The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Nickolai Zeldovich - One of the best experts on this subject based on the ideXlab platform.
-
Building Web Applications on Top of Encrypted Data Using Mylar
Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), 2014Co-Authors: Raluca Ada Popa, Steven Valdez, Jonas Helfer, Emily Stark, Nickolai Zeldovich, Hari BalakrishnanAbstract:Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server (e.g., an attacker, a curious administrator, or a government) can obtain all of the Data stored there. This paper presents Mylar, a platform for building web applications, which protects Data confidentiality against attackers with full access to servers. Mylar stores sensitive Data Encrypted on the server, and decrypts that Data only in users’ browsers. Mylar addresses three challenges in making this approach work. First, Mylar allows the server to perform keyword search over Encrypted documents, even if the documents are Encrypted with different keys. Second, Mylar allows users to share keys and Encrypted Data securely in the presence of an active adversary. Finally, Mylar ensures that client-side application code is authentic, even if the server is malicious. Results with a prototype of Mylar built on top of the Meteor framework are promising: porting 6 applications required changing just 36 lines of code on average, and the performance overheads are modest, amounting to a 17% throughput loss and a 50 ms latency increase for sending a message in a chat application.
-
how to run turing machines on Encrypted Data
International Cryptology Conference, 2013Co-Authors: Shafi Goldwasser, Raluca Ada Popa, Yael Tauman Kalai, Vinod Vaikuntanathan, Nickolai ZeldovichAbstract:Cryptographic schemes for computing on Encrypted Data promise to be a fundamental building block of cryptography. The way one models such algorithms has a crucial effect on the efficiency and usefulness of the resulting cryptographic schemes. As of today, almost all known schemes for fully homomorphic encryption, functional encryption, and garbling schemes work by modeling algorithms as circuits rather than as Turing machines.
-
Processing analytical queries over Encrypted Data
Proceedings of the VLDB Endowment, 2013Co-Authors: Stephen Tu, M. Frans Kaashoek, Samuel Madden, Nickolai ZeldovichAbstract:MONOMI is a system for securely executing analytical workloads over sensitive Data on an untrusted Database server. MONOMI works by encrypting the entire Database and running queries over the Encrypted Data. MONOMI introduces split client/server query execution, which can execute arbitrarily complex queries over Encrypted Data, as well as several techniques that improve performance for such workloads, including per-row precomputation, space-efficient encryption, grouped homomorphic addition, and pre-filtering. Since these optimizations are good for some queries but not others, MONOMI introduces a designer for choosing an efficient physical design at the server for a given workload, and a planner to choose an efficient execution plan for a given query at runtime. A prototype of MONOMI running on top of Postgres can execute most of the queries from the TPC-H benchmark with a median overhead of only 1.24× (ranging from 1.03×to 2.33×) compared to an un-Encrypted Postgres Database where a compromised server would reveal all Data.
-
how to run turing machines on Encrypted Data
2013Co-Authors: Shafi Goldwasser, Raluca Ada Popa, Yael Tauman Kalai, Vinod Vaikuntanathan, Nickolai ZeldovichAbstract:Algorithms for computing on Encrypted Data promise to be a fundamental building block of cryptography. The way one models such algorithms has a crucial effect on the efficiency and usefulness of the resulting cryptographic schemes. As of today, almost all known schemes for fully homomorphic encryption, functional encryption, and garbling schemes work by modeling algorithms as circuits rather than as Turing machines. As a consequence of this modeling, evaluating an algorithm over Encrypted Data is as slow as the worst-case running time of that algorithm, a dire fact for many tasks. In addition, in settings where an evaluator needs a description of the algorithm itself in some “encoded” form, the cost of computing and communicating such encoding is as large as the worst-case running time of this algorithm. In this work, we construct cryptographic schemes for computing Turing machines on Encrypted Data that avoid the worst-case problem. Specifically, we show: – An attribute-based encryption scheme for any polynomial-time Turing machine and Random Access Machine (RAM). – A (single-key and succinct) functional encryption scheme for any polynomialtime Turing machine. – A reusable garbling scheme for any polynomial-time Turing machine. These three schemes have the property that the size of a key or of a garbling for a Turing machine is very short: it depends only on the description of the Turing machine and not on its running time. Previously, the only existing constructions of such schemes were for depth-d circuits, where all the parameters grow with d. Our constructions remove this depth d restriction, have short keys, and moreover, avoid the worst-case
Changhui Hu - One of the best experts on this subject based on the ideXlab platform.
