Upcoming Lectures, Labs, and Seminars


Current Lectures, Labs, and Seminars

PrivTech WS17/18
ENCRYPTO Oberseminar

Past Lectures, Labs, and Seminars

PrivTech WS16/17
PrivTech WS15/16

Open Thesis Topics

4 Entries found

Secure two-party computation allows two parties to jointly compute a publicly known function without disclosing their respective inputs to each other. This can be realized using well-known cryptographic protocols such as the ones provided by Yao (Yao’s Garbled Circuits) and Goldreich, Micali, and Wigderson (GMW). These protocols both obliviously evaluate a virtual boolean circuit that represents the desired functionality. In case the functionality consists only of additions and multiplications, there is also the possibility to use a protocol that obliviously evaluates a virtual arithmetic circuit.

The ABY framework provides state-of-the-art implementations of all these protocols. It furthermore allows to select different protocols for different parts of the functionality in order to optimize the overall performance. The circuits representing the functionality can either be defined manually within the framework or are automatically generated from a high-level language with the help of a compiler like CBMC-GC. Nevertheless, the computational and communication overhead incurred by secure two-party computation is at least an order of magnitude higher compared to unprotected computation. Thus, while practicality in several application scenarios can already be claimed, the situation is far from satisfying.

Intel Software Guard Extensions (SGX) seems to be a promising alternative. This technology provides a trusted execution environment within processors s.t. code can be executed securely on a remote machine and is isolated from all other processes running on the same machine. Thereby it is possible for two parties to submit their inputs and (attested) code to an SGX-enabled machine and retrieve the computation result without significant overhead and without disclosing their inputs. What is especially appealing about SGX is its ubiquitous availability as it comes for free in all recent Intel CPUs.

Unfortunately, researchers have found many side-channel attacks that can compromise the security of SGX protected data. For example, a malicious operating system could monitor memory page accesses to infer information about the control flow, which in turn often depends on the data that is supposed to be protected.

Secure function evaluation (SFE) allows two parties to jointly compute a known function on their private data. Private function evaluation (PFE) extends this by allowing one of the parties to define a private function which can then be computed on the private data of the other party without any of the parties learning the other party's private input. Practical PFE has been implemented as SFE of so-called universal circuits (UCs) in [KS16,GKS17]. These circuits can be programmed to evaluate any functionality up to a given size by specifying a number of input bits to the UC.

In the last decade, other approaches were proposed for private function evaluation that do not depend on UCs. These protocols that are defined specifically for PFE are less generic but might achieve better performance in practice. Katz and Malka proposed a PFE scheme based on Yao's garbled circuit protocol in [KM11]. This protocol utilizes additively homomorphic encryption and achieves linear complexity in the circuit size. Mohassel and Sadeghian proposed a protocol with two instantiations in [MS13]. The first instantiation improves over the protocol by Katz and Malka, while the second protocol utilizes oblivious transfers (based on symmetric-key operations), and therefore can be more efficient in practice, despite its O(n log n) complexity in the size of the function n. This thesis will focus on comparing all approaches for practical PFE and implementing one or more of them (based on the thesis type). A comparison between these specific approaches and PFE with UCs is also to be performed.


Silently Learning your Support Vector Machines Models

Bachelor Thesis, Master Thesis

Machine learning (ML) is widely used nowadays to extract new information from existing data and to make predictions based on the learned information. The use of ML, however, raises privacy concerns due to learning on users' data - which often leaks information about the training set - and/or the possibility of learning the service provider's model based on its forecasts. Because of the latter, for example, an adversary possessing the ML model of a company that offers ML as a service (MLaaS), which is a company secret, would (i) not require to pay to the company for the classification anymore and (ii) could even sell the model to a third party which would cause the company to loose in value.

This thesis will focus on deducing the server's Support Vector Machines (SVM) model based on its predictions. Although many solutions were proposed for privacy-preserving machine learning (including frameworks based on multi-party computation), there was a lack of attention to the attacks on the ideal functionality of machine learning. These enable an adversary to learn the service provider's model using specially crafted queries without interfering with the protocol. Possible attacks are shown in, for example, [1]. Furthermore, an example of vulnerable SVM can be found in [2].

Many protocols for secure computation represent the function to be computed as a Boolean circuit consisting of XOR and AND gates. Here, the XOR gates can be computed locally without the use of cryptographic operations, whereas the AND gates require interaction between the parties and are thus expensive. The goal of this thesis is to optimize n-input gates (the gates that map an n-bit input to the corresponding 1-bit output) by replacing them with the minimum number of AND gates and some amount of XOR gates in order to reduce their AND-size.

Pinkas et al. [1] have shown that exactly half of the n-input gates (namely those where the Hamming weight of the function table is even) can be computed by at most n-2 AND gates and free XORs for n<4. The research question is if this holds true also for n=4, 5, etc. The idea is to enumerate all circuits consisting of up to i=0,1, 2, ..., n-1 AND gates on n inputs and see to which n-input functionality they correspond.

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang