Skip to main content
SpringerLink
Log in

On compiling Boolean circuits optimized for secure multi-party computation

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Secure multi-party computation (MPC) allows two or more distrusting parties to jointly evaluate a function over private inputs. For a long time considered to be a purely theoretical concept, MPC transitioned into a practical and powerful tool to build privacy-enhancing technologies. However, the practicality of MPC is hindered by the difficulty to implement applications on top of the underlying cryptographic protocols. This is because the manual construction of efficient applications, which need to be represented as Boolean or arithmetic circuits, is a complex, error-prone, and time-consuming task. To facilitate the development of further privacy-enhancing technology, multiple compilers have been proposed that create circuits for MPC. Yet, almost all presented compilers only support domain specific languages or provide very limited optimization methods. In this work (this is an extended and revised version of the paper ‘Secure Two-party Computations in ANSI C’ (Holzer et al., in: ACM CCS, 2012) that reflects the progress in secure computation and describes the current optimization tool chain of CBMC-GC) we describe our compiler CBMC-GC that implements a complete tool chain from ANSI C to circuit. Moreover, we give a comprehensive overview of circuit minimization techniques, which we have identified and adapted for the creation of efficient circuits for MPC. With the help of these techniques, our compilation approach allows for a high level of abstraction from the cryptographic primitives used in MPC protocols, as well as the complex design of digital circuits. By using the model checker CBMC as a compiler frontend, we illustrate the link between MPC, formal methods, and digital logic design. Our experimental results illustrate the effectiveness of the implemented optimizations techniques for various example applications. In particular, compared with other state-of-the-art compilers, we show that CBMC-GC compiles circuits from the same source code that are up to four times smaller.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. We note that MPC protocols can be combined with protocols for oblivious storage, e.g., ORAM [21], under various security and performance trade-offs. These constructions are beyond the scope of this work.

  2. https://devblogs.nvidia.com/parallelforall/inside-pascal/.

  3. CBMC-GC is available at www.seceng.de/research/software/cbmc-gc/.

References

  1. Berkeley logic synthesis and verification group, abc: a system for sequential synthesis and verification, release 30916. http://www.eecs.berkeley.edu/~alanmi/abc/

  2. Bellare M, Hoang VT, Keelveedhi S, Rogaway P (2013) Efficient garbling from a fixed-key blockcipher. In: IEEE S&P

  3. Bilogrevic I, Jadliwala M, Hubaux J, Aad I, Niemi V (2011) Privacy-preserving activity scheduling on mobile devices. In: ACM CODASPY

  4. Bjesse P, Borälv A (2004) Dag-aware circuit compression for formal verification. In: ICCAD

  5. Bogdanov D, Laur S, Willemson J (2008) Sharemind: a framework for fast privacy-preserving computations. In: ESORICS

  6. Bogetoft P, Christensen DL, Damgård I, Geisler M, Jakobsen T, Krøigaard M, Nielsen JD, Nielsen JB, Nielsen K, Pagter J et al (2009) Secure multiparty computation goes live. In: FC

  7. Buchfuhrer D, Umans C (2011) The complexity of Boolean formula minimization. J. Comput. Syst. Sci. 77(1):142–153

    Article  MATH  MathSciNet  Google Scholar 

  8. Buescher N, Holzer A, Weber A, Katzenbeisser S (2016) Compiling low depth circuits for practical secure computation. In: ESORICS

  9. Buescher N, Kretzmer D, Jindal A, Stefan K (2016) Scalable secure computation from ansi-c. In: IEEE WIFS

  10. Büscher N, Katzenbeisser S (2015) Faster secure computation through automatic parallelization. In: USENIX Security

  11. Clarke EM, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In: TACAS

  12. Clarke EM, Kroening D, Yorav K (2003) Behavioral consistency of C and verilog programs using bounded model checking. In: DAC

  13. Courtois N, Hulme D, Mourouzis T (2011) Solving circuit optimisation problems in cryptography and cryptanalysi. IACR cryptology ePrint archive

  14. Damgård I, Pastro V, Smart NP, Zakarias S (2012) Multiparty computation from somewhat homomorphic encryption. In: CRYPTO

  15. Darringer JA, Joyner WH, Berman CL, Trevillyan L (1981) Logic synthesis through local transformations. IBM J Res Dev 25:272–280

    Article  Google Scholar 

  16. Demmler D, Dessouky G, Koushanfar F, Sadeghi AR, Schneider T, Zeitouni S (2015) Automated synthesis of optimized circuits for secure computation. In: ACM CCS

  17. Demmler D, Schneider T, Zohner M (2015) ABY—a framework for efficient mixed-protocol secure two-party computation. In: NDSS

  18. Erkin Z, Franz M, Guajardo J, Katzenbeisser S, Lagendijk I, Toft T (2009) Privacy-preserving face recognition. In: PETS

  19. Franz M, Holzer A, Katzenbeisser S, Schallhart C, Veith H (2014) CBMC-GC: an ANSI C compiler for secure two-party computations. In: Compiler construction CC

  20. Goldreich O, Micali S, Wigderson A (1987) How to play any mental game or a completeness theorem for protocols with honest majority. In: ACM STOC

  21. Goldreich O, Ostrovsky R (1996) Software protection and simulation on oblivious rams. J ACM 43(3):431–473

    Article  MATH  MathSciNet  Google Scholar 

  22. Goudarzi D, Rivain M (2016) On the multiplicative complexity of boolean functions and bitsliced higher-order masking. In: CHES

