium on Research in
> Computer Security (ESORICS 2013) this week could result in a sea change in
> how to secure computations.
>
> The collaborative work between the University of Bristol and Aarhus
> University (Denmark) will be presented by Bristol PhD student Peter Scholl
> from the Department of Computer Science.
>
> The paper, entitled 'Practical covertly secure MPC for dishonest majority
-
> or: Breaking the SPDZ limits', builds upon earlier joint work between
Bristol
> and Aarhus and fills in the missing pieces of the jigsaw from the groups
> prior work that was presented at the CRYPTO conference in Santa Barbara
last
> year.
>
> The SPDZ protocol (pronounced "Speedz") is a co-development between
Bristol
> and Aarhus and provides the fastest protocol known to implement a
theoretical
> idea called "Multi-Party Computation".
>
> The idea behind Multi-Party Computation is that it should enable two or
more
> people to compute any function of their choosing on their secret inputs,
> without revealing their inputs to either party. One example is an
election,
> voters want their vote to be counted but they do not want their vote made
> public.
>
> The protocol developed by the universities turns Multi-Party Computation
from
> a theoretical tool into a practical reality. Using the SPDZ protocol the
team
> can now compute complex functions in a secure manner, enabling possible
> applications in the finance, drugs and chemical industries where
computation
> often needs to be performed on secret data.
>
> Nigel Smart, Professor of Cryptology in the University of Bristol's
> Department of Computer Science and leader on the project, said: "We have
> demonstrated our protocol to various groups and organisations across the
> world, and everyone is impressed by how fast we can actually perform
secure
> computations.
>
> "Only a few years ago such a theoretical idea becoming reality was
considered
> Alice in Wonderland style over ambitious hope. However, we in Bristol
> realised around five years ago that a number of advances in different
areas
> would enable the pipe dream to be achieved. It is great that we have been
> able to demonstrate our foresight was correct."
>
> The University of Bristol is now starting to consider commercialising the
> protocol via a company Dyadic Security Limited, co-founded by Professor
Smart
> and Professor Yehuda Lindell from Bar-Ilan University in Israel.
A colleague is looking into this venture. I gave him a synopsis of their
additions to SPDZ. There is a white paper describing their technology at
their website which talks about the other two related protocols, Yao and
Tiny-OT.
One interesting use that occurred to me was the ability to split the two
nodes in their implementation across jurisdictions. Especially those who
are unlikely to ever collaborate. That giving you an advantage over a
typical HSM which could live in a jurisdiction that could be seized.
The wp and associated bibliography is available at
http://www.dyadicsec.com/SiteAssets/resources1/DyadicWhitePaper.pdf
Max
>
> Note: This story has been adapted from a news release issued by the
> University of Bristol
>
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
--047d7b414254dd224704e61ec184
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr"><br>
On 11 Sep 2013 18:01, "Eugen Leitl" <<a href=3D"mailto:eugen@l=
eitl.org">eugen@leitl.org</a>> wrote:<br>
><br>
><br>
> <a href=3D"http://www.mathbulletin.com/research/Breakthrough_in_crypto=
graphy_could_result_in_more_secure_computing.asp">http://www.mathbulletin.c=
om/research/Breakthrough_in_cryptography_could_result_in_more_secure_comput=
ing.asp</a><br>
><br>
> Breakthrough in cryptography could result in more secure computing<br>
> (9/10/2013)<br>
><br>
> Tags: computer science, research, security, cryptography<br>
><br>
> Nigel Smart, Professor of Cryptology<br>
><br>
> New research to be presented at the 18th European Symposium on Researc=
h in<br>
> Computer Security (ESORICS 2013) this week could result in a sea chang=
e in<br>
> how to secure computations.<br>
><br>
> The collaborative work between the University of Bristol and Aarhus<br=
>
> University (Denmark) will be presented by Bristol PhD student Peter Sc=
holl<br>
> from the Department of Computer Science.<br>
><br>
> The paper, entitled 'Practical covertly secure MPC for dishonest m=
ajority -<br>
> or: Breaking the SPDZ limits', builds upon earlier joint work betw=
een Bristol<br>
> and Aarhus and fills in the missing pieces of the jigsaw from the grou=
ps<br>
> prior work that was presented at the CRYPTO conference in Santa Barbar=
a last<br>
> year.<br>
><br>
> The SPDZ protocol (pronounced "Speedz") is a co-development =
between Bristol<br>
> and Aarhus and provides the fastest protocol known to implement a theo=
retical<br>
> idea called "Multi-Party Computation".<br>
><br>
> The idea behind Multi-Party Computation is that it should enable two o=
r more<br>
> people to compute any function of their choosing on their secret input=
s,<br>
> without revealing their inputs to either party. One example is an elec=
tion,<br>
> voters want their vote to be counted but they do not want their vote m=
ade<br>
> public.<br>
><br>
> The protocol developed by the universities turns Multi-Party Computati=
on from<br>
> a theoretical tool into a practical reality. Using the SPDZ protocol t=
he team<br>
> can now compute complex functions in a secure manner, enabling possibl=
e<br>
> applications in the finance, drugs and chemical industries where compu=
tation<br>
> often needs to be performed on secret data.<br>
><br>
> Nigel Smart, Professor of Cryptology in the University of Bristol'=
s<br>
> Department of Computer Science and leader on the project, said: "=
We have<br>
> demonstrated our protocol to various groups and organisations across t=
he<br>
> world, and everyone is impressed by how fast we can actually perform s=
ecure<br>
> computations.<br>
><br>
> "Only a few years ago such a theoretical idea becoming reality wa=
s considered<br>
> Alice in Wonderland style over ambitious hope. However, we in Bristol<=
br>
> realised around five years ago that a number of advances in different =
areas<br>
> would enable the pipe dream to be achieved. It is great that we have b=
een<br>
> able to demonstrate our foresight was correct."<br>
><br>
> The University of Bristol is now starting to consider commercialising =
the<br>
> protocol via a company Dyadic Security Limited, co-founded by Professo=
r Smart<br>
> and Professor Yehuda Lindell from Bar-Ilan University in Israel.</p>
<p dir=3D"ltr">A colleague is looking into this venture. I gave him a synop=
sis of their additions to SPDZ. There is a white paper describing their tec=
hnology at their website which talks about the other two related protocols,=
Yao and Tiny-OT. </p>
<p dir=3D"ltr">One interesting use that occurred to me was the ability to s=
plit the two nodes in their implementation across jurisdictions. Especially=
those who are unlikely to ever collaborate. That giving you an advantage o=
ver a typical HSM which could live in a jurisdiction that could be seized. =
</p>
<p dir=3D"ltr">The wp and associated bibliography is available at <a href=
=3D"http://www.dyadicsec.com/SiteAssets/resources1/DyadicWhitePaper.pdf">ht=
tp://www.dyadicsec.com/SiteAssets/resources1/DyadicWhitePaper.pdf</a></p>
<p dir=3D"ltr">Max <br></p>
<p dir=3D"ltr">><br>
> Note: This story has been adapted from a news release issued by the<br=
>
> University of Bristol<br>
><br>
> _______________________________________________<br>
> The cryptography mailing list<br>
> <a href=3D"mailto:cryptography@metzdowd.com">cryptography@metzdowd.com=
</a><br>
> <a href=3D"http://www.metzdowd.com/mailman/listinfo/cryptography">http=
://www.metzdowd.com/mailman/listinfo/cryptography</a><br>
</p>
--047d7b414254dd224704e61ec184--
--===============5922074890471655667==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5922074890471655667==--
