Secure Numerical and Logical Multi Party Operations

We derive algorithms for efficient secure numerical and logical operations using a recently introduced scheme for secure multi-party computation~\cite{sch15} in the semi-honest model ensuring statistical or perfect security. To derive our algorithms for trigonometric functions, we use basic mathematical laws in combination with properties of the additive encryption scheme in a novel way. For division and logarithm we use a new approach to compute a Taylor series at a fixed point for all numbers. All our logical operations such as comparisons and large fan-in AND gates are perfectly secure. Our empirical evaluation yields speed-ups of more than a factor of 100 for the evaluated operations compared to the state-of-the-art

Alternative Implementations of Secure Real Numbers

This paper extends the choice available for secure real number implementations with two new contributions. We will consider the numbers represented in form $a-\varphi b$ where $\varphi$ is the golden ratio, and in form $(-1)^s\cdot2^e$ where $e$ is a fixed-point number. We develop basic arithmetic operations together with some frequently used elementary functions. All the operations are implemented and benchmarked on SHAREMIND secure multi-party computation framework. It turns out that the new proposals provide viable alternatives to standard floating- and fixed-point implementations from the performance/error viewpoint in various settings. However, the optimal choice still depends on the exact requirements of the numerical algorithm to be implemented

Turvaliste reaalarvuoperatsioonide efektiivsemaks muutmine

Tänapäeval on andmed ja nende analüüsimine laialt levinud ja neist on palju kasu. Selle populaarsuse tõttu on ka rohkem levinud igasugused kombinatsioonid, kuidas andmed ja nende põhjal arvutamine omavahel suhestuda võivad. Meie töö fookuseks on siinkohal need juhtumid, kus andmete omanikud ja need osapooled, kes neid analüüsima peaks, ei lange kas osaliselt või täielikult kokku. Selle näiteks võib tuua meditsiiniandmed, mida nende omanikud tahaks ühest küljest salajas hoida, aga mille kollektiivsel analüüsimine on kasulik. Teiseks näiteks on arvutuste delegeerimine suurema arvutusvõimsusega, ent mitte täiesti usaldusväärsele osapoolele. Valdkond, mis selliseid probleeme uurib, kannab nime turvaline ühisarvutus. Antud valdkond on eelkõige keskendunud juhtumile, kus andmed on kas täisarvulisel või bitilisel kujul, kuna neid on lihtsam analüüsida ja teised juhtumid saab nendest tuletada, sest kõige, mis üldse arvutatav on, väljaarvutamiseks piisab bittide liitmisest ja korrutamisest. See on teoorias tõsi, samas, kui kõike otse bittide või täisarvude tasemel teha, on tulemus ebaefektiivne. Seepärast vaatleb see doktoritöö turvalist ühisarvutust reaalarvudel ja meetodeid, kuidas seda efektiivsemaks teha. Esiteks vaatleme ujukoma- ja püsikomaarve. Ujukomaarvud on väga paindlikud ja täpsed, aga on teisalt jälle üsna keeruka struktuuriga. Püsikomaarvud on lihtsa olemusega, ent kannatavad täpsuses. Töö esimene meetod vaatlebki nende kombineerimist, et mõlema häid omadusi ära kasutada. Teine tehnika baseerub tõigal, et antud paradigmas juhtub, et ei ole erilist ajalist vahet, kas paralleelis teha üks tehe või miljon. Sestap katsume töö teises meetodis teha paralleelselt hästi palju mingit lihtsat operatsiooni, et välja arvutada mõnd keerulisemat. Kolmas tehnika kasutab reaalarvude kujutamiseks täisarvupaare, (a,b), mis kujutavad reaalarvu a- φb, kus φ=1.618... on kuldlõige. Osutub, et see võimaldab meil üsna efektiivselt liita ja korrutada ja saavutada mõistlik täpsus.Nowadays data and its analysis are ubiquitous and very useful. Due to this popularity, different combinations of how these two can relate to each other proliferate. We focus on the cases where the owners of the data and those who compute on them don't coincide either partially or totally. Examples are medicinal data where the owners want secrecy but where doing statistics on them collectively is useful, or outsourcing computation. The discipline that studies these cases is called secure computation. This field has been mostly working on integer and bit data types, as they are easier to work on, and due to it being possible to reduce the other cases to integer and bit manipulations. However, using these reductions bluntly will give inefficient results. Thus this thesis studies secure computation on real numbers and presents three methods for improving efficiency. The first method concerns with fixed-point and floating-point numbers. Fixed-point numbers are simple in construction, but can lack precision and flexibility. Floating-point numbers, on the other hand, are precise and flexible, but are rather complicated in nature, which in secure setting translates to expensive operations. The first method thus combines those two number types for greater efficiency. The second method is based on the fact that in the concrete paradigm we use, it does not matter timewise whether we perform one or million operations in parallel. Thus we attempt to perform many instances of a fast operation in parallel in order to evaluate a more complicated one. Thirdly we introduce a new real number type. We use pairs of integers (a,b) to represent the real number a- φb where φ=1.618... is the golden ratio. This number type allows us to perform addition and multiplication relatively quicky and also achieves reasonable granularity.https://www.ester.ee/record=b522708

Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications

We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbb{Z}_{2^l}$ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 133x and 4.2x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively

Protecting privacy of users in brain-computer interface applications

Machine learning (ML) is revolutionizing research and industry. Many ML applications rely on the use of large amounts of personal data for training and inference. Among the most intimate exploited data sources is electroencephalogram (EEG) data, a kind of data that is so rich with information that application developers can easily gain knowledge beyond the professed scope from unprotected EEG signals, including passwords, ATM PINs, and other intimate data. The challenge we address is how to engage in meaningful ML with EEG data while protecting the privacy of users. Hence, we propose cryptographic protocols based on secure multiparty computation (SMC) to perform linear regression over EEG signals from many users in a fully privacy-preserving(PP) fashion, i.e., such that each individual's EEG signals are not revealed to anyone else. To illustrate the potential of our secure framework, we show how it allows estimating the drowsiness of drivers from their EEG signals as would be possible in the unencrypted case, and at a very reasonable computational cost. Our solution is the first application of commodity-based SMC to EEG data, as well as the largest documented experiment of secret sharing-based SMC in general, namely, with 15 players involved in all the computations