Tri-TTP based architecture for Secure Multi-Party

Computations using Virtual Parties

Rohit Patak\ Satyadhar Joshe, Durgesh Kumar Mishra\ Arit Ludhiyane
Acropolis Institute of Technology & Research, Indore, MP, India
2
Shri Vaishnav Institute of Technology & Science, Indore, MP, India
rohitpatha@ieee.org, satyadar joshi@ieee.org, mishra Jesearch@redifail.com, arpit.ludhiyani@ieee.org
Abstract In this paper, we have proposed a novel
architecture for SMC (Secure Multi-party Computations).
This is an advanced version of our earlier Virtual Party
Protocol. The system is based on tri-TTP (Trusted Third
Party) architecture. The classical SMC problem is a
computation which involves data from multiple parties.
The key is to keep the data hidden from other parties. The
protocol also fnd its applications in many intricate
statistical computations such as banking, BPO, survey, etc.
Keywords- SMC (Secure Multi-Party Computation), Information
Security, Data Privacy, BPO (Business Process Outsourcing),
Banking, Statistical Computation, Virtual Party.
I. INTRODUCTION
Yao says that the essence of SMC is performing
computations on data fom multiple parties and also keep the
data of each party hidden fom others. Many solutions have
been proposed by researchers in the past to this problem of
SMC. Does security of protocols in the inforation-theoretic
setting implies security under concurrent composition? This
important question is thoroughly investigated by Eyal et al [1].
The problem of secure multipary set intersection (MFSI) in
information theoretic settings is examined by Arpita et al [2].
A protocol is also designed to minimize this problem. The
protocol designed employs several tools which are of
independent interest. More secure protocols for private
matching, set disjointess and cardinality of set intersection
problems in information teoretic settings is given by [3]. A
new approach for designing an efcient multi-recipient single
message public-key encrption scheme is proposed in [4]. A
strong focus is on certain simulator which appears in the
security proof of a ordinar public-key encryption scheme.
To design protocols where collusion feeness is guateed as
long as mediator is honest is of utmost importance. A novel
collusion-fee protocol for computing ay multi-party
fnctionality is given by [I5].Two diferent protocols are
presented by [6] such that one protocol generates k garbled
gates in the preprocessing stage ad the second protocol
generates a garbled universal circuit of size 0 in the
preprocessing stage and requires only one lower bound. A
stronger notion of security is the "multi-party covert
communication" than standard secure multi-pary
978-1-4244-7202-4/10/$26.00 2010 IEEE
communication. It gutees that its process cannot be
observed. A scheme is thus proposed by Xin et al [7] for
steganographic communication based on a chanel hidden
within quatum secret sharing (QSS). An efcient certifcate
less threshold key encapsulation scheme based on bilinear
pairings has been proposed by [8]. Road map towards
implementing a method of collecting meaningfl interet wide
statistics has been presented in [9]. All the components
required to make it work exists. Inverted indexes represent an
indexed document in its virtual entirety. Te trust and security
required for ay host providing such a index over access
controlled content is huge. Te problem of providing
providing privacy-preserving seach over distributed access
controlled content is addressed by [10].
Two negotiation protocols are provided by Sumit et al
[I4].First protocol is for the case where it is desired that a
nondiscriminator price is adopted for all the buyers and
second protocol the discrimination of the prices among vaious
buyers is allowed. Privacy-preserving solutions to forecasting
as well as benchmarking are provided by [15]. It can be used
to increase the reliability of local forecasts and benchmarks.
Classifcation of Vaious privacy preserving data mining
algorithms are presented by Vassilios et al [16]. I has been
shown in [17] that the privacy-preserving adaptation of
Fagin's AO algorithm is essentially unfeasible. The use of
random projection matrices as a tool for privacy preserving
data mining is explored by [18]. A method for calculation of
linear regression on the union of distributed databases is
presented by Alan et al [19].It does not involve constructing
an integrated database, and thus preserves confdentiality of
the individual databases. A novel crptographic protocol is
proposed in [20]. It allows a secure communication between
parties and the TTP. It also performs secure computation using
encrption.
The most common solution involves the use of a TIP. The
TTP is a pary with computational power and it keeps data
