ABSTRACT
Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work suggests that it can be made practical. Unfortunately, current protocols and implementations have inherent limitations that are hard to overcome using standard and practical techniques. Among them are: (1) requiring participants to do work linear in the size of the circuit representation of the function; (2) requiring all parties to do the same amount of work; and (3) not being able to provide complete fairness.
A promising approach for overcoming these limitations is to augment the SFE setting with a small set of untrusted servers that have no input to the computation and that receive no output, but that make their computational resources available to the parties. In this model, referred to as server-aided SFE, the goal is to tradeoff the parties' work at the expense of the servers. Motivated by the emergence of public cloud services such as Amazon EC2 and Microsoft Azure, recent work has explored the extent to which server-aided SFE can be achieved with a single server.
In this work, we revisit the sever-aided setting from a practical perspective and design single-server-aided SFE protocols that are considerably more efficient than all previously-known protocols. We achieve this in part by introducing several new techniques for garbled-circuit-based protocols, including a new and efficient input-checking mechanism for cut-and-choose and a new pipelining technique that works in the presence of malicious adversaries. Furthermore, we extend the server-aided model to guarantee fairness which is an important property to achieve in practice.
Finally, we implement and evaluate our constructions experimentally and show that our protocols (regardless of the number of parties involved) yield implementations that are 4 and 6 times faster than the most optimized two-party SFE implementation when the server is assumed to be malicious and covert, respectively.
- G. Asharov, A. Jain, A. Lopez-Alt, E. Tromer, V. Vaikuntanathan, and D. Wichs. Multiparty computation with low communication, computation and interaction via threshold FHE. In EUROCRYPT, 2012. Google ScholarDigital Library
- Y. Aumann and Y. Lindell. Security against covert adversaries: Efficient protocols for realistic adversaries. In TCC, 2007. Google ScholarDigital Library
- B. Barak and O. Goldreich. Universal arguments and their applications. In CCC, 2002. Google ScholarDigital Library
- A. Ben-David, N. Nisan, and B. Pinkas. Fairplaymp: a system for secure multi-party computation. In CCS, 2008. Google ScholarDigital Library
- D. Bogdanov, S. Laur, and J. Willemson. Sharemind: A framework for fast privacy-preserving computations. In ESORICS, 2008. Google ScholarDigital Library
- P. Bogetoft, D. Christensen, I. Damgard, M. Geisler, T. Jakobsen, M. Krøigaard, J. Nielsen, J. B. Nielsen, K. Nielsen, J. Pagter, M. Schwartzbach, and T. Toft. Secure multiparty computation goes live. In FC, 2009. Google ScholarDigital Library
- P. Bogetoft, I. Damgard, T. P. Jakobsen, K. Nielsen, J. Pagter, and T. Toft. A practical implementation of secure auctions based on multiparty integer computation. In FC, 2006. Google ScholarDigital Library
- J. Boyar and R. Peralta. A small depth-16 circuit for the aes s-box. In Information Security and Privacy Research, 2012.Google ScholarCross Ref
- R. Canetti. Security and composition of multi-party cryptographic protocols. Journal of Cryptology, 2000.Google Scholar
- D. Chaum, C. Crépeau, and I. Damgard. Multiparty unconditionally secure protocols. In STOC, 1988. Google ScholarDigital Library
- S. G. Choi, K. Hwang, J. Katz, T. Malkin, and D. Rubenstein. Secure multi-party computation of boolean circuits with applications to privacy in on-line marketplaces. In CT-RSA, 2012. Google ScholarDigital Library
- R. Cleve. Limits on the security of coin flips when half the processors are faulty. In STOC, 1986. Google ScholarDigital Library
- Ivan Damgaard, Martin Geisler, Mikkel Kroigaard, and Jesper Buus Nielsen. Asynchronous multiparty computation: Theory and implementation. In PKC, 2009. Google ScholarDigital Library
- I. Damgard, S. Faust, and C. Hazay. Secure two-party computation with low communication. In TCC, 2012. Google ScholarDigital Library
- I. Damgard, M. Geisler, M. Krøigaard, and J.-B. Nielsen. Asynchronous multiparty computation: Theory and implementation. In PKC, 2009. Google ScholarDigital Library
- I. Damgard and Y. Ishai. Constant-round multiparty computation using a black-box pseudorandom generator. In CRYPTO, 2005. Google ScholarDigital Library
- I. Damgard, Y. Ishai, M. Krøigaard, J.-B. Nielsen, and A. Smith. Scalable multiparty computation with nearly optimal work and resilience. In CRYPTO, 2008. Google ScholarDigital Library
- U. Feige, J. Killian, and M. Naor. A minimal model for secure computation (extended abstract). In STOC, 1994. Google ScholarDigital Library
- J. Garay, P. MacKenzie, M. Prabhakaran, and K. Yang. Resource fairness and composability of cryptographic protocols. TCC, 2006. Google ScholarDigital Library
- R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: outsourcing computation to untrusted workers. In Advances in Cryptology - CRYPTO '10, volume 6223 of Lecture Notes in Computer Science, pages 465--482. Springer-Verlag, 2010. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography -- Volume 2. Cambridge University Press, 2004. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography -- Volume 1. Cambridge University Press, 2006. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play ANY mental game. In STOC, 1987. Google ScholarDigital Library
