Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications

We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbb{Z}_{2^l}$ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 133x and 4.2x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively

Privacy-Preserving Shortest Path Computation

Navigation is one of the most popular cloud computing services. But in virtually all cloud-based navigation systems, the client must reveal her location and destination to the cloud service provider in order to learn the fastest route. In this work, we present a cryptographic protocol for navigation on city streets that provides privacy for both the client's location and the service provider's routing data. Our key ingredient is a novel method for compressing the next-hop routing matrices in networks such as city street maps. Applying our compression method to the map of Los Angeles, for example, we achieve over tenfold reduction in the representation size. In conjunction with other cryptographic techniques, this compressed representation results in an efficient protocol suitable for fully-private real-time navigation on city streets. We demonstrate the practicality of our protocol by benchmarking it on real street map data for major cities such as San Francisco and Washington, D.C.Comment: Extended version of NDSS 2016 pape

A Feasibility Analysis of Secure Multiparty Computation Deployments

Vaatleme stsenaariumi, kus mitu organisatsiooni sooviks oma individuaalsetest andmebaasidest ehitada ühe suure andmebaasi. Andmebaasi ehitamise eesmärgiks on ühiselt teostada arvutusi, mis oleksid kasulikud kõikidele osapooltele. Ühest küljest võivad kõik osapooled oma andmed avalikustada ning selle põhjal vajalikke arvutusi teha. Teisest küljest, ei ole kõiki andmeid võimalik avalikustada ning suur osa kasulikke arvutusi tehakse tõenäoliselt just privaatsete andmete pealt. Andmete avalikustamist võivad takistada nii organisatsiooni sisesed reeglid, kui ka seadused. Antud probleemile on olemas krüptograafiline lahendus - turvaline ühisarvutus. Turvalise ühisarvutuse abil saavad osapooled teha arvutusi nii, et iga osapool saab teada ainult arvutuse tulemuse ja ei saa teada midagi uut lähteandmete kohta. Käesolevas töös uurime ühe konkreetse turvalise ühisarvutuste raamistiku, Sharemindi, rakenduste jõudlust. Praegune Sharemindi rakendusserver töötab kolme masina peal, mis omavahel suheldes teostavad arvutusi. Antud raamistikus kasutatava turvalise ühisarvutuse jõudlus sõltub peamiselt edastatud andmete mahust ning seega võrgu jõudlusest, mille peal arvutusi läbi viiakse. Me ehitasime lineaarse regressioonimudeli, mille eesmärgiks on ennustada protokollide tööaega sõltuvalt võrgu parameetritest. Baasmudeli loomisel fikseerisime võrgu parameetrid olemasolevate tööriistadega ning hindasime mudeli parameetrite väärtused. Eksperimendid mudeli loomiseks viisime läbi eriotstarbelisel Sharemindi arvutusklastril. Teades mudeli parameetrite väärtuseid üritasime võrgu parameetrite põhjal ennustada mudeli tööaega. Klasti süsteemi peal valideerisime mudelit, ennustades algoritmide tööaega. Uurisime Apriori andmekaeve algoritmi, mis kasub Sharemindi turvalise ühisarvutuse protokolle. Ennustuse tulemused olid lähedased tegelikule protokollidele kulutatud ajale. Mudeli valideerimiseks paigaldasime Sharemindi raamistiku mitmelt pilveteenuse pakkujalt renditud taristule. Pilveteenused kiirendavad mitmesuguste rakenduste, eelkõige veebiteenuste arendusprotsessi, minimaliseerides esmast investeeringut, sest alustavad firmad ei pea oma riistvara hankima. Riistvara soetamise ja haldamise kulud vahetatakse pilveteenuse vastu. Pilve keskkonnas ei õnnestunud meil täpseid ennustusi protokollide tööaja kohta teha. Küll aga õnnestus teha umbkaudseid hinnanguid mudeli parameetrite kohta ning nende põhjal prtokollide tööaega hinnata. Kuigi hinnangud ei olnud väga täpsed, saime järeldada, et meie mudel ei ole vale, aga me ei suuda mudeli sisendparameetreid, võrgu latentsust ja ribalaiust, täpselt mõõta ning seetõttu on ka meie ennustused ebatäpsed. Selles töös uurisime ka turvalisel ühissalastusel põhinevate pilverakenduste majanduslikku otstarbekust. Jälgisime kahte aspekti: kas turvaline ühisarvutus pilves on piisavalt kiire ning kas kulud on mõistlikud. Leidsime, et arvutuste jõudlus on piisav mitmete potentsiaalsete rakenduste jaoks. Turvalise küsimustiku näitestsenaariumi põhjal järeldasime, et turvalise ühisarvutuse kulud pilverakendustes on samuti mõistlikud. Pilvekeskonnas on kaks