hidden. It is assumed honest and the paticipating parties can
trust te T with their respective data without te fear of
being exposed. Tere have been several additions to this TIP
architecture, all of which have increased the security of the
system, ad some have also increased te complexity. Mishra
et al proposed the use of anoter layer of security between the
paries and the T, called the Anonymizers, thereby
increasing the number of nodes, complexity and security.
Anonymizers hide the identity of paies fom the TTP, giving
the impression that data is coming fom the Anonymizers. We
proposed a Virtual Pary Protocol, which was also aimed at
increasing the security by making use of Virtual Paries for
encrypting data [11]. We have also shown earlier, that with the
use of Virtual Pary Protocol one can achieve zero hacking
probability. We have also shown te use of the same protocol
for securing statistical computations, computations in BPO,
supply chain management [12], banking computations [13],
computations in defense, etc. In this proposal we are
modifing the earlier proposed Virtual Party Protocol in order
to increase the security by keeping two separate paies for
Modifer Tokens ad Data. This we call a t-TTP achitecture.
We also give a detailed security analysis of the system, using
mathematical equations and graphs.
II. PROPOSAL
Each pary will create some virtual paries and distribute
the data among them. This data mainly consists of two pars,
encrpted data and modifer tokens. The modifer tokens and
encrpted data are sent to MTA (Modifer Token Accumulator)
and DA (Data Accumulator) respectively. The MTA is a
storehouse for all the modifer tokens which are generated by
the VPP and the DA stores the encrpted data. Tis is then
forwaded to the computation TTP which computes the result
and anounces it publicly.
Description
Key Identifers.
Original computation fnction. This is the fnction which
needs to be jointly computed. It involves data fom several
parties.
f(DI!' DI
2
, Dim}' D2
!' D22
, D2 m2
... , Dnl
, Dn2
.. , Dnmn)
Modied computation fnction. In the proposed system, the
computation is done using encrypted data. Since the original
computation fnction cannot compute the result using
encrypted data thus we need a new fnction which can
calculate the correct result using encrypted data and modifer
tokens.
g(Ell, E
12 , Elm ,E21
,E22,E2m ... ,Enl,En2,Enm ,
l 2 n
Table 1. List of identifers.
Identifer Name Identifer Symbol
Part
Virtual Party
Computation
TTP
Data
Accumulator
TTP
Modifer Token
Accumulator
TTP
Original Data
Fake Data
A party symbolizes a participat of the multiparty
computation. These paries are represented as: P _ P 2,
Pj , Pn where PI is par number one, P2 is par
number two and likewise.
A virtual party is a entit which is created by ever
participant of the computation. Each part can create
a number of virtual parties. The number of virtual
paties created by any pary is not restricted to any
maimum limit, but should be kept in an optimum
range for optimized computation.vll, V]2, V13 , Vlj
are the virtual parties of party PI. V2b V22, V23 ,
V2j are the virtual parties of par P 2 and likewise Vj
is the virtual pary of pary Pi.
This is the node which computes the result using
special modifed function. It will make use of
encrpted data fom DA ad modifer tokens from
MTA.
It's the node which collects the data fom all Virtual
Parties.
It's the node which collects modifer tokens fom all
Virtual Parties.
Dll, D]2, D13 . , Dlj are the data of party PI. D2b
D22, D23 , D2j are the data of party P2 and likewise
Dij is the data of part Pi.
Fll, F]2, F13 , Flj is the fake data of pary Pl.
F2b F22, F23 , F2j is the fake data of pay P2
and likewise F i is of party Pi.
Encrypted Data Ell, E]2, E13 , Elj are the encrpted data of party
Pl. E2b E22, E23 , E2j are the encrpted data of
party P 2 and likewise Ei is the encrpted data of
paty Pi.
Modifer Tokens
TIl, T]2, T13 , Tlj are the modifer tokens of pa
Pl. T2b T22, T23 , T2j are the modifer tokens of
party P 2 and likewise Tj is the modifer token of
party Pi.
f)
This is the original fnction which needs to be
computed. It uses the data Dij to compute the result.
gO This is the modifed fnction which uses the
encrypted data Ei and modifer tokens Tij to compute
the result.
distO This is the distribution fnction which takes the input
data Ei ad modifer tokens Ti' then distributes them
randomly among the available virtual parties.
encO This is the encryption function which uses the
original data Dij and fake data Fi to encrpt it to Ei
and generate modifer tokens Tj.
Original Data I
Di3 ------. Dij
Fake Data
Fi3 -----
-. F
ij
I
______
Encrypted Data
Encryption through Token generation, encO
u
- -
Distribution function distO
Virtual Party Layer
I

