The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed
in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and
access to the full text.
On the second hand, it deals with Ph.D. subjects
currently under investigation. This way, we provide a timely
map of contemporary research in cryptology.
All entries or changes need to be approved by an editor. You can contact them via phds (at) iacr.org.
Mike Rosulek (#409)
Topic of his/her doctorate.
The Structure of Secure Multi-Party Computation
multi-party computation, universal composition
Year of completion
Secure multi-party computation is a conceptual framework in which
distrusting parties engage in a protocol to securely perform a
computational task. Depending on the precise
model of security, different sets of tasks admit secure protocols.
We take a complexity-theoretic
approach to studying the inherent difficulty of securely
realizing tasks in various standard security models.
In light of these characterizations, the only tasks which are
securely realizable in the demanding framework of universal composition
are those related to secure communication. Indeed, the framework
has been used to define the security of encryption schemes,
which has allowed for modular design and analysis of protocols.
We consider a similar approach for homomorphic encryption
schemes. A homomorphic scheme is one in which anyone can obtain
an encryption of $f(m_1, \ldots, m_n)$, given only the encryptions
of unknown messages $m_1, \ldots, m_n$, for a specific set
of functions $f$.
We give the first alternate characterization of
secure realizability in the framework of universally composable (UC)
security. This is the first characterization in any model
to consider completely arbitrary computational tasks
and completely arbitrary communication channels.
The most long-standing class of computational tasks
studied are those in which two parties evaluate a deterministic
For these tasks, we give the first complete, combinatorial
of secure realizability in the passive, standalone,
and universally composable security models, against computationally
Say that a task \G has ``as much cryptographic complexity''
as another task \F if there is a secure protocol for \F
that uses access to a secure implementation of \G.
We show that there is an infinite hierarchy of tasks with
strictly increasing cryptographic complexities,
with respect to computationally unbounded security. We also
show that there exist tasks whose cryptographic complexities
In contrast, we show that under a standard
cryptographic assumption, there exist only two
distinct levels of cryptographic complexity with respect to
polynomial-time security. Every task either has a trivial
protocol using plain communication channels, or
is complete (i.e., given access to a secure implementation
of this task, there are secure protocols for all other tasks).
This is the first result to derive a characterization
of completeness for a class of arbitrary interactive tasks.
We give a construction of a homomorphic encryption scheme
in which the allowed homomorphic operation is as full-featured as possible
--- namely, one can derive a correctly-distributed encryption
of $f(m)$ given an encryption of unknown message $m$, for some
functions $f$ --- yet it is computationally infeasible to
generate a ciphertext that is related to other ciphertexts
in any other way. Our contributions involve developing new
appropriate security definitions as well as new constructions.
We show that schemes with such powerful security guarantees
can be used to build conceptually simple, efficient, UC-secure protocols
for verifiable computations on encrypted data. We show protocols for two
tasks related to aggregating encrypted data.