Secure Floating-Point Arithmetic and Private Satellite Collision Analysis

In this paper we show that it is possible and, indeed, feasible to use secure multiparty computation for calculating the probability of a collision between two satellites. For this purpose, we first describe basic floating-point arithmetic operators (addition and multiplication) for multiparty computations. The operators are implemented on the SHAREMIND secure multiparty computation engine. We discuss the implementation details, provide methods for evaluating example elementary functions (inverse, square root, exponentiation of e, error function). Using these primitives, we implement a satellite conjunction analysis algorithm and give benchmark results for the primitives as well as the conjunction analysis itself

Turvalisel ühisarvutusel põhinev privaatsust säilitav statistiline analüüs

Väitekirja elektrooniline versioon ei sisalda publikatsioone.Kaasaegses ühiskonnas luuakse inimese kohta digitaalne kirje kohe pärast tema sündi. Sellest hetkest alates jälgitakse tema käitumist ning kogutakse andmeid erinevate eluvaldkondade kohta. Kui kasutate poes kliendikaarti, käite arsti juures, täidate maksudeklaratsiooni või liigute lihtsalt ringi mobiiltelefoni taskus kandes, koguvad ning salvestavad firmad ja riigiasutused teie tundlikke andmeid. Vahel anname selliseks jälitustegevuseks vabatahtlikult loa, et saada mingit kasu. Näiteks võime saada soodustust, kui kasutame kliendikaarti. Teinekord on meil vaja teha keeruline otsus, kas loobuda võimalusest teha mobiiltelefonikõnesid või lubada enda jälgimine mobiilimastide kaudu edastatava info abil. Riigiasutused haldavad infot meie tervise, hariduse ja sissetulekute kohta, et meid paremini ravida, harida ja meilt makse koguda. Me loodame, et meie andmeid kasutatakse mõistlikult, aga samas eeldame, et meie privaatsus on tagatud. Käesolev töö uurib, kuidas teostada statistilist analüüsi nii, et tagada üksikisiku privaatsus. Selle eesmärgi saavutamiseks kasutame turvalist ühisarvutust. See krüptograafiline meetod lubab analüüsida andmeid nii, et üksikuid väärtuseid ei ole kunagi võimalik näha. Hoolimata sellest, et turvalise ühisarvutuse kasutamine on aeganõudev protsess, näitame, et see on piisavalt kiire ja seda on võimalik kasutada isegi väga suurte andmemahtude puhul. Me oleme teinud võimalikuks populaarseimate statistilise analüüsi meetodite kasutamise turvalise ühisarvutuse kontekstis. Me tutvustame privaatsust säilitavat statistilise analüüsi tööriista Rmind, mis sisaldab kõiki töö käigus loodud funktsioone. Rmind sarnaneb tööriistadele, millega statistikud on harjunud. See lubab neil viia läbi uuringuid ilma, et nad peaksid üksikasjalikult tundma allolevaid krüptograafilisi protokolle. Kasutame dissertatsioonis kirjeldatud meetodeid, et valmistada ette statistiline uuring, mis ühendab kaht Eesti riiklikku andmekogu. Uuringu eesmärk on teada saada, kas Eesti tudengid, kes töötavad ülikooliõpingute ajal, lõpetavad nominaalajaga väiksema tõenäosusega kui nende õpingutele keskenduvad kaaslased.In a modern society, from the moment a person is born, a digital record is created. From there on, the person’s behaviour is constantly tracked and data are collected about the different aspects of his or her life. Whether one is swiping a customer loyalty card in a store, going to the doctor, doing taxes or simply moving around with a mobile phone in one’s pocket, sensitive data are being gathered and stored by governments and companies. Sometimes, we give our permission for this kind of surveillance for some benefit. For instance, we could get a discount using a customer loyalty card. Other times we have a difficult choice – either we cannot make phone calls or our movements are tracked based on cellular data. The government tracks information about our health, education and income to cure us, educate us and collect taxes. We hope that the data are used in a meaningful way, however, we also have an expectation of privacy. This work focuses on how to perform statistical analyses in a way that preserves the privacy of the individual. To achieve this goal, we use secure multi-­‐party computation. This cryptographic technique allows data to be analysed without seeing the individual values. Even though using secure multi-­‐party computation is a time-­‐consuming process, we show that it is feasible even for large-­‐scale databases. We have developed ways for using the most popular statistical analysis methods with secure multi-­‐party computation. We introduce a privacy-­‐preserving statistical analysis tool called Rmind that contains all of our resulting implementations. Rmind is similar to tools that statistical analysts are used to. This allows them to carry out studies on the data without having to know the details of the underlying cryptographic protocols. The methods described in the thesis are used in practice to prepare for running a statistical study on large-­‐scale real-­‐life data to find out whether Estonian students who are working during university studies are less likely to graduate in nominal time

