[Busec] busec this week: Pratyay Mukherjee (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Apr 21 17:37:50 EDT 2015

At tomorrow's seminar, we will have Pratyay Mukherjee talking about
multiparty computation.  At next week's seminar, Siddharth Garg will talk
about Integrated Circuit (IC) security and its relation to obfuscation,
work that received a best paper award at USENIX'13. Lunch will be provided
and abstracts below.


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


Title: Two Round MPC from LWE via Multi-Key FHE
Speaker: Pratyay Mukherjee, Aarhus Universitet and Northeastern University
Wednesday April 22, 10am, the Hariri Seminar room


Title: Two Round MPC from LWE via Multi-Key FHE

Abstract:  We construct a general multiparty computation (MPC) protocol in
the common random string (CRS) model with only two rounds of interaction,
which is known to be optimal. In the honest-but-curious setting we only
rely on the learning with errors (LWE) assumption, and in the fully
malicious setting we additionally assume the existence of non-interactive
zero knowledge arguments (NIZKs). Previously, Asharov et al. (EUROCRYPT
'12) showed how to achieve three rounds based on LWE and NIZKs, while Garg
et al. (TCC '14) showed how to achieve the optimal two rounds based on
indistinguishability obfuscation, but it was unknown if two rounds were
possible under simpler assumptions without obfuscation. Our approach relies
on multi-key fully homomorphic encryption (MFHE), introduced by Lopez-Alt
et al. (STOC '12), which enables homomorphic computation over data
encrypted under dierent keys. We use a recent construction of MFHE based on
LWE by Clear and McGoldrick (ePrint '14), and we give a simplied
stand-alone exposition of that scheme. We then extend this construction to
allow for a one-round distributed decryption of a multi-key ciphertext. Our
entire MPC protocol consists of the following two rounds:

1. Each party individually encrypts its input under its own key and
broadcasts the ciphertext. All parties can then homomorphically compute a
multi-key encryption of the output.

2. Each party broadcasts a partial decryption of the output using its
secret key. The partial decryptions can be combined to recover the output
in plaintext.

A joint work with Daniel Wichs. Available at


Title:  "Secure Integrated Circuit (IC) Fabrication Using Obfuscation"
Speaker: Siddharth Garg, NYU Poly
Wednesday April 29, 10am, the Hariri Seminar room

Abstract: For economic reasons, the fabrication of digital ICs is
increasingly outsourced. This comes at the expense of trust - the untrusted
fabrication facility ("foundry") could pirate the intellectual property of
the IC designer, or worse, maliciously modify the IC to  leak secret
information from the chip or sabotage its functionality.

In this talk, I will present my recent work on two defense mechanisms based
on hardware obfuscation to secure computer hardware against such attacks.
The first is split manufacturing, which enables a designer to partition a
digital circuit across multiple chips, fabricate each separately, and
"glue" them together after fabrication. Since each foundry only sees a part
of the netlist, its ability to infer the design intent is hindered. I will
propose a quantitative notion of security for split manufacturing and
explore the resulting cost-security trade-offs.

In the second part of the talk, I will discuss another defense mechanism -
IC camouflaging.  IC camouflaging allows for the Boolean functionality of a
gate to be hidden from the attacker. Previous work indicates that if a
carefully selected subset of gates in the netlist is camouflaged, an
attacker is forced to use a "brute-force search" to decamouflage the
circuit.  I will present an attack that demonstrates that  IC camouflaging
is, in fact, less effective than previously thought. I will conclude with
some preliminary thoughts on provably secure IC fabrication and how it
relates to the foundational work on function obfuscation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20150421/bbfd7019/attachment.html>

More information about the Busec mailing list