Efficient Secure Computation with Garbled Circuits

Gradual GRAM and secure computation for RAM programs

Journal of Computer Security ◽

10.3233/jcs-200107 ◽

2021 ◽

pp. 1-33

Author(s):

Carmit Hazay ◽

Mor Lilintal

Keyword(s):

Secure Computation ◽

Boolean Circuits ◽

Conceptual Similarity ◽

Garbled Circuits ◽

Security Guarantees

Despite the fact that the majority of applications encountered in practice today are captured more efficiently by RAM programs, the area of secure two-party computation (2PC) has seen tremendous improvement mostly for Boolean circuits. One of the most studied objects in this domain is garbled circuits. Analogously, garbled RAM (GRAM) provide similar security guarantees for RAM programs with applications to constant round 2PC. In this work we consider the notion of gradual GRAM which requires no memory garbling algorithm. Our approach provides several qualitative advantages over prior works due to the conceptual similarity to the analogue garbling mechanism for Boolean circuits. We next revisit the GRAM construction from (In STOC (2015) 449–458) and improve it in two orthogonal aspects: match it directly with tree-based ORAMs and explore its consistency with gradual ORAM.

Download Full-text

SIFO: Secure Computational Infrastructure Using FPGA Overlays

International Journal of Reconfigurable Computing ◽

10.1155/2019/1439763 ◽

2019 ◽

Vol 2019 ◽

pp. 1-18 ◽

Cited By ~ 2

Author(s):

Xin Fang ◽

Stratis Ioannidis ◽

Miriam Leeser

Keyword(s):

Code Generation ◽

Heterogeneous Computing ◽

Computational Cost ◽

Personal Data ◽

Secure Computation ◽

Coarse Grained ◽

Function Evaluation ◽

Fpga Design ◽

Computing Platform ◽

Garbled Circuits

Secure Function Evaluation (SFE) has received recent attention due to the massive collection and mining of personal data, but remains impractical due to its large computational cost. Garbled Circuits (GC) is a protocol for implementing SFE which can evaluate any function that can be expressed as a Boolean circuit and obtain the result while keeping each party’s input private. Recent advances have led to a surge of garbled circuit implementations in software for a variety of different tasks. However, these implementations are inefficient, and therefore GC is not widely used, especially for large problems. This research investigates, implements, and evaluates secure computation generation using a heterogeneous computing platform featuring FPGAs. We have designed and implemented SIFO: secure computational infrastructure using FPGA overlays. Unlike traditional FPGA design, a coarse-grained overlay architecture is adopted which supports mapping SFE problems that are too large to map to a single FPGA. Host tools provided include SFE problem generator, parser, and automatic host code generation. Our design allows repurposing an FPGA to evaluate different SFE tasks without the need for reprogramming and fully explores the parallelism for any GC problem. Our system demonstrates an order of magnitude speedup compared with an existing software platform.

Download Full-text

Privacy-Preserving Distributed Linear Regression on High-Dimensional Data

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0053 ◽

2017 ◽

Vol 2017 (4) ◽

pp. 345-364 ◽

Cited By ~ 27

Author(s):

Adrià Gascón ◽

Phillipp Schoppmann ◽

Borja Balle ◽

Mariana Raykova ◽

Jack Doerner ◽

...

Keyword(s):

Linear Regression ◽

Convergence Rates ◽

Comprehensive Evaluation ◽

Linear Equations ◽

Privacy Preserving ◽

Secure Computation ◽

Training Dataset ◽

Linear Regression Models ◽

Garbled Circuits ◽

Point Representation

Abstract We propose privacy-preserving protocols for computing linear regression models, in the setting where the training dataset is vertically distributed among several parties. Our main contribution is a hybrid multi-party computation protocol that combines Yao’s garbled circuits with tailored protocols for computing inner products. Like many machine learning tasks, building a linear regression model involves solving a system of linear equations. We conduct a comprehensive evaluation and comparison of different techniques for securely performing this task, including a new Conjugate Gradient Descent (CGD) algorithm. This algorithm is suitable for secure computation because it uses an efficient fixed-point representation of real numbers while maintaining accuracy and convergence rates comparable to what can be obtained with a classical solution using floating point numbers. Our technique improves on Nikolaenko et al.’s method for privacy-preserving ridge regression (S&P 2013), and can be used as a building block in other analyses. We implement a complete system and demonstrate that our approach is highly scalable, solving data analysis problems with one million records and one hundred features in less than one hour of total running time.

