272 research outputs found
On Multiparty Garbling of Arithmetic Circuits
We initiate a study of garbled circuits that contain both Boolean and arithmetic gates in secure multiparty computation. In particular, we incorporate the garbling gadgets for arithmetic circuits recently presented by Ball, Malkin, and Rosulek (ACM CCS 2016) into the multiparty garbling paradigm initially introduced by Beaver, Micali, and Rogaway (STOC \u2790). This is the first work that studies arithmetic garbled circuits in the multiparty setting. Using mixed Boolean-arithmetic circuits allows more efficient secure computation of functions that naturally combine Boolean and arithmetic computations. Our garbled circuits are secure in the semi-honest model, under the same hardness assumptions as Ball et al., and can be efficiently and securely computed in constant rounds assuming an honest majority.
We first extend free addition and multiplication by a constant to the multiparty setting.
We then extend to the multiparty setting efficient garbled multiplication gates. The garbled multiplication gate construction we show was previously achieved only in the two-party setting and assuming a random oracle.
We further present a new garbling technique, and show how this technique can improve efficiency in garbling selector gates. Selector gates compute a simple ``if statement in the arithmetic setting: the gate selects the output value from two input integer values, according to a Boolean selector bit; if the bit is the output equals the first value, and if the bit is the output equals the second value. Using our new technique, we show a new and designated garbled selector gate that reduces by approximately the evaluation time, for any number of parties, from the best previously known constructions that use existing techniques and are secure based on the same hardness assumptions.
On the downside, we find that testing equality and computing exponentiation by a constant are significantly more complex to garble in the multiparty setting than in the two-party setting
Privacy-Preserving Shortest Path Computation
Navigation is one of the most popular cloud computing services. But in
virtually all cloud-based navigation systems, the client must reveal her
location and destination to the cloud service provider in order to learn the
fastest route. In this work, we present a cryptographic protocol for navigation
on city streets that provides privacy for both the client's location and the
service provider's routing data. Our key ingredient is a novel method for
compressing the next-hop routing matrices in networks such as city street maps.
Applying our compression method to the map of Los Angeles, for example, we
achieve over tenfold reduction in the representation size. In conjunction with
other cryptographic techniques, this compressed representation results in an
efficient protocol suitable for fully-private real-time navigation on city
streets. We demonstrate the practicality of our protocol by benchmarking it on
real street map data for major cities such as San Francisco and Washington,
D.C.Comment: Extended version of NDSS 2016 pape
Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications
We present Chameleon, a novel hybrid (mixed-protocol) framework for secure
function evaluation (SFE) which enables two parties to jointly compute a
function without disclosing their private inputs. Chameleon combines the best
aspects of generic SFE protocols with the ones that are based upon additive
secret sharing. In particular, the framework performs linear operations in the
ring using additively secret shared values and nonlinear
operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson
protocol. Chameleon departs from the common assumption of additive or linear
secret sharing models where three or more parties need to communicate in the
online phase: the framework allows two parties with private inputs to
communicate in the online phase under the assumption of a third node generating
correlated randomness in an offline phase. Almost all of the heavy
cryptographic operations are precomputed in an offline phase which
substantially reduces the communication overhead. Chameleon is both scalable
and significantly more efficient than the ABY framework (NDSS'15) it is based
on. Our framework supports signed fixed-point numbers. In particular,
Chameleon's vector dot product of signed fixed-point numbers improves the
efficiency of mining and classification of encrypted data for algorithms based
upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer
convolutional deep neural network shows 133x and 4.2x faster executions than
Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively
Secure Multi-party Computation Protocols from a High-Level Programming Language
Turvalise ühisarvutuse abil on võimalik sooritada privaatsust säilitavaid arvutusi mitmelt osapoolelt kogutud andmetega.
Tänapäeva digitaalses maailmas on andmete konfidentsiaalsuse tagamine üha raskemini teostatav.
Turvalise ühisarvutuse meetodid nagu ühissalastus ja Yao sogastatud loogikaskeemid võimaldavad teostada privaatsust säilitavaid arvutusprotokolle,
mis ei lekita konfidentsiaalseid sisendandmeid. Aditiivne ühissalastuse skeem on väga efektiivne algebraliste ringide tehete sooritamiseks
fikseeritud bitilaiusega andmetüüpide peal. Samas on seda kasutades raske ehitada protokolle, mis nõuavad paindlikumaid bititaseme operatsioone.
Yao sogastatud loogikaskeemide meetod töötab aga igasuguse bitilaiusega andmete peal ja võimaldab väärtustada mistahes Boole'i funktsioone.
Neid kahte meetodit koos kasutades ehitame turvalise hübriidprotokolli, mis kujutab endast üldist meetodit privaatsust säilitavate arvutuste teostamiseks
bitikaupa ühissalastatud andmete peal. Loogikaskeeme vajalikeks arvutusteks on lihtne saada kahe kaasaegse turvalise ühisarvutuse jaoks mõeldud
kompilaatori abil, mis muundavad C programmi loogikaskeemiks --- PCF ja CBMC-GC. Meie hübriidprotokolli prototüüp privaatsust säilitaval arvutusplatvormil Sharemind
saavutab praktilisi jõudlustulemusi, mis on võrreldavad teiste kaasaegsete lahendustega. Lisaks kahe osapoolega arvutustele pakub meie prototüüp võimekust teostada mitmekesiseid arvutusi
üldises turvalise ühisarvutuse arvutusmudelis.
Hübriidprotokoll ja loogikaskeemide kompilaatorid võimaldavad koos kasutades lihtsalt ja efektiivselt luua üldkasutatavaid turvalise ühisarvutuse protokolle
mistahes Boole'i funktsioonide väärtustamiseks.Secure multi-party computation (SMC) enables privacy-preserving computations on data originating from a number of parties.
