Abstract
Multi-party computation (MPC) allows two or more parties to jointly and securely compute functions over private inputs. Cryptographic protocols that realize MPC require functions to be expressed as Boolean or arithmetic circuits. Deriving such circuits is either done manually, or with hardware synthesis tools and specialized MPC compilers. Unfortunately, such existing tools compile only from a single front-end language and neglect decades of research for optimizing regular compilers.
In this paper, we make MPC practical for developers by automating circuit compilation based on the compiler toolchain LLVM. For this, we develop an LLVM optimizer suite consisting of multiple transform passes that operate on the LLVM intermediate representation (IR) and gradually lower functions to circuit level. Our approach supports various front-end languages (currently C, C++, and Fortran) and takes advantage of powerful source code optimizations built into LLVM. We furthermore make sure to produce circuits that are optimized for MPC, and even offer fully automated post-processing for efficient post-quantum MPC.
We empirically measure the quality of our compilation results and compare them to the state-of-the-art specialized MPC compiler HyCC (Büscher et al. CCS’2018). For all benchmarked HyCC example applications (e.g., biomatch and linear equation solving), our highly generalizable approach achieves similar quality in terms of gate count and composition.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ABC: A system for sequential synthesis and verification. http://www.eecs.berkeley.edu/~alanmi/abc/
Aly, A., et al.: SCALE-MAMBA v1. 10: Documentation (2020)
Archer, D., et al.: Bristol Fashion MPC circuits (2020). https://homes.esat.kuleuven.be/~nsmart/MPC/
Barrio, P., Carruth, C., Molloy, J.: Recursion inlining in LLVM (2015). https://www.llvm.org/devmtg/2015-04/slides/recursion-inlining-2015.pdf
Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: STOC (1990)
Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: CCS (2008)
Boemer, F., Cammarota, R., Demmler, D., Schneider, T., Yalame, H.: MP2ML: a mixed-protocol machine learning framework for private inference. In: ARES (2020)
Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13
Boston University: JIFF: JavaScript implementation of federated functionalities (2015). https://github.com/multiparty/jiff/
Boyar, J., Damgård, I., Peralta, R.: Short non-interactive cryptographic proofs. J. Cryptol. 13, 449–472 (2000)
Braun, L., Demmler, D., Schneider, T., Tkachenko, O.: MOTION - A framework for mixed-protocol multi-party computation. ePrint (2020). https://ia.cr/2020/1137
Büscher, N., et al.: Secure two-party computation in a quantum world. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12146, pp. 461–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57808-4_23
Büscher, N., Demmler, D., Katzenbeisser, S., Kretzmer, D., Schneider, T.: HyCC: compilation of hybrid protocols for practical secure computation. In: CCS (2018)
Chandran, N., Gupta, D., Rastogi, A., Sharma, R., Tripathi, S.: EzPC: programmable, efficient, and scalable secure two-party computation for machine learning. In: EuroS&P (2019)
Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15
Coussy, P., Morawiec, A.: High-Level Synthesis: From Algorithm to Digital Circuit. Springer, Dordrecht (2008). https://doi.org/10.1007/978-1-4020-8588-8
Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: CCS (2015)
Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
Dessouky, G., Koushanfar, F., Sadeghi, A.R., Schneider, T., Zeitouni, S., Zohner, M.: Pushing the communication barrier in secure computation using lookup tables. In: NDSS (2017)
Fereidooni, H., et al.: SAFELearn: secure aggregation for private federated learning. In: Deep Learning and Security Workshop (2021)
Fowler, D., Robson, E.: Square root approximations in old Babylonian mathematics: YBC 7289 in context. Historia Mathematica (1998)
Fraser, C.W., Hanson, D.R.: A Retargetable C Compiler: Design and Implementation. Addison-Wesley (1995)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)
Gueron, S., Lindell, Y., Nof, A., Pinkas, B.: Fast garbling of circuits under standard assumptions. In: CCS, pp. 567–578. ACM (2015)
Hastings, M., Hemenway, B., Noble, D., Zdancewic, S.: SoK: general purpose compilers for secure multi-party computation. In: S&P (2019)