Download Full-text

Scalable Secure Privacy-Preserving Record Linkage (PPRL) Methods Using Cloud-based Infrastructure

International Journal for Population Data Science ◽

10.23889/ijpds.v3i4.638 ◽

2018 ◽

Vol 3 (4) ◽

Author(s):

Toan Ong ◽

Ibrahim Lazrig ◽

Indrajit Ray ◽

Indrakshi Ray ◽

Michael Kahn

Keyword(s):

Parallel Processing ◽

Record Linkage ◽

High Capacity ◽

Privacy Preserving ◽

Secure Computation ◽

Third Party ◽

Major Drawback ◽

Garbled Circuits ◽

Chunk Size ◽

Synthetic Datasets

IntroductionBloom Filters (BFs) are a scalable solution for probabilistic privacy-preserving record linkage but BFs can be compromised. Yao’s garbled circuits (GCs) can perform secure multi-party computation to compute the similarity of two BFs without a trusted third party. The major drawback of using BFs and GCs together is poor efficiency. Objectives and ApproachWe evaluated the feasibility of BFs+GCs using high capacity compute engines and implementing a novel parallel processing framework in Google Cloud Compute Engines (GCCE). In the Yao’s two-party secure computation protocol, one party serves as the generator and the other party serves as the evaluator. To link data in parallel, records from both parties are divided into chunks. Linkage between every two chunks in the same block is processed by a thread. The number of threads for linkage depends on available computing resources. We tested the parallelized process in various scenarios with variations in hardware and software configurations. ResultsTwo synthetic datasets with 10K records were linked using BFs+GCs on 12 different software and hardware configurations which varied by: number of CPU cores (4 to 32), memory size (15GB – 28.8GB), number of threads (6-41), and chunk size (50-200 records). The minimum configuration (4 cores; 15GB memory) took 8,062.4s to complete whereas the maximum configuration (32 cores; 28.8GB memory) took 1,454.1s. Increasing the number of threads or changing the chunk size without providing more CPU cores and memory did not improve the efficiency. Efficiency is improved on average by 39.81% when the number of cores and memory on the both sides are doubled. The CPU utilization is maximized (near 100% on both sides) when the computing power of the generator is double the evaluator. Conclusion/ImplicationsThe PPRL runtime of BFs+GCs was greatly improved using parallel processing in a cloud-based infrastructure. A cluster of GCCEs could be leveraged to reduce the runtime of data linkage operations even further. Scalable cloud-based infrastructures can overcome the trade-off between security and efficiency, allowing computationally complex methods to be implemented.

Download Full-text

Large Scale, Actively Secure Computation from LPN and Free-XOR Garbled Circuits

Lecture Notes in Computer Science - Advances in Cryptology – EUROCRYPT 2021 ◽

10.1007/978-3-030-77883-5_2 ◽

2021 ◽

pp. 33-63

Author(s):

Aner Ben-Efraim ◽

Kelong Cong ◽

Eran Omri ◽

Emmanuela Orsini ◽

Nigel P. Smart ◽

...

Keyword(s):

Large Scale ◽

Secure Computation ◽

Garbled Circuits

Download Full-text

SecureNN: 3-Party Secure Computation for Neural Network Training

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2019-0035 ◽

2019 ◽

Vol 2019 (3) ◽

pp. 26-49 ◽

Cited By ~ 18

Author(s):

Sameer Wagh ◽

Divya Gupta ◽

Nishanth Chandran

Keyword(s):