High-precision Secure Computation of Satellite Collision Probabilities

The costs of designing, building, launching and maintaining satellites make satellite operators extremely motivated to protect their on-orbit assets. Unfortunately, privacy concerns present a serious barrier to coordination between different operators. One obstacle to improving safety arises because operators view the trajectories of their satellites as private, and refuse to share this private information with other operators. Without data-sharing, preventing collisions between satellites becomes a challenging task. A 2014 report from the RAND Corporation proposed using cryptographic tools from the domain of secure Multiparty Computation (MPC) to allow satellite operators to calculate collision probabilities (conjunction analyses) without sharing private information about the trajectories of their satellites. In this work, we report on the design and implementation of a powerful new MPC framework for high-precision arithmetic on real-valued variables in a two-party setting where, unlike previous works, there is no honest majority, and where the players are not assumed to be semi-honest. We show how to apply this new solution in the domain of securely computing conjunction analyses. Our solution extends existing protocols, in particular the integer-based Goldreich-Micali-Wigderson (GMW) protocol, whereby we use combine and optimize GMW with Garbled Circuits (GC). We prove security of our protocol in the two party, semi-honest setting, assuming only the existence of one-way functions and Oblivious Transfer (the OT-hybrid model). The protocol allows a pair of satellite operators to compute the probability that their satellites will collide without sharing their underlying private orbital information. Techniques developed in this paper would potentially have a wide impact on general secure numerical analysis computations. We also show how to strengthen our construction with standard arithmetic message-authentication-codes (MACs) to enforce honest behavior beyond the semi-honest setting. Computing a conjunction analysis requires numerically estimating a complex double integral to a high degree of precision. The complexity of the calculation, and the possibility of numeric instability presents many challenges for MPC protocols which typically model calculations as simple (integer) arithmetic or binary circuits. Our secure numerical integration routines are extremely stable and efficient, and our secure conjunction analysis protocol takes only a few minutes to run on a commodity laptop