MTA -- Trusted Third Party DA
Fig. 1. Layers of the protocol.
Every party Pi has data DjJ, Di], DjJ ... , Dij. Ever pary
generates fake data FjJ, Fi], Fi3 ... , Fi' which is used in the
encrption process. There is no restriction on the upper or
lower bound for the number of fae data entries, but is usually
kept high for optimum securit levels. However, there may be
a bad of optimal number of entries for the computation
depending upon the used hardware and network. This fake
data does not alter the result of the computation in any manner
And is solely used for encrpting the original data. The
generation of fake data is highly dependent upon the
computation fnction ad may depend on situations as well.
This fake data Fi is passed to the encrption fnction LMLO
which uses the original data Di and fake data F i to generate
encrypted data Ei and modifer tokens Ti. The fnction LMLO
depends upon the type of computation and may also var with
the situation.
Layer I
Layer 2
Layer 3
Layer 4
Layer 5
Ever pary Pi creates a number of virtual parties Vi. The
Party
P
,
Virtual Party
P
I
)
Trusted Anonymizer Aij
EDA and MTA
Computation TIP
Fig. 2. Data fow in the protocol.
D
A
T
A
F
L
o
W
_ _ _ _ _ _ _ _ _ _ _ _ _ P"
I
:
P/I PI2 ____ Plk P2I ____ P2k P"I ____ P"k :
, ,
L____________________________ _ ___________________________ l
,-----------------------------------------------------
: EDA MTA
:
,
l
L__________________________ _ _________________________2
Computation Par
Fig. 3. Process fow of the Tri-TTP architecture.
encrpted data Ei and modifer tokens Tj are passed to the
distribution fnction distO which distributes it among the
virtual parties Vi. The encrpted data and modifer tokens of
virtual paties Vj is sent to DA and MTA respectively. MTA
and DA forward their data to Computation TTP which
End
.:. Send the encrpted data fom DA to CITP
.:. Compute the fnction gO using Ei and Ti at CTP
.:. CTTP Announces Result
Security Analysis
computes the result using a modifed fnction g(Ei, Ti. This
result is anounced publicly. The fnction g(Ei, Ti), fnction
f(Di, Fi) and entities Di, Fi, Ei, Ti are related as follows:
f (D D D D D D D D
Whenever a data is sent fom a particular virtual party to a
II' 12'" 1m.' 21' 22'" 2 m2
""
n
l'
n
2 .. ,
Dn
m)
=
TP, there is lin probability for the TP to deterine the
g(
Ell,E12 .. ,Elm"E21
,E22 .. ,E2 m2 ... ,En
l,E
n
2 .. ,En
m
source party. Also the data is encrpted so to get the actual
ndata of a paty the TTP has to get data fom all the virtual
1'
2"'
m.
,T2I' T22"' m2 ... ,T
n
l,T,
2 .. ,T
es of a particular paty.
The TP gets te data of all the virtual parties. If the TP is
Since Virtual parties are used the TP cannot deterine the
corupt then it may t to hack te data. It may guess the data
true source of the inforation. This is accomplished using
of all the virtual parties of a p

icular party.
.
Anonymizers and address spoof mg. These techniques hide te .
There are
.
n number of p

. es Pi each havmg mi number of
identity of te actual source of data .. Te whole system can be
v

al paries. The _probaIhty of hacking the data of one

seen in the fgure 2.
vIrtual party Vkj of J party IS
Algorithm Begin
.:. Initialize pay Pi
.:. For ever party Pi
.:. Initialize fake data Fi
.:. Generate F i
.:. Compute Ei and Ti using F i and Di
.:. Initialize Vi
.:. Use distO to distribute Ei and Ti among
Vj
.:. For every virtual paty Vi
.:. Send the encrpted data of Vi to
DA
.:. Send the Modier tokens of Vj to
MA
.:. Send the Modifer tokens fom MT A to CITP
P(Vk)= n
m
k
I
m
i
i=I
To hack the data of one paty, the data of all its virtual
parties need to be hacked, which is encrpted data and
modifer tokens. The probability of hacking Encrpted Data of
one party Pk is
1
The probability of hacking Modifer Tokens of one party Pk is
m m-l m-2
M)
=
-"- " x .. " x "" X
k t (t)-l (t)-2
1
If the TTP is malicious then it may t to hack the data. The
probability of hacking the data of a party Pi is thus becomes:
I
=
PxR)
The graphs are shown in fgures below.
1.1I _
1lI