Henecka, W., Kögl, S., Sadeghi, A., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: CCS (2010)
Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: CCS (2012)
Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS (2012)
Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security (2011)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9
Ishaq, M., Milanova, A.L., Zikas, V.: Efficient MPC via program analysis: a framework for efficient optimal mixing. In: CCS (2019)
Javadi, M., Yalame, H., Mahdiani, H.: Small constant mean-error imprecise adder/multiplier for efficient VLSI implementation of MAC-based applications. IEEE Trans. Comput. (2020)
Keller, M.: MP-SPDZ: a versatile framework for multi-party computation. In: CCS (2020)
Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Improved garbled circuit building blocks and applications to auctions and computing minima. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 1–20. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_1
Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_40
Kreuter, B., Shelat, A., Mood, B., Butler, K.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security (2013)
Kreuter, B., Shelat, A., Shen, C.H.: Billion-gate secure computation with malicious adversaries. In: USENIX Security (2012)
Lattner, C., Adve, V.S.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Code Generation and Optimization (2004)
LLVM Community: CIRCT / Circuit IR compilers and tools (2020). https://github.com/llvm/circt
LLVM Project: LLVM’s analysis and transform passes (2020). https://llvm.org/docs/Passes.html
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - Secure two-party computation system. In: USENIX Security (2004)
Mantel, H., Scheidel, L., Schneider, T., Weber, A., Weinert, C., Weißmantel, T.: RiCaSi: rigorous cache side channel mitigation via selective circuit compilation. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 505–525. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_25
Mohassel, P., Rindal, P.: ABY3: a mixed protocol framework for machine learning. In: CCS (2018)
Mood, B., Gupta, D., Carter, H., Butler, K.R.B., Traynor, P.: Frigate: a validated, extensible, and efficient compiler and interpreter for secure computation. In: Euro S&P (2016)
Mood, B., Letaw, L., Butler, K.: Memory-efficient garbled circuit generation for mobile devices. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 254–268. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_19
Nguyen, T.D., et al.: FLGUARD: secure and private federated learning. ePrint (2021). https://ia.cr/2021/025
Nielsen, J.D., Schwartzbach, M.I.: A domain-specific programming language for secure multiparty computation. In: Workshop on Programming Languages and Analysis for Security (2007)
Patra, A., Schneider, T., Suresh, A., Yalame, H.: ABY2.0: improved mixed-protocol secure two-party computation. In: USENIX Security (2020)
Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: PSI from PaXoS: fast, malicious private set intersection. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 739–767. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_25
Rastogi, A., Hammer, M.A., Hicks, M.: Wysteria: a programming language for generic, mixed-mode multiparty computations. In: S&P (2014)
Robertson, J.E.: A new class of digital division methods. Trans. Electron. Comput. (1958)
Rotaru, D.: awesome-mpc (2020). https://github.com/rdragos/awesome-mpc#frameworks
Rugina, R., Rinard, M.: Recursion unrolling for divide and conquer programs. In: Midkiff, S.P., et al. (eds.) LCPC 2000. LNCS, vol. 2017, pp. 34–48. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45574-4_3
Schoenmakers, B.: MPyC: secure multiparty computation in Python (2018). https://github.com/lschoe/mpyc/blob/master/README.md
Schropfer, A., Kerschbaum, F., Muller, G.: L1 - an intermediate language for mixed-protocol secure computation. In: Computer Software and Applications Conference (2011)
Songhori, E.M., Hussain, S.U., Sadeghi, A., Schneider, T., Koushanfar, F.: TinyGarble: highly compressed and scalable sequential garbled circuits. In: S&P (2015)
Synopsis: DC Ultra (2020). https://www.synopsys.com/implementation-and-signoff/rtl-synthesis-test/dc-ultra.html
Tatsuoka, M., et al.: Physically aware high level synthesis design flow. In: DAC (2015)