peamist kuluallikat: serveri ülalhoidmiskulud ning võrguliiluse kulud. Leidsime, et suure hulga rakenduste jaoks on serveri ülalhoidmine kulukam kui andmeedastus. Selle töö tulemusena leidsime, et turvaline ühissalastus on mõistlik lahendus selliste rakenduste puhul, kus andmete privaatsuse tagamine on kriitilise tähtsusega. Tulemused näitavad, et Sharemindil põhinevad rakendused on praktilised ka siis, kui nad on juurutatud üle maailma laiali asuvates serverites. Lisaks näitasid meie katsed, et Sharemindi protkollide jõudlust saaks tõsta parandades vaba oleva võrgu ribalaiuse kasutamist raamistiku protokollide poolt.Imagine a scenario where multiple companies hold valuable information and they want to combine their data for analysis that would benefit them all. In an honest world, the companies could do just that - combine their data. However, in the real world, none of them can afford to make their data public because it could compromise their competitive advantage. One can easily find many similar real-world scenarios where there are privacy issues concerned with the data. Data privacy is also a very prominent issue when outsourcing the computing resources, for example, to cloud services. A cryptographic solution to this problem would be to use secure multiparty computation (SMC). SMC is a useful tool for computing the result of an operation with the inputs of multiple parties, without revealing what the inputs were. As a result, we can perform computations on the data without disclosing it. There exist two main approaches how to perform SMC. First, circuit evaluation, which is based on computations on arithmetic or logic circuits and is CPU intensive (CPU-bound). Second, general multiparty computation, which relies more on the communication between the parties (network-bound). Currently, the more efficient systems in this field use the latter approach. The theoretical complexity of these systems is well known. However, for real-life deployments the theoretical results alone are not enough. In this work, we would like to study the practical performance of the network-bound general multiparty computation. Based on the published results, the Sharemind SMC framework has shown the best performance and widest functionality among similar systems. One goal of this work was to create a mathematical model for predicting computational performance of SMC depending on the network parameters. The model was constructed based on a set of experiments conducted on th Sharemind framework. To validate our model, we set up a set of servers in the cloud environment. In this setting we measured the parameters of the network connections between the machines. The predictions were compared to the actual computation results. We were unable to accurately predict the running time of the protocols in the cloud. However, we concluded that this result was probably due to the inability to accurately estimate the effective network parameters to compute the model coefficients. The model validation in the experiment cluster environment showed that the models can be used to accurately predict the running time of the secure operations inside more complex algorithms. In the last part of the work, we utilized the general model to assess the feasibility of SMC in the cloud environment. With the model, we computed time estimations for executing certain operations in a sample scenario. The cost estimation showed that for a secure survey scenario, the cost of the secure computations is low compared to the cost of keeping the server running during the data gathering phase for the survey. The cost of the performed operations only starts to play a role with large data sets and computation heavy algorithms. The results of this work indicate that it is indeed feasible to do secure multiparty computation in the cloud environment for a whole range of real-world scenarios. This mainly benefits the potential cloud service scenarios where privacy of the stored data is one of the primary concerns. In this work we also found some indications of possible improvements to the Sharemind framework. We noticed that even though the protocols have a lot of avai\-lable bandwidth, they are not using it. For high throughput connections, the performance of the protocols may be significantly increased if the bandwidth utilization rate can be improved. As a future work, we could try other approaches to construct the models or, alternatively, build a specialized tool to measure the bandwidth parameter for the models