Neha Jawalkar, IISc Bangalore Abstract

Abstract: Secure 2-party computation (2PC) enables secure inference that offers protection for both proprietary machine learning (ML) models and sensitive inputs to them. However, the existing secure inference solutions suffer from high latency and communication overheads, particularly for transformers. Function secret sharing (FSS) is a recent paradigm for obtaining efficient 2PC protocols with a preprocessing phase. We provide SIGMA, the first end-to-end system for secure transformer inference based on FSS. By constructing new FSS-based protocols for complex machine learning functionalities, such as Softmax, GeLU and SiLU, and also accelerating their computation on GPUs, SIGMA improves the latency of secure inference of transformers by 11−19× over the state-of-the-art that uses preprocessing and GPUs. We present the first secure inference of generative pre-trained transformer (GPT) models. In particular, SIGMA executes Meta's LLaMA2 (available on HuggingFace) with 13 billion parameters in 44 seconds and GPT2 in 1.6 seconds. Based on joint work with Kanav Gupta, Ananta Mukherjee, Nishanth Chandran, Divya Gupta, Ashish Panwar and Rahul Sharma

Anuja Modi, IIT Madras Abstract

Abstract: Multi-Input Functional Encryption (MIFE) has emerged as a powerful tool for encrypted computation, most notably enabling new approaches to privacy preserving machine learning. Unfortunately, existing designs suffer from one of two limitations-- either they are incredibly inefficient for practical deployment, or provide weak security insufficient for most applications. We introduce a generalization of MIFE, called Identity-Based MIFE. It enables fine-grained 'identity-based' access control within the system. Each secret key and ciphertext is (additionally) associated with an identity, such that a successful MIFE-style decryption is contingent on the identities associated with the key and ciphertexts matching. Our central goal is to remove undesirable leakage encountered in MIFE systems due to "mix and match'' attacks. We design the first Identity-Based MIFE for degree-2 functions, secure under standard pairing-based assumptions. Our system can be directly used in any vertical federated learning application, leading to improved efficiency, round complexity, and security compared to prior solutions. This merely serves as an example highlighting utility of our system in privacy machine learning. We believe Identity-Based MIFE will likely find more applications and be a valuable addition to the cryptographic toolbox for encrypted computation. Further, we demonstrate practicality of our Identity-Based MIFE system in the form of a proof-of-concept implementation. Our experiments establish that our system is reasonably efficient, even without exploiting standard software optimization techniques. For example, a system supporting up-to 4 users encrypting vectors in Z_q^6 where q is 256-bit prime, the encryption and key generation algorithms take about a minute, while the size of the ciphertexts and secret keys are approximately 200 kB with about 128-bit security. Based on joint work with Shweta Agrawal and Rishab Goyal

Simran Kumari, IIT Madras Abstract

Abstract: The recent work of Ananth et al. (ITCS 2022) introduced the notion of pre-constrained encryption, which can be seen as a variant of functional encryption which provides a meaningful notion of security even against the authority who runs the setup algorithm. The subsequent work of Bartusek et al. (Eurocrypt 2023) extended this notion to group signatures, which allows traceability of malicious users who originate content belonging to a predefined “illegal” set. In our work, we significantly advance the capabilities of pre-constrained cryptography by defining several new primitives and instantiating both these as well as primitives studied by prior work from simple, standard assumptions. Our constructions organically satisfy security against malicious authorities without the need to go through a compiler – this makes our schemes simpler and more efficient, and also removes reliance on pairings or iO, which were needed by the compiler as in prior works. Moreover, for all our primitives, we show that by assuming the hardness of the Learning With Errors (LWE) problem, we can achieve security against an unbounded authority. We believe that unconditional security is of significant importance to derive meaningful guarantees against powerful real-world adversaries. This is based on a joint work with Shweta Agrawal and Ryo Nishimaki.

Protik Kumar Paul, IISc Bangalore Abstract

Abstract: Secure multiparty computation (MPC) enables privacy-preserving collaborative computation over sensitive data held by multiple mutually distrusting parties. Unfortunately, in the most natural setting, where a majority of the parties are maliciously corrupt (also called the dishonest majority setting), traditional MPC protocols incur high overheads and offer weaker security guarantees than are desirable for practical applications. In this paper, we explore the possibility of circumventing these drawbacks and achieving practically efficient dishonest majority MPC protocols with strong security guarantees by assuming an additional semi-honest, non-colluding helper party HP. We believe that this is a more realistic alternative to assuming an honest majority, since many real-world applications of MPC involving potentially large numbers of parties (such as dark pools) are typically enabled by a central governing entity that can be modeled as the HP. In the above model, we are the first to design, implement and benchmark a practically efficient and general multi-party framework, Asterisk. Our framework requires invoking HP only a constant number of times, achieves the strong security guarantee of fairness (either all parties learn the output or none do), scales to hundreds of parties, outperforms all existing dishonest majority MPC protocols, and is, in fact, competitive with state-of-the-art honest majority MPC protocols. Our experiments show that Asterisk achieves 228 − 288x speedup in preprocessing as compared to the best dishonest majority MPC protocol. With respect to online time, Asterisk supports 100-party evaluation of a circuit with 10^6 multiplication gates in approximately 20 seconds. We also implement and benchmark practically efficient and highly scalable dark pool instances using Asterisk. The corresponding run times showcase the effectiveness of Asterisk in enabling efficient realizations of real-world privacy-preserving applications with strong security guarantees.

Akhil Vanukuri, IIT Madras Abstract

Abstract : In the average-case k-SUM problem, given r integers chosen uniformly at random from {0, . . . , M − 1}, the objective is to find a “solution” set of k numbers that sum to 0 modulo M. In the dense regime of M \leq ^{k}, where solutions exist with high probability, the complexity of these problems is well understood. Much less is known in the sparse regime of M >> r^{k}, where solutions are unlikely to exist. In this talk, we focus on the k-SUM problem in the sparse regime, especially one of the variants called the planted k-SUM, where a random solution is planted in a randomly generated instance and has to be recovered. We show that by assuming mild hardness of k-XOR (a variant of planted k-SUM problem), we can construct Public Key Encryption (PKE) from a weaker variant of the Learning Parity with Noise (LPN) problem than was known before. In particular, such LPN hardness does not appear to imply PKE on its own – this suggests that k-XOR/k-SUM can be used to bridge “minicrypt” and “cryptomania” in some cases, and may be applicable in other settings in cryptography. We also briefly discuss a hardness amplification technique that enables us to use a mild hardness assumption about solving planted k-SUM to construct the above-said PKE. Based on joint work with Shweta Agrawal, Sagnik Saha, Nikolaj I. Schwartzbach and Prashant Nalini Vasudevan.