KNOWLEDGE-ORIENTED MULTIPARTY
COMPUTATION
Piotr (Peter) Mardziel,
Michael Hicks, Jonathan Katz,
Mudhakar Srivatsa (IBM TJ Watson)
2
Secure multi-party computation
• Multiple parties have secrets to protect.
• Want to compute some function over their secrets without
revealing them.
x1
Q1(x1,x2)
x2
True / False
Q1 =
if x1 ≥ x2 then
out := True else
out := False
3
Secure multi-party computation
• Use trusted third party.
x1
T
x2
Q1(x1,x2)
True
Q1 =
if x1 ≥ x2 then
out := True else
out := False
4
Secure multi-party computation
• SMC lets the participants compute this without a trusted
third party.
x1
T
x2
Q1(x1,x2)
True
Q1 =
if x1 ≥ x2 then
out := True else
out := False
5
Secure multi-party computation
• Nothing is learned beyond what is implied by the query
output.
• Assume it is publicly known that 10 ≤ x1,x2 ≤ 100
x1
Q1(10,x2)
x2
True
implies x2 = 10
Q1 =
if x1 ≥ x2 then
out := True else
out := False
6
Our goal
• Make sure what is implied is not too much.
• Model knowledge.
• Model inference.
x1
Q1(x1,x2)
x2
True
Q1 =
if x1 ≥ x2 then
out := True else
out := False
7
This talk
• Secure multiparty computation.
• Knowledge-based security
• For a simpler setting
• For SMC
• Evaluation
8
Knowledge in a simpler setting
9
Knowledge in a simpler setting
• Only one party, A2, has a secret to protect.
• No need for SMC.
x1=80
A1
x2=60
Q1(x1,x2)
A2
True
Q1 =
if x1 ≥ x2 then
out := True else
out := False
10
Knowledge in a simpler setting
• A2 imposes a limit on knowledge about x2.
“(prior) belief”
δ1: 10 ≤ x2 ≤ 100
out = True
“revision”
δ1 | (out = True)
δ’1: 10 ≤ x2 ≤ 80
x2=60
“revised belief”
A1
x1=80
Q1 =
if x1 ≥ x2 then
out := True else
out := False
A2
11
Knowledge in a simpler setting
• A2 imposes a limit on knowledge about x2.
δ’1: 10 ≤ x2 ≤ 80
x2=60
“Knowledge-based” policy:
| δ’1 | = 71 ≥ t
A1
x1=80
Q1 =
if x1 ≥ x2 then
out := True else
out := False
A2
12
Knowledge in a simpler setting
• Non-deterministic queries.
Q’1 =
if x1 ≥ x2 then
out := True else
out := False
if rand() < 0.5 then
out := True
x2=60
A1
x1=80
A2
13
Knowledge in a simpler setting
• Non-deterministic queries.
δ1(x2) = 1/91 for 10 ≤ x2 ≤ 100
out = True
δ’1(x2) = 2/162 for 10 ≤ x2 ≤ 80
δ’1(x2) = 1/162 for 81 ≤ x2 ≤ 100
x2=60
A1
x1=80
Q’1 =
if x1 ≥ x2 then
out := True else
out := False
if rand() < 0.5 then
out := True
A2
14
Knowledge in a simpler setting
• Policy
Q’1(80,60) = True
δ1 | (out = True) = δ’1
δ’1(x2) = 2/162 for 10 ≤ x2 ≤ 80
δ’1(x2) = 1/162 for 81 ≤ x2 ≤ 100
Policy?:
δ’1(x2) ≤ t2 for every x2
“belief threshold”
A1
x1=80
x2=60
Q’1 =
if x1 ≥ x2 then
out := True else
out := False
if rand() < 0.5 then
out := True
A2
15
Knowledge in a simpler setting
• Policy
Q’1(80,60) = True
∀o in range Q’1(80,)
o
δ1 | (out = True)
= δ’1
δ’1(x2) = 2/162 for 10 ≤ x2 ≤ 80
δ’1(x2) = 1/162 for 81 ≤ x2 ≤ 100
Policy?:
δ’1(x2) ≤ t2 for every x2
“belief threshold”
A1
x1=80
x2=60
Q’1 =
if x1 ≥ x2 then
out := True else
out := False
if rand() < 0.5 then
out := True
A2
16
Knowledge in a simpler setting
• Policy.