-
efficient wildcard search over Encrypted Data
International Journal of Information Security, 2016Co-Authors: Changhui HuAbstract:Searchable encryption is an important technique that allows the Data owners to store their Encrypted Data in the cloud. It also maintains the ability to search a keyword over Encrypted Data. In practice, searchable encryption scheme supporting wildcard search is very important and widely used. In this paper, we propose a new wildcard search technique to use one wildcard to represent any number of characters. Based on Bloom filter with a novel specified characters position technique, we construct a new searchable symmetric scheme to support wildcard search over Encrypted Data. This scheme is more efficient than prior schemes, and it can be strengthened to be secure against an adaptive attacker (CKA-2 security). Moreover, this scheme can be dynamic to support file addition and deletion. Our wildcard search technique is of independent interest.
Michael Hitchens - One of the best experts on this subject based on the ideXlab platform.
-
achieving secure role based access control on Encrypted Data in cloud storage
IEEE Transactions on Information Forensics and Security, 2013Co-Authors: Lan Zhou, Vijay Varadharajan, Michael HitchensAbstract:With the rapid developments occurring in cloud computing and services, there has been a growing trend to use the cloud for large-scale Data storage. This has raised the important security issue of how to control and prevent unauthorized access to Data stored in the cloud. One well known access control model is the role-based access control (RBAC), which provides flexible controls and management by having two mappings, users to roles and roles to privileges on Data objects. In this paper, we propose a role-based encryption (RBE) scheme that integrates the cryptographic techniques with RBAC. Our RBE scheme allows RBAC policies to be enforced for the Encrypted Data stored in public clouds. Based on the proposed scheme, we present a secure RBE-based hybrid cloud storage architecture that allows an organization to store Data securely in a public cloud, while maintaining the sensitive information related to the organization's structure in a private cloud. We describe a practical implementation of the proposed RBE-based architecture and discuss the performance results. We demonstrate that users only need to keep a single key for decryption, and system operations are efficient regardless of the complexity of the role hierarchy and user membership in the system.
Vinod Vaikuntanathan - One of the best experts on this subject based on the ideXlab platform.
-
shield scalable homomorphic implementation of Encrypted Data classifiers
Other repository, 2015Co-Authors: Alhassan Khedr, Glenn P Gulak, Vinod VaikuntanathanAbstract:Homomorphic encryption (HE) systems enable computations on Encrypted Data, without decrypting and without knowledge of the secret key. In this work, we describe an optimized Ring Learning With Errors (RLWE) based implementation of a variant of the HE system recently proposed by Gentry, Sahai and Waters (GSW). Although this system was widely believed to be less efficient than its contemporaries, we demonstrate quite the opposite behavior for a large class of applications. We first highlight and carefully exploit the algebraic features of the system to achieve significant speedup over the state-of-the-art HE implementation, namely the IBM homomorphic encryption library (HElib). We introduce several optimizations on top of our HE implementation, and use the resulting scheme to construct a homomorphic Bayesian spam filter, secure multiple keyword search, and a homomorphic evaluator for binary decision trees. Our results show a factor of $10\times$ improvement in performance (under the same security settings and CPU platforms) compared to IBM HElib for these applications. Our system is built to be easily portable to GPUs (unlike IBM HElib) which results in an additional speedup of up to a factor of $103.5\times$ to offer an overall speedup of $1{,}035\times$ .
-
shield scalable homomorphic implementation of Encrypted Data classifiers
IACR Cryptology ePrint Archive, 2014Co-Authors: Alhassan Khedr, Glenn P Gulak, Vinod VaikuntanathanAbstract:Homomorphic encryption (HE) systems enable computations on Encrypted Data, without decrypting and without knowledge of the secret key. In this work, we describe an optimized Ring Learning With Errors (RLWE) based implementation of a variant of the HE system recently proposed by Gentry, Sahai and Waters (GSW). Although this system was widely believed to be less efficient than its contemporaries, we demonstrate quite the opposite behavior for a large class of applications. We first highlight and carefully exploit the algebraic features of the system to achieve significant speedup over the state-of-the-art HE implementation, namely the IBM homomorphic encryption library (HElib). We introduce several optimizations on top of our HE implementation, and use the resulting scheme to construct a homomorphic Bayesian spam filter, secure multiple keyword search, and a homomorphic evaluator for binary decision trees. Our results show a factor of 10× improvement in performance (under the same security settings and CPU platforms) compared to IBM HElib for these applications. Our system is built to be easily portable to GPUs (unlike IBM HElib) which results in an additional speedup of up to a factor of 103.5× to offer an overall speedup of 1035×.
