Paper 2024/542

Breaking Bicoptor from S$\&$P 2023 Based on Practical Secret Recovery Attack

Jun Xu, Institute of Information Engineering, Chinese Academy of Sciences
Zhiwei Li, Institute of Information Engineering, Chinese Academy of Sciences
Lei Hu, Institute of Information Engineering, Chinese Academy of Sciences
Abstract

At S$\&$P 2023, a family of secure three-party computing protocols called Bicoptor was proposed by Zhou et al., which is used to compute non-linear functions in privacy preserving machine learning. In these protocols, two parties $P_0, P_1$ respectively hold the corresponding shares of the secret, while a third party $P_2$ acts as an assistant. The authors claimed that neither party in the Bicoptor can independently compromise the confidentiality of the input, intermediate, or output. In this paper, we point out that this claim is incorrect. The assistant $P_2$ can recover the secret in the DReLU protocol, which is the basis of Bicoptor. The restoration of its secret will result in the security of the remaining protocols in Bicoptor being compromised. Specifically, we provide two secret recovery attacks regarding the DReLU protocol. The first attack method belongs to a clever enumeration method, which is mainly due to the derivation of the modular equation about the secret and its share. The key of the second attack lies in solving the small integer root problem of a modular equation, as the lattices involved are only 3 or 4 dimensions, the LLL algorithm can effectively work. For the system settings selected by Bicoptor, our experiment shows that the desired secret in the DReLU protocol can be restored within one second on a personal computer. Therefore, when using cryptographic protocols in the field of privacy preserving machine learning, it is not only important to pay attention to design overhead, but also to be particularly careful of potential security threats.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Secure multiparty computationprivacy-preserving machine learningsecret recovery attacklatticethe LLL algorithm
Contact author(s)
xujun @ iie ac cn
lizhiwei @ iie ac cn
hulei @ iie ac cn
History
2024-04-17: revised
2024-04-08: received
See all versions
Short URL
https://ia.cr/2024/542
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/542,
      author = {Jun Xu and Zhiwei Li and Lei Hu},
      title = {Breaking Bicoptor from S$\&$P 2023 Based on Practical Secret Recovery Attack},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/542},
      year = {2024},
      url = {https://eprint.iacr.org/2024/542}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.