KNOWLEDGE-ORIENTED MULTIPARTY COMPUTATION Piotr (Peter) Mardziel, Michael Hicks, Jonathan Katz, Mudhakar Srivatsa (IBM TJ Watson) 2 Secure multi-party computation • Multiple parties have secrets to protect. • Want to compute some function over their secrets without revealing them. x1 Q1(x1,x2) x2 True / False Q1 = if x1 ≥ x2 then out := True else out := False 3 Secure multi-party computation • Use trusted third party. x1 T x2 Q1(x1,x2) True Q1 = if x1 ≥ x2 then out := True else out := False 4 Secure multi-party computation • SMC lets the participants compute this without a trusted third party. x1 T x2 Q1(x1,x2) True Q1 = if x1 ≥ x2 then out := True else out := False 5 Secure multi-party computation • Nothing is learned beyond what is implied by the query output. • Assume it is publicly known that 10 ≤ x1,x2 ≤ 100 x1 Q1(10,x2) x2 True implies x2 = 10 Q1 = if x1 ≥ x2 then out := True else out := False 6 Our goal • Make sure what is implied is not too much. • Model knowledge. • Model inference. x1 Q1(x1,x2) x2 True Q1 = if x1 ≥ x2 then out := True else out := False 7 This talk • Secure multiparty computation. • Knowledge-based security • For a simpler setting • For SMC • Evaluation 8 Knowledge in a simpler setting 9 Knowledge in a simpler setting • Only one party, A2, has a secret to protect. • No need for SMC. x1=80 A1 x2=60 Q1(x1,x2) A2 True Q1 = if x1 ≥ x2 then out := True else out := False 10 Knowledge in a simpler setting • A2 imposes a limit on knowledge about x2. “(prior) belief” δ1: 10 ≤ x2 ≤ 100 out = True “revision” δ1 | (out = True) δ’1: 10 ≤ x2 ≤ 80 x2=60 “revised belief” A1 x1=80 Q1 = if x1 ≥ x2 then out := True else out := False A2 11 Knowledge in a simpler setting • A2 imposes a limit on knowledge about x2. δ’1: 10 ≤ x2 ≤ 80 x2=60 “Knowledge-based” policy: | δ’1 | = 71 ≥ t A1 x1=80 Q1 = if x1 ≥ x2 then out := True else out := False A2 12 Knowledge in a simpler setting • Non-deterministic queries. Q’1 = if x1 ≥ x2 then out := True else out := False if rand() < 0.5 then out := True x2=60 A1 x1=80 A2 13 Knowledge in a simpler setting • Non-deterministic queries. δ1(x2) = 1/91 for 10 ≤ x2 ≤ 100 out = True δ’1(x2) = 2/162 for 10 ≤ x2 ≤ 80 δ’1(x2) = 1/162 for 81 ≤ x2 ≤ 100 x2=60 A1 x1=80 Q’1 = if x1 ≥ x2 then out := True else out := False if rand() < 0.5 then out := True A2 14 Knowledge in a simpler setting • Policy Q’1(80,60) = True δ1 | (out = True) = δ’1 δ’1(x2) = 2/162 for 10 ≤ x2 ≤ 80 δ’1(x2) = 1/162 for 81 ≤ x2 ≤ 100 Policy?: δ’1(x2) ≤ t2 for every x2 “belief threshold” A1 x1=80 x2=60 Q’1 = if x1 ≥ x2 then out := True else out := False if rand() < 0.5 then out := True A2 15 Knowledge in a simpler setting • Policy Q’1(80,60) = True ∀o in range Q’1(80,) o δ1 | (out = True) = δ’1 δ’1(x2) = 2/162 for 10 ≤ x2 ≤ 80 δ’1(x2) = 1/162 for 81 ≤ x2 ≤ 100 Policy?: δ’1(x2) ≤ t2 for every x2 “belief threshold” A1 x1=80 x2=60 Q’1 = if x1 ≥ x2 then out := True else out := False if rand() < 0.5 then out := True A2 16 Knowledge in a simpler setting • Policy. “max belief” = maxδ’,x{ δ’(x) } where δ’ = δ1 | (out = o) for some o Policy: P(Q’1,x1=80,δ1,t) = max belief ≤ t “(max) belief threshold” If successful Q’1(80,60) = True Track δ1 | ( out = True ) δ1 | ( out = True ) δ1 | ( out = False ) A1 x1=80 x2=60 Q’1 = if x1 ≥ x2 then out := True else out := False if rand() < 0.5 then out := True A2 17 Knowledge in a simpler setting • A2 maintains a representation of A1’s belief. • Assumption: initial belief is accurate. δ δ’ Q1 TIME out = True A1 x1=80 δ’ δ’’ x2=60 Q2 NOPE A2 18 PL? • Theory of Clarkson et al. Implementation • Model knowledge as a probability distribution δ ∊ γ(P), an abstraction knowledge ∊ γ(P) • Assumption: δactual is agent’s actual knowledge • Model rational agent learning from query outputs. (Abstract)• Probabilistic program semantics and revision. • δ’ = ( [[S]] δ ) | (out = True) P’ = ( [[ S ]] P ) | (out = True) • Sound: δ ∊ γ(P) δ’ ∊ γ(P’) Policy to limit knowledge: max-belief ≤ t • Sound: max-belief(P) ≤ t max-belief(δ) ≤ t Resistant to state-space size • Ex. | support(δ) | > 2 * 1013 19 Knowledge