Neural Network ◽

Neural Networks ◽

Data Privacy ◽

Network Inference ◽

Matrix Multiplication ◽

Building Blocks ◽

Secure Computation ◽

Neural Network Training ◽

Network Training ◽

Garbled Circuits

Abstract Neural Networks (NN) provide a powerful method for machine learning training and inference. To effectively train, it is desirable for multiple parties to combine their data – however, doing so conflicts with data privacy. In this work, we provide novel three-party secure computation protocols for various NN building blocks such as matrix multiplication, convolutions, Rectified Linear Units, Maxpool, normalization and so on. This enables us to construct three-party secure protocols for training and inference of several NN architectures such that no single party learns any information about the data. Experimentally, we implement our system over Amazon EC2 servers in different settings. Our work advances the state-of-the-art of secure computation for neural networks in three ways: 1. Scalability: We are the first work to provide neural network training on Convolutional Neural Networks (CNNs) that have an accuracy of > 99% on the MNIST dataset; 2. Performance: For secure inference, our system outperforms prior 2 and 3-server works (SecureML, MiniONN, Chameleon, Gazelle) by 6×-113× (with larger gains obtained in more complex networks). Our total execution times are 2 − 4× faster than even just the online times of these works. For secure training, compared to the only prior work (SecureML) that considered a much smaller fully connected network, our protocols are 79× and 7× faster than their 2 and 3-server protocols. In the WAN setting, these improvements are more dramatic and we obtain an improvement of 553×! 3. Security: Our protocols provide two kinds of security: full security (privacy and correctness) against one semi-honest corruption and the notion of privacy against one malicious corruption [Araki et al. CCS’16]. All prior works only provide semi-honest security and ours is the first system to provide any security against malicious adversaries for the secure computation of complex algorithms such as neural network inference and training. Our gains come from a significant improvement in communication through the elimination of expensive garbled circuits and oblivious transfer protocols.

Download Full-text

Threshold Garbled Circuits and Ad Hoc Secure Computation

Lecture Notes in Computer Science - Advances in Cryptology – EUROCRYPT 2021 ◽

10.1007/978-3-030-77883-5_3 ◽

2021 ◽

pp. 64-93

Author(s):

Michele Ciampi ◽

Vipul Goyal ◽

Rafail Ostrovsky

Keyword(s):

Ad Hoc ◽

Secure Computation ◽

Garbled Circuits

Download Full-text

Gage MPC: Bypassing Residual Function Leakage for Non-Interactive MPC

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2021-0083 ◽

2021 ◽

Vol 2021 (4) ◽

pp. 528-548

Author(s):

Ghada Almashaqbeh ◽

Fabrice Benhamouda ◽

Seungwook Han ◽

Daniel Jaroslawicz ◽

Tal Malkin ◽

...

Keyword(s):

Computational Cost ◽

Secure Computation ◽

Residual Function ◽

A Value ◽

Sealed Bid ◽

Garbled Circuits ◽

Garbled Circuit ◽

Time Capsule ◽

Security Guarantees ◽

Computational Resources

Abstract Existing models for non-interactive MPC cannot provide full privacy for inputs, because they inherently leak the residual function (i.e., the output of the function on the honest parties’ input together with all possible values of the adversarial inputs). For example, in any non-interactive sealed-bid auction, the last bidder can figure out what was the highest previous bid. We present a new MPC model which avoids this privacy leak. To achieve this, we utilize a blockchain in a novel way, incorporating smart contracts and arbitrary parties that can be incentivized to perform computation (“bounty hunters,” akin to miners). Security is maintained under a monetary assumption about the parties: an honest party can temporarily supply a recoverable collateral of value higher than the computational cost an adversary can expend. We thus construct non-interactive MPC protocols with strong security guarantees (full security, no residual leakage) in the short term. Over time, as the adversary can invest more and more computational resources, the security guarantee decays. Thus, our model, which we call Gage MPC, is suitable for secure computation with limited-time secrecy, such as auctions. A key ingredient in our protocols is a primitive we call “Gage Time Capsules” (GaTC): a time capsule that allows a party to commit to a value that others are able to reveal but only at a designated computational cost. A GaTC allows a party to commit to a value together with a monetary collateral. If the original party properly opens the GaTC, it can recover the collateral. Otherwise, the collateral is used to incentivize bounty hunters to open the GaTC. This primitive is used to ensure completion of Gage MPC protocols on the desired inputs. As a requisite tool (of independent interest), we present a generalization of garbled circuit that are more robust: they can tolerate exposure of extra input labels. This is in contrast to Yao’s garbled circuits, whose secrecy breaks down if even a single extra label is exposed. Finally, we present a proof-of-concept implementation of a special case of our construction, yielding an auction functionality over an Ethereum-like blockchain.

Download Full-text