1.1!:

11!
a
1.11
\
..
\
\
\
\
\
\
\
\
o e , ==r' 5 =-
5
--1 5-
WPwm
Fig. 4. Graph between number of virtual parties and probability of hacking for
n=6.
X I1
-
\
\
\
\
\
\
\
.
\
\
'-~---
-
.
2.5
3.
5
tdP.uesf
1 -- - OssiVP
I -TrTMecLre
5.5
Fig. 5. Graph between number of parties and probability of hacking for k=8.
By looking at the graphs we can clearly see that te
probability of hacking the data comes out to be nearly zero.
III. CONCLUSION
We have corroborated a triTTP architecture that uses
ofirtual paties to perfor secure mUlti-party computations.
In this protocol, computation was performed on encrpted data
at CTTP using modifer tokens and a special computation
fnction is described. The use of diferent nodes to store data
(DA) and modifer tokens (MTA) has enhaced the securit of
the system. Virtual parties were used to encrpt the data and to
hide its source. A detailed security analysis showed tat
probability of hacking in practical is nearly zero. Tri-TIP
architecture helps in elevating the security of the system. The
protocol fmds its application in many statistical computations.
Many industries such as BPOs , baks, etc. can make use of
such protocols to work on shaed computations.
REFERENCES
[1] Eyal Kushilevitz, Yehuda Lindell and Tal Rabin, "Information
Theoretically Secure Protocols ad Security Under
Composition," In Proc. of the thirt-eighth annual ACM
symposium on Teor of computing, 2006, Seattle, WA, USA,
Annual ACM Symposium on Theory of Computing, pp. 109 -
118, DOl: http:/doi. acm.org/10. 1145/1132516.1132532.
[2] Arpita Patra, Ashish Choudhary and C. Pandu Ragan,
"Information Theoreticaly Secure Multi Party Set Intersection
Re-visited," Selected Areas in Crptography, Lecture Notes in
Computer Science, Springer Berlin 1 Heidelberg, pp. 71-91, vol.
586712009, DOl: 10.1007/978-3-642-05445-75
[3] G. Sathya Naayanan, T. Aishwaya, Anugra Agrawal, Arpita
Patra, Ashish Chouday ad C. Padu Rangan, "Multi Paty
Distributed Private Matching, Set Disjointness ad Cardinality
of Set Intersection with Information Theoretic Security,"
Crptology and Network Securit, Lecture Notes in Computer
Science, Springer Berlin 1 Heidelberg, pp. 21-40, vol.
588812009, DOl: 10.1007/978-3-642-10433-6_2.
[4] Haunaga Hiwatari, Keisuke Tanaka, Tomoyuki Asano ad
Koichi Sakumoto, "Multi-recipient Public-Key Encryption from
Simulators in Security Poofs," Information Securit and
Privac, Lecture Notes in Computer Science, Springer Berin 1
Heidelberg, pp. 293-308, vol. 55942009, DOl: 10.1007/978-3-
642-02620-C21.
[5] Joel Alwen, Jonatha Katz, Yehuda Lindell, Giuseppe Persiao,
abhi shelat ad Iva Visconti, "Collusion-Free Multiparty
Computation in the Mediated Model," In Proc. of the 29th
Annual Interational Crptology Conference on Advances in
Crptology, Santa Barbara, CA, Lecture Notes In Computer
Science, Springer-Verlag Berlin, Heidelberg, pp. 524 - 540,
vol. 5677, DOl: 10.1007/978-3-642-03356-8_31.
[6] Seung Geol Choi, Ariel Elbaz, Ta Malkin ad Moti Yung,
"Secure Multi-party Computation Minimizing Online Rounds,"
Advances in Crptology - ASIACRYPT 2009, Lecture Notes in
Computer Science, Springer Berlin 1 Heidelberg, pp. 268-286,
vol. 591212009, DOl: 10.1007/978-3-642-10366-7_16.
[7] Xin Liao, Qiao-ya Wen, Ying Sun ad Jie Zhag, "Multi
party Covert Communication with Steganography and Quatum
Secret Shaing," Te Joural of Systems and Sofware (2008),
DOI:IO.10161j. jss.201O.04.076.
