[crypto] [Fwd: [risc-list] RISC at CWI (Apr 24): Secret Sharing and Multiparty Computation]

R. Hirschfeld ray at unipay.nl
Fri Apr 17 01:24:00 CEST 2015

---------------------------- Original Message ----------------------------
Subject: [risc-list] RISC at CWI (Apr 24): Secret Sharing and Multiparty
From:    "Serge Fehr" <Serge.Fehr at cwi.nl>
Date:    Wed, April 15, 2015 13:38
To:      risc-list at cwi.nl

Dear Colleagues,

we cordially invite you to a RISC seminar on

                                 *Secret Sharing and Multiparty Computation*

The seminar will take place at CWI Amsterdam, The Netherlands, on

                            *Friday, April 24, 2015, in Room L017*

starting at 14:00h. The program features talks by Nico Döttling (Aarhus
University, DK), Diego Mirandola (CWI) and Meilof Veeningen (Eindhoven
University of Technology). The schedule is as follows.

  14:00 - 14:45 h       Diego Mirandola: On Code Products and Critical
Pairs for the Product Singleton Bound
  15:00 - 15:45 h       Meilof Veeningen: Guaranteeing Correctness in
Privacy-Friendly Outsourcing by Certificate Validation
  16:15 - 17:00 h       Nico Döttling: Linear Secret Sharing Schemes
from Error Correcting Codes and Universal Hash Functions

See below and/or the RISC web page www.cwi.nl/crypto/risc.php for the

See you then and there!

Best regards,
Ronald Cramer and Serge Fehr


Diego Mirandola: *On Code Products and Critical Pairs for the Product
Singleton Bound*

Abstract: Given two (linear) codes C, D with the same length, their
product CD is defined as the linear span of all componentwise products
xy, with x in C, y in D. If C=D, C^2 is also called the square of the
code C. Our interest in this notion is motivated by a number of
cryptographic applications, such as error-correcting pairs, secret
sharing and cryptanalysis of code-based cryptosystems. The first part of
the talk will survey these applications.
Then we characterize Product-MDS pairs, i.e. pairs of codes C, D whose
product has maximum-possible minimum distance. We prove in particular,
for C=D, that if C^2 has minimum distance at least 2, and (C,C) is a
Product-MDS pair, then either C is a Reed-Solomon code, or C is a direct
sum of self-dual codes. In passing we establish coding-theoretic
analogues of classical theorems of additive combinatorics. This is a
joint work with G. Zémor.

Meilof Veeningen: *Guaranteeing Correctness in Privacy-Friendly
Outsourcing by Certificate Validation*

Abstract: With computation power in the cloud becoming a commodity, it
is more and more convenient to outsource computations to external
computation parties. Assuring confidentiality, even of inputs by
mutually distrusting inputters, is possible by distributing computations
between different parties using multiparty computation. Unfortunately,
this typically only guarantees correctness if a limited number of
computation parties are malicious. If correctness is needed when all
computation parties are malicious, then one currently needs either fully
homomorphic encryption or ``universally verifiable'' multiparty
computation; both are impractical for large computations. In this work
we show for the first time how to achieve practical privacy-friendly
outsourcing with correctness guarantees, by using normal multiparty
techniques to compute the result of a computation, and then using slower
verifiable techniques only to verify that this result was correct. We
demonstrate the feasibility of our approach in a linear programming case

Nico Döttling: *Linear Secret Sharing Schemes from Error Correcting
Codes and Universal Hash Functions*

Abstract: We present a novel method for constructing linear secret
sharing schemes (LSSS) from linear error correcting codes and linear
universal hash functions in a blackbox way. The main advantage of this
new construction is that the privacy property of the resulting secret
sharing scheme essentially becomes independent of the code we use, only
depending on its rate. This allows us to fully harness the algorithmic
properties of recent code constructions such as efficient encoding and
decoding or efficient list-decoding. Choosing the error correcting codes
and universal hash functions involved carefully, we obtain solutions to
the following open problems: (1) A linear near-threshold secret sharing
scheme with both linear time sharing and reconstruction algorithms and
large secrets (i.e. secrets of size Ω(n)). Thus, the computational
overhead per shared bit in this scheme is constant. (2) An efficiently
reconstructible robust secret sharing scheme for n/3 ≤ t ≤ (1-ε) n/2
corrupted players (for any constant ε > 0) with shares of optimal size
O(1+λ/n) and secrets of size Ω(n+λ), where λ is the security parameter.
Joint work with R. Cramer, I. Damgård, S. Fehr, and G. Spini.

risc-list mailing list
risc-list at cwi.nl

More information about the crypto mailing list