secure distributed computation on private...
TRANSCRIPT
![Page 1: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/1.jpg)
Secure Distributed Computation on Private Inputs
Foundations & Practice of Security Clermont-Ferrand, France - October 27th, 2015
David Pointcheval ENS - CNRS - INRIA
![Page 2: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/2.jpg)
David Pointcheval / 30
The Cloud
2Introduction
![Page 3: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/3.jpg)
David Pointcheval / 30
Access from Anywhere
3Introduction
![Page 4: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/4.jpg)
David Pointcheval / 30
Available for Everything
One can Store documents, photos, etc Share them with colleagues, friends, family Process the data Ask queries on the data
4Introduction
![Page 5: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/5.jpg)
David Pointcheval / 30
With Current Solutions
The Cloud provider knows the content and claims to actually
identify users and apply access rights safely store the data securely process the data protect privacy
5Introduction
![Page 6: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/6.jpg)
David Pointcheval / 30
But…
For economical reasons, by accident, or attacks data can get deleted any user can access the data one can log
all the connected users all the queries
to analyze and sell/negotiate the information
6Introduction
![Page 7: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/7.jpg)
David Pointcheval / 30
Requirements
Users need more Storage guarantees Privacy guarantees
confidentiality of the data anonymity of the users obliviousness of the queries
How to process users’ queries?
7Introduction
![Page 8: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/8.jpg)
David Pointcheval / 30
Inputs OutputsCircuit
AND
OR
NOTOR
AND
NOT
FHE: The Killer Tool
Fully Homomorphic Encryption allows to process encrypted data, and get the encrypted output
8Some Approaches
[Gentry - STOC ’09][Rivest-Adleman-Dertouzos - FOCS ’78]
![Page 9: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/9.jpg)
David Pointcheval / 30
CircuitEAND
EOR
ENOT
EOR
EAND
ENOT
FHE: The Killer Tool
Fully Homomorphic Encryption allows to process encrypted data, and get the encrypted output
Encrypted Inputs
EncryptedOutputs
8Some Approaches
[Gentry - STOC ’09][Rivest-Adleman-Dertouzos - FOCS ’78]
![Page 10: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/10.jpg)
David Pointcheval / 30
Outsourced Processing
Inputs
Circuit
9
EAND
EOR
ENOTEOR
EAND
ENOT
Some Approaches
![Page 11: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/11.jpg)
David Pointcheval / 30
Outputs
EncryptedOutputs
Outsourced Processing
Encrypted Inputs
Inputs
Circuit
9
EAND
EOR
ENOTEOR
EAND
ENOT
Some Approaches
![Page 12: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/12.jpg)
David Pointcheval / 30
Outputs
EncryptedOutputs
Outsourced Processing
Encrypted Inputs
Inputs
Circuit
no information aboutthe input/output data
9
EAND
EOR
ENOTEOR
EAND
ENOT
Some Approaches
Symmetric encryption (secret key) is enough
![Page 13: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/13.jpg)
David Pointcheval / 30
Strong Privacy
Universal Circuit
Program
10
EAND
EOR
ENOTEOR
EAND
ENOT
Some Approaches
Inputs
![Page 14: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/14.jpg)
David Pointcheval / 30
Outputs
Strong Privacy
Encrypted Inputs + Encrypted Program
Universal Circuit
Program
10
EAND
EOR
ENOTEOR
EAND
ENOTEncryptedOutputs
Some Approaches
Inputs
![Page 15: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/15.jpg)
David Pointcheval / 30
Outputs
Strong Privacy
Encrypted Inputs + Encrypted Program
Universal Circuit
Program
no information aboutthe input/output data nor the program
10
EAND
EOR
ENOTEOR
EAND
ENOTEncryptedOutputs
Some Approaches
Inputs
![Page 16: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/16.jpg)
David Pointcheval / 30
FHE: Ideal Solution?
… But each gate requires huge computations…
Allows private storage Allows private computations
Private queries in an encrypted database Private « googling »
The provider does not learn the content the queries the answers
Privacy by design…
11Some Approaches
![Page 17: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/17.jpg)
David Pointcheval / 30
Confidentiality & SharingEncryption allows to protect data
the provider stores them without knowing themnobody can access them either, except the owner
How to share them with friends?
12Some Approaches
![Page 18: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/18.jpg)
David Pointcheval / 30
Confidentiality & SharingEncryption allows to protect data
the provider stores them without knowing themnobody can access them either, except the owner
How to share them with friends?