“max belief” = maxδ’,x{ δ’(x) }
where δ’ = δ1 | (out = o) for some o
Policy:
P(Q’1,x1=80,δ1,t) = max belief ≤ t
“(max) belief threshold”
If successful
Q’1(80,60) = True
Track
δ1 | ( out = True )
δ1 | ( out = True )
δ1 | ( out = False )
A1
x1=80
x2=60
Q’1 =
if x1 ≥ x2 then
out := True else
out := False
if rand() < 0.5 then
out := True
A2
17
Knowledge in a simpler setting
• A2 maintains a representation of A1’s belief.
• Assumption: initial belief is accurate.
δ  δ’
Q1
TIME
out = True
A1
x1=80
δ’  δ’’
x2=60
Q2
NOPE
A2
18
PL?
• Theory
of Clarkson et al.
Implementation
• Model knowledge as a probability distribution δ ∊ γ(P), an abstraction
knowledge
∊ γ(P)
• Assumption: δactual
is agent’s
actual knowledge
• Model rational agent learning from query outputs.
(Abstract)• Probabilistic program semantics and revision.
• δ’ = ( [[S]] δ ) | (out = True)
P’ = ( [[ S ]] P ) | (out = True)
•
Sound: δ ∊ γ(P)  δ’ ∊ γ(P’)
Policy to limit knowledge: max-belief ≤ t
•
Sound: max-belief(P) ≤ t  max-belief(δ) ≤ t
Resistant to state-space size
•
Ex. | support(δ) | > 2 * 1013
19
Knowledge in the SMC setting
20
Knowledge in the SMC setting
• All parties want to protect their secret.
x2=60
x1=80
A1
Q1(x1,x2)
A2
21
Knowledge in the SMC setting
• All parties want to protect their secret.
x1=80
A1
x2=60
Q1(x1,x2)
True
A2
22
Knowledge in the SMC setting
• Assumption: common knowledge/belief.
δ(x1,x2) = 1/912
10 ≤ x1,x2 ≤ 100
x1=80
A1
x2=60
A2
23
Knowledge in the SMC setting
• Assumption: initial belief is derived from common knowledge,
revised by secret value.
δ | (x1 = 80)
=
δ180(x2) = 1/91
10 ≤ x2 ≤ 100
x1=80
A1
δ | (x2 = 60)
=
δ260(x1) = 1/91
10 ≤ x1 ≤ 100
x2=60
A2
24
Belief sets
• A2 considers all possible values of x1
δ110 = δ | (x1 = 10)
x1=10
A1
δ111 = δ | (x1 = 11)
x1=11
…
δ1100 = δ | (x1 = 100)
x1=100
10 ≤ x1 ≤ 100
A2
x2=60
25
Belief sets
• A2 considers all possible values of x1
Δ = { δ1x }
A1
A2
x2=60
26
Belief sets
• A2 conservatively enforces max belief threshold.
Q
δ110  δ’110
δ111  δ’111
x1=10
A1
x1=80
x1=11
A1
max belief ≤ t
…
max belief ≤ t
A2
x2=60
27
Belief sets
• A2 maintains belief set.
Δ1 = { δ1x }x
• A1 does similarly.
10 ≤ x1 ≤ 100
Δ2
A1
T
policy P2
TIME
policy P1
Q1(x1,x2)
x1
x2
A1
x2=60
True
Δ’1 = { δ1x | (out = True) }x
Δ’2
A1
A2
28
Belief sets
• Very conservative.
δ180(x2) = 1/91
10 ≤ x2 ≤ 100
δ110(x2) = 1/91
10 ≤ x2 ≤ 100
out = True
out = True
δ’180(x2) = 1/71
10 ≤ x2 ≤ 80
δ’110(x2) = 1
10 ≤ x2 ≤ 10
x1=10
x1=80
A1
A1
Q1 =
if x1 ≥ x2 then
out := True else
out := False
29
Belief sets
• Expensive in computation and representation.