Tillich, S., Smart, N.: (Bristol Format) Circuits of basic functions suitable for MPC and FHE (2020). https://homes.esat.kuleuven.be/~nsmart/MPC/old-circuits.html
Verilog.com: Verilog Resources (2020). https://verilog.com/
Wang, X., Malozemoff, A.J., Katz, J.: EMP-toolkit: Efficient multiparty computation toolkit (2016). https://github.com/emp-toolkit
Wolf, C.: Yosys open synthesis suite. http://www.clifford.at/yosys/
Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)
Zahur, S., Evans, D.: Obliv-C: a language for extensible data-oblivious computation. ePrint (2015). https://ia.cr/2015/1153
Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_8
Zhang, Y., Steele, A., Blanton, M.: PICCO: A general-purpose compiler for private distributed computation. In: CCS (2013)
Acknowledgment
We thank the anonymous reviewers for their helpful comments. This project was co-funded by the Deutsche Forschungsgemeinschaft (DFG) – SFB 1119 CROSSING/236615297 and GRK 2050 Privacy & Trust/251805230, and by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE. It has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (grant agreement No. 850990 PSOTI).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Optimized Building Blocks
We provide details of the building blocks used by our LLVM toolchain during the gateify pass (cf. Sect. 4.3). To obtain these building blocks, we utilize logic synthesis tools [1, 57, 62] with our custom technology libraries (cf. Sect. 5.2) to optimize (multiplicative) size and restrict the types of basic gates. The most common building blocks are addition, subtraction, multiplication, and (integer) division, multiplexer for array accesses, and comparator, which we detail in the following. Table 5 shows a summary of the circuit size complexities, i.e., the number of non-linear (AND) gates. Moreover, we show the actual circuit sizes for standard 32 bit integers generated by the synthesis tool.
Addition/Subtraction. To perform addition of two l-bit values, the traditional ripple carry adder (RCA), in which the carry out of one stage is fed directly to the carry-in of the next stage, has a multiplicative size of \(l-1\) [10, 34]. The subtractor can be viewed as a special case of adder as the subtraction of two values a and b can be represented as \(a -\bar{b} + 1\) where \(\bar{b}\) denotes the two’s complement representation of b.
Multiplication. In classic logic synthesis, a multiplier outputs a 2l-bit product of two l-bit inputs. The best approach for this multiplier is the textbook method with the size of \(2l^2-l\) [34]. However, in many programming languages and MPC protocols, multiplication is defined as a \(l\rightarrow l\) operation, where the product of two l unsigned integers is l-bit. Generating a \(l \rightarrow l\) multiplication with logic synthesis tools give us a circuit size of \(l^2-l\) [27, 44].
Division. The division operation computes the quotient and remainder of two binary integer numbers. The standard approach for the division is similar to the text-book multiplication, where the divisor is iteratively shifted and subtracted from the remainder. By doing so, one division operation can be built with complexity of \(2l^2\) AND gates. Restoring division can help us in hardware synthesis to have a complexity of \(l^2+2l+1\) [51].
Multiplexer. A 2-to-1 MUX was proposed in [35] with a size of l. The tree architecture for an m-to-1 MUX has size \((m-1)l\).
Comparator. The standard comparator circuit checks whether one l-bit number is greater than another with a size of l. We implement this comparator as described in [35].
B Dummy Application
In Listing 1 we provide the C++ code for our dummy application that we use for benchmark purposes in addition to applications from the HyCC repository (cf. Sect. 6.2). It showcases as many supported features as short as possible.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Heldmann, T., Schneider, T., Tkachenko, O., Weinert, C., Yalame, H. (2021). LLVM-Based Circuit Compilation for Practical Secure Computation. In: Sako, K., Tippenhauer, N.O. (eds) Applied Cryptography and Network Security. ACNS 2021. Lecture Notes in Computer Science(), vol 12727. Springer, Cham. https://doi.org/10.1007/978-3-030-78375-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-78375-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78374-7
Online ISBN: 978-3-030-78375-4
eBook Packages: Computer ScienceComputer Science (R0)