[8] Yu Long and Kefei Chen, "Effcient chosen-ciphertext secure
certifcateless threshold key encapsulation mechaism,"
Information Sciences, pp. 1167-1181, vol. 180, no. 7, 1 April
2010, DOl: 1O.1016j.ins.2009.12.008.
[9] Matthew Rougha ad Yin Zhang, "Secure Distributed Data
Mining and Its Application to Large-Scale Network
Measurements," ACM SIGCOMM Computer Communication
Review, pp. 7-14, vol. 36, no. 1, Jauary 2006, DOl:
http://doi. acm.orgllO. 114511111322.1111326.
[10] Mayank Bawa. Roberto J. Bayado Jr, Rakesh Agrawal and
Jaideep Vaidya. "Privacy-preserving indexing of documents on
the network," Joural The VWB Joural, Springer Berlin 1
Heidelberg, pp. 837-856, vol. 18, no. 4, DOl: 1O.1007/s00778-
008-0129-7.
[11] Rohit Patha, Satyadhar Joshi : Secure Multi Party
Computation using Virtual Parties for Computation on
Encrypted Data. In: Poceedings of The First Interational
workshop on Mobile & Wireless Networks (MoWiN 2009) The
3rd Interational Conference on Information Security ad
Assurance. June 2009. DOl: 10. 1007/978-3-642-02617-1_42
[12] Rohit Pathak, Satyadhar Joshi : Analysis of security issues in
SMC based RFID in supply chain management with energy
modeling . In: Proceedings of The First South Central Asia
Himalayas Regiona IEEElIFIP Interational Conference on
INTERNET AH - ICI 2009. November 2009. DOl:
10.11091 AHICI. 2009 .5340298
[13] Rohit Pathak, Satyadha Joshi : SMC protocol for privacy
preserving in banking computations along with security aalysis
. In: Poceedings of The First South Central Asia Himalayas
Regional IEEElIFIP Interational Conference on INTERNET
AH ICI 2009. November 2009. DOl:
10.11091 AHICI. 2009 .5340328
[14] Sumit Chakraborty, Satish Kuma Sehgal and Asim Kumar Pal,
"Privacy Peserving E-Negotiation Protocols based on Secure
Multi-paty Computation," In Proc. IEEE SoutheastCon, 2005,
8-10 April 2005, pp. 455 461, DOl:
10.1109/SECON.2005. 1423287.
[15] Mikhail Atallah, Marina Bykova. Jiangtao Li, Keith Frikken and
Merca Topkara, "Private Collaborative Forecasting ad
Benchmarking," In WPES '04: Proceedings of the 2004 ACM
workhop on Privac in the electronic societ (New York, NY
USA, 200), ACM Press, pp. 103-114.
[16] Vassilios S. Verykios, Elisa Bertino, Igor Nai Fovino, Loredana
Paasiliti Provenza, Yucel Saygin and Yannis Theodoridis,
"State-of-the-art in Privacy Preserving Data Mining," ACM
SIGMOD Record pp. 50-57, vol. 33, no. 1, DOl:
http://doi.acm.org/IO. 1145/974121.974131.
[17] Artak Amirbekyan and Vladimir Estivill-Castro, "Practical
Protocol for Yao's Millionaires Problem Enables Secure Multi
Party Computation of Metrics ad Effcient Pivacy-Preserving
k-NN for Large Data Sets," Knowledge and Inoration
Systems, Springer-Verlag Singapore P., 2009.
[18] Kun Liu, Hillol Kargupta ad Jessica Ryan, "Radom
Projection-Based Multiplicative Data Perturbation for Pivacy
Preserving Distributed Data Mining," IEEE TNSACTIONS
ON KOWLEDGE AND DATA ENGINEERIG, pp. 92-106,
vol. 18, no. 1, Jauary 2006.
[19] Ala F. Karr, Xiaodong Lin ad Ashish P. Sail, "Regression
on Distributed Databases via Secure Multi-Paty Computation,"
In Prc. of the 2004 annual national conference on Digital
goverment research, Seattle, W A, pp. 1-2, vol. 262.
[20] Durgesh Kuma Mishra and Manohar Chandwani, "Arithmetic
cryptography protocol for secure multi-paty computation," In
Proc. Of IEEE SoutheastCon, 2007, Richmond, VA, 22-25
Mach 2007, pp. 22 - 22, DOl: 10.1109/SECON.2007.342846.