[Busec] BUsec next week: Abhishek Jain. (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Wed Feb 13 14:25:24 EST 2013

Hi all,

We'll be starting our seminar up again next week.  We will usually
meet at 10am on Mondays, but next week the talk will be on Wednesday
at 10 due to the holiday.  Abhishek Jain will tell us about leakage
and concurrent composition.  With lunch, as usual.

See you there,

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list:  http://cs-mailman.bu.edu/mailman/listinfo/busec
How to get to BU from MIT:  Try the CT2 bus or MIT's "Boston Daytime
Shuttle" http://web.mit.edu/facilities/transportation/shuttles/daytime_boston.html


Title: What Information is Leaked under Concurrent Composition?
Speaker: Abhishek Jain. BU/MIT.
Date: Wed March 20, 10AM, MCS137

Abstract: Achieving security under concurrent composition is
 notoriously hard. Indeed, in the plain model, far reaching
 impossibility results for concurrently secure computation are known.
 On the other hand, some positive results have also been obtained
 according to various weaker notions of security (such as by using a
 super-polynomial time simulator). This suggest that somehow, "not all
 is lost in the concurrent setting". Yet, our understanding of what
 exactly is it that goes wrong in the concurrent setting, and, to what
 extent is currently quite unsatisfactory.

In this work, we ask what and exactly how much private information can
 the adversary learn by launching a concurrent attack? "Can he learn
 all the private inputs in all the sessions? Or, can we preserve the
 security of some (or even most) of the sessions fully while
 compromising (a small fraction of) other sessions? Or is it the case
 that the security of all (or most) sessions is (at least partially)
 compromised? If so, can we restrict him to learn an arbitrarily small
 fraction of input in each session?".  We believe the above questions
 to be fundamental to the understanding of concurrent composition.

Towards that end, we take a knowledge-complexity based approach
 (Goldreich-Petrank, STOC'91) to concurrently secure computation by
 allowing the ideal world adversary (a.k.a simulator) to query the
 trusted party for some leakage on the honest party inputs. We obtain
 both positive and negative results, depending upon the nature of the
 leakage queries available to the simulator. Informally speaking, our
 results imply the following: in the concurrent setting, "significant
 loss" of security (translating to high leakage in the ideal world) in
 some of the sessions is unavoidable. However on the brighter side, one
 can make the fraction of such sessions to be an arbitrarily small
 polynomial (while fully preserving the security in all other
 sessions). Our results also have an interesting implication on secure
 computation in the bounded concurrent setting: we show there exist
 protocols which are secure as per the standard ideal/real world notion
 in the bounded concurrent setting. However if the actual number of
 sessions happen to exceed the bound, there is "graceful degradation"
 of security (as the number of sessions increase).

In order to obtain our positive result, we take a "cost-based"
 approach to rewinding in the current setting. In particular, we model
 concurrent rewinding as a set-covering problem and develop what we
 call "sparse rewinding strategies", which yield to other applications
 as well, including improved constructions of precise concurrent

 Joint work with Vipul Goyal and Divya Gupta.

More information about the Busec mailing list