[MA] FortifiedIPS: Increasing the Security of Multi-Party Computation by Diverse Redundancy

  • Tagung:

    FortifiedIPS: Increasing the Security of Multi-Party Computation
    by Diverse Redundancy

  • Tagungsort:

    https://i62bbb.tm.kit.edu/b/mar-xrf-4dg

  • Datum:

    2021-03-23

  • Zeit:

    15:45

  • In this work we propose an approach to increase security of multi-party-computation (MPC) protocols.
    We consider a setting in which each party consists of several devices with different hardware, operating system and software (diverse redundancy).
    Under the assumption that the devices cannot all be hacked remotely due to their different setup, we construct a protocol that is secure even if the only remaining honest party is partially corrupted.
    To capture that assumption, we propose a corruption model that includes both attacks via physical access and more limited remote hacks that rely on exploits that are specific to hard- or software.
    While there is already work on the use of diverse redundancy for security, as far as we know this has not been done before with a formal security guarantee.
    Many kryptographic protocols (implicitly) assume that each party consists of a single device, which is either entirely corrupted or completely honest.
    So necessarily we divide single parties that take part in a protocol up into several devices that collaboratively fulfill the role of one party in the protocol.
    To secure single points of failure within parties, we use another, already existing, MPC protocol called SPDZ [Dam+13].
    We use this protocol in a very efficient way, that relies on the trust that devices within a party have initially, before any corruptions can take place.
    This initial trust allows us to skip the most expensive part of SPDZ, the setup phase.
    This approach incurs linear overhead compared to protocols that do not split up their parties.
    The resulting protocol can guarantee that parties that loose up to one fourth of their devices to an adversary can still keep their input and output secret and can continue to participate in the protocol as an honest party.