In today's digital world, data privacy is increasingly more difficult to provide. With SMC methods like
secret sharing and Yao's garbled circuits, it is possible to build privacy-preserving computational protocols that do not leak confidential inputs
to other parties.
The additive secret sharing scheme is very efficient for algebraic ring operations on fixed bit-length data types. However, it is difficult to
build protocols that require robust bit-level manipulation. Yao's garbled circuits approach, in contrast, works on arbitrary bit-length data
and allows the evaluation of any Boolean function. Combining the two methods, we build a secure hybrid protocol, which provides a general method
for building arbitrary secure computations on bitwise secret-shared data. We are able to generate circuits for the protocol easily by using two state-of-the-art C to circuit
compilers designed for SMC applications --- PCF and CBMC-GC. Our hybrid protocol prototype on the Sharemind privacy-preserving computational platform achieves practical performance
comparable to other recent work. In addition to two-party computations, our prototype provides
the ability to perform a set of diverse computations in a generic SMC computational model.
The hybrid protocol together with the circuit compilers provides a simple and efficient toolchain to build general-purpose
SMC protocols for evaluating any Boolean function
A fast and verified software stack for secure function evaluation
We present a high-assurance software stack for secure function evaluation (SFE). Our stack consists of three components: i. a verified compiler (CircGen) that translates C programs into Boolean circuits; ii. a verified implementation of Yao’s SFE protocol based on garbled circuits and oblivious transfer; and iii. transparent application integration and communications via FRESCO, an open-source framework for secure multiparty computation (MPC). CircGen is a general purpose tool that builds on CompCert, a verified optimizing compiler for C. It can be used in arbitrary Boolean circuit-based cryptography deployments. The security of our SFE protocol implementation is formally verified using EasyCrypt, a tool-assisted framework for building high-confidence cryptographic proofs, and it leverages a new formalization of garbled circuits based on the framework of Bellare, Hoang, and Rogaway (CCS 2012). We conduct a practical evaluation of our approach, and conclude that it is competitive with state-of-the-art (unverified) approaches. Our work provides concrete evidence of the feasibility of building efficient, verified, implementations of higher-level cryptographic systems. All our development is publicly available.POCI-01-0145-FEDER-006961, FCT-PD/BD/113967/2015info:eu-repo/semantics/publishedVersio
Full-Threshold Actively-Secure Multiparty Arithmetic Circuit Garbling
In this work, we show how to garble arithmetic circuits with full active security in the general multiparty setting, secure in the full-threshold setting (that is, when only one party is assumed honest). Our solution allows interfacing Boolean garbled circuits with arithmetic garbled circuits. Previous works in the arithmetic circuit domain focused on the 2-party setting, or on semi-honest security and assuming an honest majority -- notably, the work of Ben-Efraim (Asiacrypt 2018) in the semi-honest, honest majority security model, which we adapt and extend. As an additional contribution, we improve on Ben-Efraim\u27s selector gate. A selector gate is a gate that given two arithmetic inputs and one binary input, outputs one of the arithmetic inputs, based on the value of the selection bit input. Our new construction for the selector gate reduces the communication cost to almost half of that of Ben-Efraim\u27s gate. This result applies both to the semi-honest and to the active security model
Applications of Secure Multiparty Computation
We generate and gather a lot of data about ourselves and others, some of it highly confidential. The collection, storage and use of this data is strictly regulated by laws, but restricting the use of data often limits the benefits which could be obtained from its analysis. Secure multi-party computation (SMC), a cryptographic technology, makes it possible to execute specific programs on confidential data while ensuring that no other sensitive information from the data is leaked. SMC has been the subject of academic study for more than 30 years, but first attempts to use it for actual computations in the early 2000s – although theoretically efficient – were initially not practicable. However, improvements in the situation have made possible the secure solving of even relatively large computational tasks. This book describes how many different computational tasks can be solved securely, yet efficiently. It describes how protocols can be combined to larger applications, and how the security-efficiency trade-offs of different components of an SMC application should be chosen. Many of the results described in this book were achieved as part of the project Usable and Efficient Secure Multi-party Computation (UaESMC), which was funded by the European Commission. The book will be of interest to all those whose work involves the secure analysis of confidential data
MArBled Circuits: Mixing Arithmetic and Boolean Circuits with Active Security
Most modern actively-secure multiparty computation (MPC) protocols involve generating random data that is secret-shared and
authenticated, and using it to evaluate arithmetic or Boolean circuits in different ways. In this work we present a generic method for converting authenticated secret-shared data between different fields, and show how to use it to evaluate so-called ``mixed\u27\u27 circuits with active security and in the full-threshold setting. A mixed circuit is one in which parties switch between different subprotocols dynamically as computation proceeds, the idea being that some protocols are more efficient for evaluating arithmetic circuits, and others for Boolean circuits.
One use case of our switching mechanism is for converting between secret-sharing-based MPC and garbled circuits (GCs). The former is more suited to the evaluation of arithmetic circuits and can easily be used to emulate arithmetic over the integers, whereas the latter is better for Boolean circuits and has constant round complexity. Much work already exists in the two-party semi-honest setting, but the -party dishonest majority case was hitherto neglected.
We call the actively-secure mixed arithmetic/Boolean circuit a marbled circuit. Our implementation showed that mixing protocols in this way allows us to evaluate a linear Support Vector Machine with times fewer AND gates than a solution using GC alone albeit with twice the preprocessing required using only SPDZ (Damgård et al., CRYPTO \u2712), and thus our solution offers a tradeoff between online and preprocessing complexity. When evaluating over a WAN network, our online phase is times faster than the plain SPDZ protocol
- …