• Abstraction might help.
• Have: γ(P) = { δ }
• Can do: γ(P) ⊇ { δ | (x1 = v) }10 ≤ v ≤ 100
• Would also like: γ(P) ≈ { δ | (x1 = v) }10 ≤ v ≤ 100
Δ = { δ | (x1 = v) }
A1
30
Different approach:
Knowledge tracking via SMC
31
Knowledge tracking via SMC
• SMC: “trusted third party”.
x1
T
A1
x2
A2
Q1(x1,x2)
True
Q1 =
if x1 ≥ x2 then
out := True else
out := False
32
Knowledge tracking via SMC
• Use trusted third party for knowledge tracking and policy checking.
• Policy check on actual belief, instead conservatively over all plausible beliefs.
δ
x1=80
A1
δ | (x1 = 80)
δ1
T
δ | (x2 = 60)
x2=60
A2
δ2
TIME
policy
P1(δ2, …)
∧
P2(δ1, …)
True
True
Q1(x1,x2)
δ’1
δ’2
33
Knowledge tracking via SMC
• Problem 2: policy decision leaks information.
δ
x1=80
A1
δ | (x1 = 80)
δ1
T
δ | (x2 = 60)
x2=60
A2
δ2
TIME
policy
P1(δ2, …)
∧
P2(δ1, …)
Reject
Reject
Q1(x1,x2)
δ1
δ2
34
Knowledge tracking via SMC
• Agents trust the “trusted third party” to enforce their
policies.
δ
x1=80
A1
δ | (x1 = 80)
δ1
T
δ | (x2 = 60)
x2=60
A2
δ2
TIME
policy
Reject
P2(δ1, …)
P1(δ2, …)
Q1(x1,x2)
δ1
Accept
True
δ’2
35
Knowledge tracking via SMC
• Knowledge tracking within SMC
• More permissive than belief sets.
• Unsatisfying uncertainty about one’s own policy decisions.
• “SMC is 1000 times slower than normal computation”
• Active research area (getting better).
δ1
T
δ | (x2 = 60)
x2=60
δ2
policy
Reject
P2(δ1, …)
P1(δ2, …)
Q1(x1,x2)
δ1
Accept
True
δ’2
36
Comparison and Examples
37
Millionaires
0
2-1
2
-2
2
-3
2
-4
max belief
belief
max
probability
of most
probable x2
2
2-5
2
-6
2
-7
10
20
30
40
50
60
70
80
90
100
x1
x1=?
A1
δ1x2
x2=?
δ1
δ1x3
x3=?
A3
A2
Q1 =
if x1 ≥ x2 && x1 ≥ x3 then
out := True else
out := False
38
Reduce precision
belief
median
quartiles
belief
max
probability
20
2
-1
2
-2
2-3
2
-4
2-5
2
-6
2
-7
w=0
w=1
w=2
x2=?
x1=?
A2
A1
x3=?
A3
w=4
w=8
w=16
similarw =
avg := (x1 + x2 + x3)/3
if | x1 – avg | ≤ w &&
| x2 – avg | ≤ w &&
| x3 – avg | ≤ w
then out := True
else out := False
39
Introduce noise
belief
median
quartiles
belief
max
probability
20
2
-1
2
-2
2-3
2
-4
2-5
2
-6
2
-7
p=0
x2=?
x1=?
A2
A1
x3=?
A3
p=0.01
p=0.1
p=1
richestp =
out := 0
if x1 > x2 && x1 > x3 then out := 1
if x2 > x1 && x2 > x3 then out := 2
if x3 > x1 && x3 > x2 then out := 3
if rand() < p then out := uniform(0,1,2,3)
40
Summary+conclusions
41
Knowledge-Oriented Multiparty
computation
• SMC: agents do not learn beyond what is implied by
query.
• Our work: agents limit what can be inferred.
x1
Q1(x1,x2)
x2
True
• Two approaches with differing (dis)advantages.
• Ongoing work in PL and crypto for tractability.