- D. Gordon, J. Katz, V. Kolesnikov, T. Malkin, M. Raykova, and Y. Vahlis. Secure computation with sublinear amortized work. Technical Report 2011/482, IACR ePrint Cryptography Archive, 2011.Google Scholar
- S. Gordon and J. Katz. Partial fairness in secure two-party computation. EUROCRYPT, 2010. Google ScholarDigital Library
- S. D. Gordon, C. Hazay, J. Katz, and Y. Lindell. Complete fairness in secure two-party computation. Journal of the ACM (JACM), 58(6):24, 2011. Google ScholarDigital Library
- W. Henecka, S. Kogl, A.-R. Sadeghi, T. Schneider, and I. Wehrenberg. TASTY: tool for automating secure two-party computations. In CCS, 2010. Google ScholarDigital Library
- Y. Huang, D. Evans, J. Katz, and L. Malka. Faster secure two-party computation using garbled circuits. In USENIX Security, 2011. Google ScholarDigital Library
- Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending oblivious transfers efficiently. In CRYPTO, 2003.Google ScholarCross Ref
- K. Jarvinen, V. Kolesnikov, A.-R. Sadeghi, and T. Schneider. Garbled circuits for leakage-resilience: hardware implementation and evaluation of one-time programs. In CHES, 2010. Google ScholarDigital Library
- S. Kamara, P. Mohassel, and M. Raykova. Outsourcing multi-party comptuation. Technical Report 2011/272, IACR ePrint Cryptography Archive, 2011.Google Scholar
- J. Katz, R. Ostrovsky, and A. Smith. Round efficiency of multi-party computation with a dishonest majority. In EUROCRYPT, 2003. Google ScholarDigital Library
- M. S. Kiraz and B. Schoenmakers. An efficient protocol for fair secure two-party computation. In CT-RSA, 2008. Google ScholarDigital Library
- V. Kolesnikov and T. Schneider. Improved garbled circuit: Free xor gates and applications. In ICALP, 2008. Google ScholarDigital Library
- B. Kreuter, a. shelat, and C.-H. Shen. Towards billion-gate secure computation with malicious adversaries. Technical Report 2012/179, IACR ePrint Cryptography Archive, 2012.Google Scholar
- Y. Lindell. Parallel coin-tossing and constant-round secure two-party computation. In CRYPTO, 2001. Google ScholarDigital Library
- Y. Lindell and B. Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In EUROCRYPT, 2007. Google ScholarDigital Library
- Y. Lindell and B. Pinkas. A proof of security of Yao's protocol for two-party computation. Journal of Cryptology, 2009. Google ScholarDigital Library
- Y. Lindell and B. Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. In TCC, 2011. Google ScholarDigital Library
- Y. Lindell, B. Pinkas, and N. Smart. Implementing two-party computation efficiently with security against malicious adversaries. In SCN, 2008. Google ScholarDigital Library
- L. Malka. Vmcrypt: modular software architecture for scalable secure computation. In CCS, 2011. Google ScholarDigital Library
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay--a secure two-party computation system. In USENIX Security, 2004. Google ScholarDigital Library
- S. Micali and P. Rogaway. Secure computation (abstract). In CRYPTO, 1992. Google ScholarDigital Library
- P. Mohassel and M. Franklin. Efficiency tradeoffs for malicious two-party computation. In PKC, 2006. Google ScholarDigital Library
- M. Naor and K. Nissim. Communication preserving protocols for secure function evaluation. In STOC, 2001. Google ScholarDigital Library
- M. Naor and B. Pinkas. Oblivious transfer and polynomial evaluation. In STOC, 1999. Google ScholarDigital Library
- M. Naor and B. Pinkas. Efficient oblivious transfer protocols. In SODA, 2001. Google ScholarDigital Library
- M. Naor, B. Pinkas, and R. Sumner. Privacy preserving auctions and mechanism design. In EC, 1999. Google ScholarDigital Library
- C. Peikert, V. Vaikuntanathan, and B. Waters. A framework for efficient and composable oblivious transfer. In CRYPTO, Berlin, Heidelberg, 2008. Google ScholarDigital Library
- B. Pinkas. Fair secure two-party computation. EUROCRYPT, 2003. Google ScholarDigital Library
- B. Pinkas, T. Schneider, N. Smart, and S. Williams. Secure two-party computation is practical. In ASIACRYPT, 2009. Google ScholarDigital Library
- M. Rabin. How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Lab, Harvard University, 1981.Google Scholar
- A. Shamir. How to share a secret. Commun. ACM, November 1979. Google ScholarDigital Library
- A. Shelat and C. H. Shen. Two-output secure computation with malicious adversaries. In EUROCRYPT, 2011. Google ScholarDigital Library
- D. Woodruff. Revisiting the efficiency of malicious two-party computation. In EUROCRYPT, 2007. Google ScholarDigital Library
- A. Yao. Protocols for secure computations. In FOCS, 1982. Google ScholarDigital Library
- A. Yao. How to generate and exchange secrets. In FOCS, 1986. Google ScholarDigital Library
Index Terms
- Salus: a system for server-aided secure function evaluation
Recommendations
Global-Scale Secure Multiparty Computation
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityWe propose a new, constant-round protocol for multi-party computation of boolean circuits that is secure against an arbitrary number of malicious corruptions. At a high level, we extend and generalize recent work of Wang et al. in the two-party setting. ...
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityProtocols for secure multiparty computation enable a set of parties to compute a function of their inputs without revealing anything but the output. The security properties of the protocol must be preserved in the presence of adversarial behavior. The ...
What Security Can We Achieve Within 4 Rounds?
AbstractKatz and Ostrovsky (Crypto 2004) proved that five rounds are necessary for stand-alone general black-box constructions of secure two-party protocols and at least four rounds are necessary if only one party needs to receive the output. Recently, ...
Comments