Programmeerimiskeeled turvalise ühisarvutuse rakenduste arendamiseks

Turvaline ühisarvutus on tehnoloogia, mis lubab mitmel sõltumatul osapoolel oma andmeid koos töödelda neis olevaid saladusi avalikustamata. Kui andmed on esitatud krüpteeritud kujul, tähendab see, et neid ei dekrüpteerita arvutuse käigus kordagi. Turvalise ühisarvutuse teoreetilised konstruktsioonid on teada olnud juba alates kaheksakümnendatest, kuid esimesed praktilised teostused ja rakendused, mis päris andmeid töötlesid, ilmusid alles natuke enam kui kümme aastat tagasi. Nüüdseks on turvalist ühisarvutust kasutatud mitmes praktilises rakenduses ning sellest on kujunenud oluline andmekaitsetehnoloogia. Turvalise ühisarvutuse rakenduste arendamine on keerukas. Vahendid, mis aitavad kaasa arendusprotsessile, on veel väga uued, ning raamistikud on sageli liiga aeglased praktiliste rakenduste jaoks. Rakendusi on endiselt võimelised arendama ainult krüptograafiaeksperdid. Käesoleva töö eesmärk on teha turvalise ühisarvutuse raamistikke paremaks ning muuta ühisarvutusrakenduste arendamist kergemaks. Väidame, et valdkon- naspetsiifiliste programmeerimiskeelte kasutamine võimaldab turvalise ühisarvu- tuse rakenduste ja raamistike ehitamist, mis on samaaegselt lihtsasti kasutatavad, hea jõudlusega, hooldatavad, usaldusväärsed ja võimelised suuri andmemahtusid töötlema. Peamise tulemusena esitleme kahte uut programmeerimiskeelt, mis on mõeldud turvalise ühisarvutuse jaoks. SecreC 2 on mõeldud turvalise ühisarvutuse rakendus- te arendamise lihtsustamiseks ja aitab kaasa sellele, et rakendused oleks turvalised ja efektiivsed. Teine keel on loodud turvalise ühisarvutuse protokollide arenda- miseks ning selle eesmärk on turvalise ühisarvutuse raamistikke paremaks muuta. Protokollide keel teeb raamistikke kiiremaks ja usaldusväärsemaks ning lihtsustab protokollide arendamist ja haldamist. Kirjeldame mõlemad keeled nii formaalselt kui mitteformaalselt. Näitame, kuidas mitmed rakendused ja prototüübid saavad neist keeltest kasu.Secure multi-party computation is a technology that allows several independent parties to cooperatively process their private data without revealing any secrets. If private inputs are given in encrypted form then the results will also be encrypted, and at no stage during processing are values ever decrypted. As a theoretical concept, the technology has been around since the 1980s, but the first practical implementations arose a bit more than a decade ago. Since then, secure multi-party computation has been used in practical applications, and has been established as an important method of data protection. Developing applications that use secure multi-party computation is challenging. The tools that help with development are still very young and the frameworks are often too slow for practical applications. Currently only experts in cryptography are able to develop secure multi-party applications. In this thesis we look how to improve secure multy-party computation frame- works and make the applications easier to develop. We claim that domain-specific programming languages enable to build secure multi-party applications and frame- works that are at the same time usable, efficient, maintainable, trustworthy, and practically scalable. The contribution of this thesis is the introduction of two new programming languages for secure multi-party computation. The SecreC 2 language makes secure multi-party computation application development easier, ensuring that the applications are secure and enabling them to be efficient. The second language is for developing low-level secure computation protocols. This language was created for improving secure multi-party computation frameworks. It makes the frameworks faster and more trustworthy, and protocols easier to develop and maintain. We give give both a formal and an informal overview of the two languages and see how they benefit multi-party applications and prototypes

An Improved Type System for a Privacy-aware Programming Language and its Practical Applications

Privaatseid andmeid on tarvis analüüsida või töödelda mitmes valdkonnas, näiteks tehes poliitilisi otsusi kasutades riiklikke andmekogusid või pakkudes pilvepõhiseid teenuseid. Sharemind on raamistik turvalisust säilitavate rakenduste arendamiseks, mis võimaldab andmeid analüüsida ilma üksikuid väärtuseid avaldamata. Sharemind kasutab selleks turvalise ühisarvutuse tehnoloogiat. Sharemindi raamistikku kasutavad programmid on kirjutatud programmeerimiskeeles nimega SecreC. Sharemind ja SecreC toetavad erinevaid turvalise ühisarvutuse meetodeid, mida nimetame turvaaladeks. Erinevatel turvaaladel on erinevad turvagarantiid ja efektiivsus ning turvaala valik sõltub konkreetse rakenduse vajadustest, mistõttu peaks SecreC toetama erinevate turvaalade kasutamist vastavalt rakenduse nõuetele. Töö eesmärk on võimaldada SecreC keelele turvaalade lisamist lubades programmeerijal kirjeldada turvaala andmetüübid, aritmeetilised tehted ja tüübiteisendused SecreC keeles. Töö autor lõi keele täiendustele formaalselt kirjeldatud tüübisüsteemi, teostas muudatused SecreC kompilaatoris, kirjeldas muudatuste praktilisi rakendusi, tekkivaid uusi probleeme ja nende võimalikke lahendusi.Confidential data needs to be processed in many areas, for example when making policy decisions using goverment databases or when providing cloud-based services. Sharemind is a framework for developing privacy-preserving applications which allows data to be analysed without revealing individual values. Sharemind uses a technology called secure multi-party computation. Programs using the Sharemind framework are written in a programming language called SecreC. Sharemind and SecreC are designed to support multiple secure multi-party computation methods which we call protection domain kinds. Different protection domain kinds have different security guarantees and performance characteristics and the decision about which one to use depends on the problem at hand which means SecreC should support different protection domain kinds that solve the needs of different applications. The goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler. The author developed a formal type system for the proposed language extensions, implemented them in the SecreC language compiler, described practical applications, open problems and proposed solutions