Specific people have full access to some data:with public-key encryption for multiple recipientsSpecific people have partial access
such as statistics or aggregation of the data
12Some Approaches
![Page 19: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/19.jpg)
David Pointcheval / 30
Broadcast Encryption
13Some Approaches
[Fiat-Naor - Crypto ‘94]
![Page 20: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/20.jpg)
David Pointcheval / 30
Broadcast Encryption
13Some Approaches
[Fiat-Naor - Crypto ‘94]
![Page 21: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/21.jpg)
David Pointcheval / 30
Broadcast Encryption
The sender can select the target group of receivers This allows to control who will access to the data
13Some Approaches
[Fiat-Naor - Crypto ‘94]
![Page 22: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/22.jpg)
David Pointcheval / 30
Functional Encryption
The user generates sub-keys Ky according to the input y
14Some Approaches
[Boneh-Sahai-Waters - TCC ‘11]
![Page 23: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/23.jpg)
David Pointcheval / 30
Functional Encryption
The user generates sub-keys Ky according to the input yFrom C = Encrypt(x), Decrypt(Ky, C) outputs f(x,y)This allows to control the amount of shared data
14Some Approaches
[Boneh-Sahai-Waters - TCC ‘11]
![Page 24: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/24.jpg)
David Pointcheval / 30
OutlineBroadcast Encryption
Efficient solutions for sharing dataFunctional Encryption
Some recent efficient solutions for inner productFully Homomorphic Encryption
Despite recent improvements, this is still inefficientWith 2-party computation
one can get an efficient alternative
15
![Page 25: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/25.jpg)
David Pointcheval / 30
Multi-Party Computation
Secure Multi-Party Computation Ideally: each party gives its input and just learns its output
for any ideal functionality
input output
input output input output
16MPC
![Page 26: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/26.jpg)
David Pointcheval / 30
Multi-Party Computation
Latency too high over Internet……
Secure Multi-Party Computation Ideally: each party gives its input and just learns its output
for any ideal functionality In practice: many interactions between the parties
17
input output
input output input output
MPC
![Page 27: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/27.jpg)
David Pointcheval / 30
Two-Party Computation
General construction: Yao Garbled CircuitsFor specific construction: quite inefficient
18
yx z
f(x, y) = (x + y)e mod n
z = f(x, y)
2-PC
![Page 28: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/28.jpg)
David Pointcheval / 30
Encryption Switching Protocols
With additive encryption E+, multiplication encryption Ex and an interactive switch from c+ to cx:
Alices sends c+A = E+(x), and Bob sends c+
B = E+(y) They compute c = c+
A ⊕ c+B = E+(x+y)
They run the interactive switch to get c’ = Ex(x+y) They compute C = ⊗e c’ = Ex((x+y)e) They run the interactive decryption to gets z
19
f(x, y) = (x + y)e mod n
[Couteau-Peters-P - EPrint 2015/990]
2-PC
![Page 29: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/29.jpg)
David Pointcheval / 30
Homomorphic Encryption
20
Additive encryption on Zn: Paillier encryptionPublic key: n = pqSecret key: d = [��1 mod n] � �Encryption: c = (1 + n)m · rn mod n2
Decryption: m = [cd � 1 mod n2]/n
Additively homomorphic Efficient interactive decryption
[Paillier - Eurocrypt ’99]
2-PC
![Page 30: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/30.jpg)
David Pointcheval / 30
Homomorphic Encryption
21
Multiplicatively homomorphic Efficient interactive decryption
Multiplicative encryption on G: ElGamal encryptionSecret key: x � Zp
Public key: h = gx
Encryption: c = (c0 = gr, c1 = hr · m)Decryption: m = c1/cx
0
If n = pq, with safe primes p = 2p� + 1 and q = 2q� + 1Works for G = n, under the DDH in Z�
p� and Z�q�
Works for G = Jn, under the additional QR assumptionBut does not work in Z�
n…
[ElGamal - IEEE TIT ’85]
2-PC
![Page 31: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/31.jpg)
David Pointcheval / 30
Encoding of Messages
22
Multiplicative encryption on Z�n: by encoding m � Z�
n into Jn
For n = pq, generator g of Jn of order �� � Z�
n\Jn, using the CRT:� = gtp mod p, for an even tp: � � p
� = gtq mod q, for an odd tp: � �� q
hence � � Z�n\Jn
For m � Z�n, a �R {1, . . . , n/2}, so that �a · m � Jn
m1 = ga mod n and m2 = �a · mFrom m1, one gets � = �a mod n using the CRT:
� = mtp
1 mod p and � = mtq
1 mod qFrom m2, one gets m = m2/� mod n
2-PC
![Page 32: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/32.jpg)
David Pointcheval / 30
Homomorphic Encryption
23
Multiplicatively homomorphicEfficient interactive decryptionEfficient encryption switching protocols with the Paillier encryption
Multiplicative encryption on Z�n: for n = pq
Secret key: x, tp, tq � Z�
Public key: � � Z�n\Jn, Jn = �g�, h = gx (ElGamal in Jn)
Encryption: encode m into (m1 = ga, m2 = �a · m) � J2n
encrypt m2 under h, to get (c0, c1)the ciphertext is C = (c0, c1, m1)
Decryption: decrypt (c0, c1) using x, to get m2
convert m1 = ga into � = �a using the CRTget m = m2/� mod n
2-PC
![Page 33: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/33.jpg)
David Pointcheval / 30
Two-Party Computation?