in the SMC setting 20 Knowledge in the SMC setting • All parties want to protect their secret. x2=60 x1=80 A1 Q1(x1,x2) A2 21 Knowledge in the SMC setting • All parties want to protect their secret. x1=80 A1 x2=60 Q1(x1,x2) True A2 22 Knowledge in the SMC setting • Assumption: common knowledge/belief. δ(x1,x2) = 1/912 10 ≤ x1,x2 ≤ 100 x1=80 A1 x2=60 A2 23 Knowledge in the SMC setting • Assumption: initial belief is derived from common knowledge, revised by secret value. δ | (x1 = 80) = δ180(x2) = 1/91 10 ≤ x2 ≤ 100 x1=80 A1 δ | (x2 = 60) = δ260(x1) = 1/91 10 ≤ x1 ≤ 100 x2=60 A2 24 Belief sets • A2 considers all possible values of x1 δ110 = δ | (x1 = 10) x1=10 A1 δ111 = δ | (x1 = 11) x1=11 … δ1100 = δ | (x1 = 100) x1=100 10 ≤ x1 ≤ 100 A2 x2=60 25 Belief sets • A2 considers all possible values of x1 Δ = { δ1x } A1 A2 x2=60 26 Belief sets • A2 conservatively enforces max belief threshold. Q δ110 δ’110 δ111 δ’111 x1=10 A1 x1=80 x1=11 A1 max belief ≤ t … max belief ≤ t A2 x2=60 27 Belief sets • A2 maintains belief set. Δ1 = { δ1x }x • A1 does similarly. 10 ≤ x1 ≤ 100 Δ2 A1 T policy P2 TIME policy P1 Q1(x1,x2) x1 x2 A1 x2=60 True Δ’1 = { δ1x | (out = True) }x Δ’2 A1 A2 28 Belief sets • Very conservative. δ180(x2) = 1/91 10 ≤ x2 ≤ 100 δ110(x2) = 1/91 10 ≤ x2 ≤ 100 out = True out = True δ’180(x2) = 1/71 10 ≤ x2 ≤ 80 δ’110(x2) = 1 10 ≤ x2 ≤ 10 x1=10 x1=80 A1 A1 Q1 = if x1 ≥ x2 then out := True else out := False 29 Belief sets • Expensive in computation and representation. • Abstraction might help. • Have: γ(P) = { δ } • Can do: γ(P) ⊇ { δ | (x1 = v) }10 ≤ v ≤ 100 • Would also like: γ(P) ≈ { δ | (x1 = v) }10 ≤ v ≤ 100 Δ = { δ | (x1 = v) } A1 30 Different approach: Knowledge tracking via SMC 31 Knowledge tracking via SMC • SMC: “trusted third party”. x1 T A1 x2 A2 Q1(x1,x2) True Q1 = if x1 ≥ x2 then out := True else out := False 32 Knowledge tracking via SMC • Use trusted third party for knowledge tracking and policy checking. • Policy check on actual belief, instead conservatively over all plausible beliefs. δ x1=80 A1 δ | (x1 = 80) δ1 T δ | (x2 = 60) x2=60 A2 δ2 TIME policy P1(δ2, …) ∧ P2(δ1, …) True True Q1(x1,x2) δ’1 δ’2 33 Knowledge tracking via SMC • Problem 2: policy decision leaks information. δ x1=80 A1 δ | (x1 = 80) δ1 T δ | (x2 = 60) x2=60 A2 δ2 TIME policy P1(δ2, …) ∧ P2(δ1, …) Reject Reject Q1(x1,x2) δ1 δ2 34 Knowledge tracking via SMC • Agents trust the “trusted third party” to enforce their policies. δ x1=80 A1 δ | (x1 = 80) δ1 T δ | (x2 = 60) x2=60 A2 δ2 TIME policy Reject P2(δ1, …) P1(δ2, …) Q1(x1,x2) δ1 Accept True δ’2 35 Knowledge tracking via SMC • Knowledge tracking within SMC • More permissive than belief sets. • Unsatisfying uncertainty about one’s own policy decisions. • “SMC is 1000 times slower than normal computation” • Active research area (getting better). δ1 T δ | (x2 = 60) x2=60 δ2 policy Reject P2(δ1, …) P1(δ2, …) Q1(x1,x2) δ1 Accept True δ’2 36 Comparison and Examples 37 Millionaires 0 2-1 2 -2 2 -3 2 -4 max belief belief max probability of most probable x2 2 2-5 2 -6 2 -7 10 20 30 40 50 60 70 80 90 100 x1 x1=? A1 δ1x2 x2=? δ1 δ1x3 x3=? A3 A2 Q1 = if x1 ≥ x2 && x1 ≥ x3 then out := True else out := False 38 Reduce precision belief median quartiles belief max probability 20 2 -1 2 -2 2-3 2 -4 2-5 2 -6 2 -7 w=0 w=1 w=2 x2=? x1=? A2 A1 x3=? A3 w=4 w=8 w=16 similarw = avg := (x1 + x2 + x3)/3 if | x1 – avg | ≤ w && | x2 – avg | ≤ w && | x3 – avg | ≤ w then out := True else out := False 39 Introduce noise belief median quartiles belief max probability 20 2 -1 2 -2 2-3 2 -4 2-5 2 -6 2 -7 p=0 x2=? x1=? A2 A1 x3=? A3 p=0.01 p=0.1 p=1 richestp = out := 0 if x1 > x2 && x1 > x3 then out := 1 if x2 > x1 && x2 > x3 then out := 2 if x3 > x1 && x3 > x2 then out := 3 if rand() < p then out := uniform(0,1,2,3) 40 Summary+conclusions 41 Knowledge-Oriented Multiparty computation • SMC: agents do not learn beyond what is implied by query. • Our work: agents limit what can be inferred. x1 Q1(x1,x2) x2 True • Two approaches with differing (dis)advantages. • Ongoing work in PL and crypto for tractability.