Alternative Implementations of Secure Real Numbers

This paper extends the choice available for secure real number implementations with two new contributions. We will consider the numbers represented in form $a-\varphi b$ where $\varphi$ is the golden ratio, and in form $(-1)^s\cdot2^e$ where $e$ is a fixed-point number. We develop basic arithmetic operations together with some frequently used elementary functions. All the operations are implemented and benchmarked on SHAREMIND secure multi-party computation framework. It turns out that the new proposals provide viable alternatives to standard floating- and fixed-point implementations from the performance/error viewpoint in various settings. However, the optimal choice still depends on the exact requirements of the numerical algorithm to be implemented

The Crypto-democracy and the Trustworthy

In the current architecture of the Internet, there is a strong asymmetry in terms of power between the entities that gather and process personal data (e.g., major Internet companies, telecom operators, cloud providers, ...) and the individuals from which this personal data is issued. In particular, individuals have no choice but to blindly trust that these entities will respect their privacy and protect their personal data. In this position paper, we address this issue by proposing an utopian crypto-democracy model based on existing scientific achievements from the field of cryptography. More precisely, our main objective is to show that cryptographic primitives, including in particular secure multiparty computation, offer a practical solution to protect privacy while minimizing the trust assumptions. In the crypto-democracy envisioned, individuals do not have to trust a single physical entity with their personal data but rather their data is distributed among several institutions. Together these institutions form a virtual entity called the Trustworthy that is responsible for the storage of this data but which can also compute on it (provided first that all the institutions agree on this). Finally, we also propose a realistic proof-of-concept of the Trustworthy, in which the roles of institutions are played by universities. This proof-of-concept would have an important impact in demonstrating the possibilities offered by the crypto-democracy paradigm.Comment: DPM 201