24
The two homomorphic encryption schemes together with the encryption switching protocols:
Efficient two-party computation But in the intersection of the plaintext spaces!
Cannot deal with zero! But cannot avoid zero either during computations!
Zn � Z�n = Z�
n
2-PC
![Page 34: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/34.jpg)
David Pointcheval / 30
How to Handle Zero?
25
One can note thatA � Z�
n, unless m is a non-trivial multiple of p or qB � n
=� they can both be encryptedwith appropriate ElGamal-like encryption
Multiplicatively homomorphic: 0 is absorbing in B Encrypted Zero Test protocols: E+(m) → E+(b)
In order to multiplicatively encrypt m � Zn:One defines b = 1 if m = 0, and b = 0 otherwiseOne encrypts A = m + b mod nOne encrypts B = T b mod n for a random square T
2-PC
![Page 35: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/35.jpg)
David Pointcheval / 30
Set Disjointness Testing
26
Alice’s friends: A = {a1,…, am} Bob’s friends: B = {b1,…, bn}A ∩ B = ∅ ?
Alice computes P(X) = ∏i (X - ai) = ∑i Ai Xi, and sends Ci = E+(Ai)Bob computes Bj = E+(P(bj)) = ∑i bji Ci
They switch to B’j = Ex(P(bj))They compute C’ = Ex(∏j P(bj)) = ∏j B’jThey decrypt C’ → c = ∏j P(bj) = ∏j ∏i (bj - ai)
c = 0 ⇔ A ∩ B ≠ ∅
2-PC
![Page 36: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/36.jpg)
David Pointcheval / 30
Outsourced Computations
Inputs
27Advanced 2-PC
skA skB
![Page 37: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/37.jpg)
David Pointcheval / 30
Outsourced Computations
Encrypted Inputs
Inputs
27
EncryptedOutputs
Advanced 2-PC
skA skB
The user possesses n=pqThe user gives the shares to 2 independent servers
![Page 38: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/38.jpg)
David Pointcheval / 30
Outputs
Outsourced Computations
Encrypted Inputs
Inputs
27
EncryptedOutputs
Advanced 2-PC
skA skB
no information aboutthe input/output data
The user possesses n=pqThe user gives the shares to 2 independent serversInteractive Fully Homomorphic Encryption
![Page 39: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/39.jpg)
David Pointcheval / 30
Homomorphic Encryption
28
[Bresson-Catalano-P. - Asiacrypt ’03]
Additive encryption on Zn: BCP encryptionParameters: n = pq and a square g � Z�
n2
Secret key: x � Zn�(n)
Public key: h = gx mod n2
Encryption: c0 = gr mod n2, for n � [1..n2/2]c1 = hr(1 + mn) mod n2
Decryption: m = [c1/cx0 � 1 mod n2]/n
Alternatively: with �(n) � x0 = x mod n(where x = x0 + nx1)
c1/cx00 = g(x�x0)r · (1 + mn) = (grx1)n · (1 + mn)
= un · (1 + n)m mod n2
Advanced 2-PC
![Page 40: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/40.jpg)
David Pointcheval / 30
Multi-User Setting
29
The two independent servers share the Paillier’s secret key for n=pq and setup a BCP schemeThe servers can convert BCP ciphertexts into Paillier ciphertexts, and run the 2-party protocolThe servers can convert a Paillier ciphertext into a BCP ciphertext for a specific user⇒ Secure efficient outsourced computations
More servers can be used:unless all the servers corrupted, privacy guaranteed
Advanced 2-PC
![Page 41: Secure Distributed Computation on Private Inputsconfiance-numerique.clermont-universite.fr/Slides/D... · 2018. 2. 20. · Secure Distributed Computation on Private Inputs Foundations](https://reader036.vdocuments.us/reader036/viewer/2022071217/604c04fc4397da248731937f/html5/thumbnails/41.jpg)
David Pointcheval / 30
ConclusionThreat
However strong the trustfulness of the Cloud provider may be, any system or human vulnerability can be exploited against privacyPrivacy by design
Tools to limit data accessThe provider is just trusted to
store the data (can be controlled) process and answer any request (or DoS)
30