-
how to run turing machines on Encrypted Data
International Cryptology Conference, 2013Co-Authors: Shafi Goldwasser, Raluca Ada Popa, Yael Tauman Kalai, Vinod Vaikuntanathan, Nickolai ZeldovichAbstract:Cryptographic schemes for computing on Encrypted Data promise to be a fundamental building block of cryptography. The way one models such algorithms has a crucial effect on the efficiency and usefulness of the resulting cryptographic schemes. As of today, almost all known schemes for fully homomorphic encryption, functional encryption, and garbling schemes work by modeling algorithms as circuits rather than as Turing machines.
-
how to run turing machines on Encrypted Data
2013Co-Authors: Shafi Goldwasser, Raluca Ada Popa, Yael Tauman Kalai, Vinod Vaikuntanathan, Nickolai ZeldovichAbstract:Algorithms for computing on Encrypted Data promise to be a fundamental building block of cryptography. The way one models such algorithms has a crucial effect on the efficiency and usefulness of the resulting cryptographic schemes. As of today, almost all known schemes for fully homomorphic encryption, functional encryption, and garbling schemes work by modeling algorithms as circuits rather than as Turing machines. As a consequence of this modeling, evaluating an algorithm over Encrypted Data is as slow as the worst-case running time of that algorithm, a dire fact for many tasks. In addition, in settings where an evaluator needs a description of the algorithm itself in some “encoded” form, the cost of computing and communicating such encoding is as large as the worst-case running time of this algorithm. In this work, we construct cryptographic schemes for computing Turing machines on Encrypted Data that avoid the worst-case problem. Specifically, we show: – An attribute-based encryption scheme for any polynomial-time Turing machine and Random Access Machine (RAM). – A (single-key and succinct) functional encryption scheme for any polynomialtime Turing machine. – A reusable garbling scheme for any polynomial-time Turing machine. These three schemes have the property that the size of a key or of a garbling for a Turing machine is very short: it depends only on the description of the Turing machine and not on its running time. Previously, the only existing constructions of such schemes were for depth-d circuits, where all the parameters grow with d. Our constructions remove this depth d restriction, have short keys, and moreover, avoid the worst-case
Lei Jiang - One of the best experts on this subject based on the ideXlab platform.
-
glyph fast and accurately training deep neural networks on Encrypted Data
Neural Information Processing Systems, 2020Co-Authors: Qian Lou, Bo Feng, Geoffrey C Fox, Lei JiangAbstract:Big Data is one of the cornerstones to enabling and training deep neural networks (DNNs). Because of the lack of expertise, to gain benefits from their Data, average users have to rely on and upload their private Data to big Data companies they may not trust. Due to the compliance, legal, or privacy constraints, most users are willing to contribute only their Encrypted Data, and lack interests or resources to join the training of DNNs in cloud. To train a DNN on Encrypted Data in a completely non-interactive way, a recent work proposes a fully homomorphic encryption (FHE)-based technique implementing all activations in the neural network by \textit{Brakerski-Gentry-Vaikuntanathan (BGV)}-based lookup tables. However, such inefficient lookup-table-based activations significantly prolong the training latency of privacy-preserving DNNs. In this paper, we propose, Glyph, a FHE-based scheme to fast and accurately train DNNs on Encrypted Data by switching between TFHE (Fast Fully Homomorphic Encryption over the Torus) and BGV cryptosystems. Glyph uses logic-operation-friendly TFHE to implement nonlinear activations, while adopts vectorial-arithmetic-friendly BGV to perform multiply-accumulation (MAC) operations. Glyph further applies transfer learning on the training of DNNs to improve the test accuracy and reduce the number of MAC operations between ciphertext and ciphertext in convolutional layers. Our experimental results show Glyph obtains the state-of-the-art test accuracy, but reduces the training latency by $99\%$ over the prior FHE-based technique on various Encrypted Datasets.