A Comprehensive Protocol Suite for Secure Two-Party Computation

Turvaline ühisarvutus võimaldab üksteist mitte usaldavatel osapooltel teha arvutusi tundlikel andmetel nii, et kellegi privaatsed andmed ei leki teistele osapooltele. Sharemind on kaua arenduses olnud turvalise ühisarvutuse platvorm, mis jagab tundlikke andmeid ühissalastuse abil kolme serveri vahel. Sharemindi kolme osapoolega protokolle on kasutatud suuremahuliste rakenduste loomisel. Igapäevaelus leidub rakendusi, mille puhul kahe osapoolega juurustusmudel on kolme osapoolega variandist sobivam majanduslikel või organisatoorsetel põhjustel. Selles töös kirjeldame ja teostame täieliku protokollistiku kahe osapoolega turvaliste arvutuste jaoks. Loodud protokollistiku eesmärk on pakkuda kolme osapoolega juurutusmudelile võrdväärne alternatiiv, mis on ka jõudluses võrreldaval tasemel. Kahe osapoole vahelised turvalise aritmeetika protokollid tuginevad peamiselt Beaveri kolmikute ette arvutamisele. Selleks, et saavutada vajalikku jõudlust, oleme välja töötanud tõhusad ette arvutamise meetodid, mis kasutavad uudsel viisil N-sõnumi pimeedastuse pikendamise protokolle. Meie meetodite eeliseks on alternatiividest väiksem võrgusuhtluse maht. Töös käsitleme ka insenertehnilisi väljakutseid, mis selliste meetodite teostamisel ette tulid. Töös esitame kirjeldatud konstruktsioonide turvalisuse ja korrektsuse tõestused. Selleks kasutame vähem eelduseid, kui tüüpilised teaduskirjanduses leiduvad tõestused. Üheks peamiseks saavutuseks on juhusliku oraakli mudeli vätimine. Meie kirjeldatud ja teostatud täisarvuaritmeetika ja andmetüüpide vaheliste teisendusprotokollide jõudlustulemused on võrreldavad kolme osapoole protokollide jõudlusega. Meie töö tulemusena saab Sharemindi platvormil teostada kahe osapoolega turvalisi ühisarvutusi.Secure multi-party computation allows a number of distrusting parties to collaborate in extracting new knowledge from their joint private data, without any party learning the other participants' secrets in the process. The efficient and mature Sharemind secure computation platform has relied on a three-party suite of protocols based on secret sharing for supporting large real-world applications. However, in some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases. We aim foremost for efficiency that is on par with the existing three-party protocols. To this end, we introduce more efficient techniques for the precomputation of Beaver triples using oblivious transfer extension, as the two-party protocols for arithmetic fundamentally rely on efficient triple generation. We reduce communication costs compared to existing methods by using 1-out-of-N oblivious transfer extension in a novel way, and provide insights into engineering challenges for efficiently implementing these methods. Furthermore, we show security of our constructions using strictly weaker assumptions than have been previously required by avoiding the random oracle model. We describe and implement a large amount of integer operations and data conversion protocols that are competitive with the existing three-party protocols, providing an overall solid foundation for two-party computations on Sharemind

Dynamic block encryption with self-authenticating key exchange

One of the greatest challenges facing cryptographers is the mechanism used for key exchange. When secret data is transmitted, the chances are that there may be an attacker who will try to intercept and decrypt the message. Having done so, he/she might just gain advantage over the information obtained, or attempt to tamper with the message, and thus, misguiding the recipient. Both cases are equally fatal and may cause great harm as a consequence. In cryptography, there are two commonly used methods of exchanging secret keys between parties. In the first method, symmetric cryptography, the key is sent in advance, over some secure channel, which only the intended recipient can read. The second method of key sharing is by using a public key exchange method, where each party has a private and public key, a public key is shared and a private key is kept locally. In both cases, keys are exchanged between two parties. In this thesis, we propose a method whereby the risk of exchanging keys is minimised. The key is embedded in the encrypted text using a process that we call `chirp coding', and recovered by the recipient using a process that is based on correlation. The `chirp coding parameters' are exchanged between users by employing a USB flash memory retained by each user. If the keys are compromised they are still not usable because an attacker can only have access to part of the key. Alternatively, the software can be configured to operate in a one time parameter mode, in this mode, the parameters are agreed upon in advance. There is no parameter exchange during file transmission, except, of course, the key embedded in ciphertext. The thesis also introduces a method of encryption which utilises dynamic blocks, where the block size is different for each block. Prime numbers are used to drive two random number generators: a Linear Congruential Generator (LCG) which takes in the seed and initialises the system and a Blum-Blum Shum (BBS) generator which is used to generate random streams to encrypt messages, images or video clips for example. In each case, the key created is text dependent and therefore will change as each message is sent. The scheme presented in this research is composed of five basic modules. The first module is the key generation module, where the key to be generated is message dependent. The second module, encryption module, performs data encryption. The third module, key exchange module, embeds the key into the encrypted text. Once this is done, the message is transmitted and the recipient uses the key extraction module to retrieve the key and finally the decryption module is executed to decrypt the message and authenticate it. In addition, the message may be compressed before encryption and decompressed by the recipient after decryption using standard compression tools