  23. Henecka W, Kögl S, Sadeghi AR, Schneider T, Wehrenberg I (2010) TASTY: tool for automating secure two-party computations. In: ACM CCS

  24. Holzer A, Franz M, Katzenbeisser S, Veith H (2012) Secure two-party computations in ANSI C. In: ACM CCS

  25. Kolesnikov V, Sadeghi AR, Schneider T (2009) Improved garbled circuit building blocks and applications to auctions and computing minima. In: CANS

  26. Kolesnikov V, Schneider T (2008) Improved garbled circuit: free XOR gates and applications. In: ICALP

  27. Kreuter B, Shelat A, Mood B, Butler K (2013) PCF: a portable circuit format for scalable two-party secure computation. In: USENIX security

  28. Kreuter B, Shelat A, Shen C (2012) Billion-gate secure computation with malicious adversaries. In: USENIX security

  29. Kuehlmann A (2004) Dynamic transition relation simplification for bounded property checking. In: IEEE ICCAD

  30. Larraia E, Orsini E, Smart NP (2014) Dishonest majority multi-party computation for binary circuits. In: CRYPTO

  31. Liu C, Huang Y, Shi E, Katz J, Hicks MW (2014) Automating efficient RAM-model secure computation. In: IEEE S&P

  32. Liu C, Wang XS, Nayak K, Huang Y, Shi E (2015) ObliVM: a programming framework for secure computation. In: IEEE S&P

  33. Malkhi D, Nisan N, Pinkas B, Sella Y (2004) Fairplay - secure two-party computation system. In: USENIX Security

  34. Mishchenko A, Chatterjee S, Brayton R, Een N (2006) Improvements to combinational equivalence checking. In: IEEE ICCAD

  35. Mishchenko A, Chatterjee S, Brayton RK (2006) Dag-aware AIG rewriting a fresh look at combinational logic synthesis. In: DAC

  36. Mood B, Gupta D, Carter H, Butler K, Traynor P (2016) Frigate: a validated, extensible, and efficient compiler and interpreter for secure computation. In: IEEE Euro S&P

  37. Mood B, Letaw L, Butler K (2012) Memory-efficient garbled circuit generation for mobile devices. In: FC

  38. Nielsen JB, Nordholt PS, Orlandi C, Burra SS (2012) A new approach to practical active-secure two-party computation. In: CRYPTO

  39. Robertson JE (1958) A new class of digital division methods. IRE Trans Electron Comput 3:218–222

    Article  Google Scholar 

  40. Schneider T, Zohner M (2013) GMW vs. Yao? Efficient secure two-party computation with low depth circuits. In: FC

  41. Schnorr CP (1974) Zwei lineare untere Schranken für die Komplexität Boolescher Funktionen. Computing 13:155–171

    Article  MATH  MathSciNet  Google Scholar 

  42. Schröpfer A, Kerschbaum F, Müller G (2011) L1—an intermediate language for mixed-protocol secure computation. In: COMPSAC

  43. Songhori EM, Hussain SU, Sadeghi A, Schneider T, Koushanfar F (2015) Tinygarble: Highly compressed and scalable sequential garbled circuits. In: IEEE S&P

  44. Turan MS, Peralta R (2014) The multiplicative complexity of boolean functions on four and five variables. In: LightSec

  45. Yao ACC (1982) Protocols for secure computations (extended abstract). In: IEEE FOCS

  46. Yao ACC (1986) How to generate and exchange secrets (extended abstract). In: IEEE FOCS

  47. Zahur S, Evans D (2015) Obliv-c: a language for extensible data-oblivious computation. IACR cryptology ePrint archive

Download references

Acknowledgements

We thank all anonymous reviewers for their helpful and constructive comments. This work has been co-funded by the DFG as part of project S5 within the CRC 1119 CROSSING, by the DFG as part of project A.1 within the RTG 2050 “Privacy and Trust for Mobile User”. The initial idea behind CBMC-GC, i.e., using a bounded model checker for high-level synthesis in the context of MPC, was coined in a very fruitful discussion with Helmut Veith over a cup of coffee in a Wiener Kaffeehaus (typical Viennese coffee house).

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Darmstadt, Germany

    Niklas Büscher, Martin Franz & Stefan Katzenbeisser

  2. Technische Universität Wien, Vienna, Austria

    Andreas Holzer & Helmut Veith

Authors
  1. Niklas Büscher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Franz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Holzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Helmut Veith
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Stefan Katzenbeisser
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Niklas Büscher or Stefan Katzenbeisser.

Code example: Hamming distance computation

Code example: Hamming distance computation

The Hamming distance between two bit strings is the number of pairwise different bits. This number can be computed by XOR-ing the input bit strings and then counting the number of bits. An exemplary implementation is given in Listing 3 that computes the distance between two bit-strings of length 160 bits, which are split over five unsigned integers. In Line 7 the number of ones in a string of 32 bits is computed. This task is also known as population count. In the following paragraphs we describe three different implementations.

figure d

The first implementation is given in Listing 4. In this naïve approach, each bit is extracted using bit shifts and the logical AND operator & before being aggregated.

figure e

A variant of this implementation is given in Listing 5. Here, the bit string of length 32 is first split into chunks of 8 bits (unsigned char). The ones set in each chunk are then counted as described above.

figure f

Finally, in Listing 6 the best known implementation optimized for a CPU with 32 bit registers and slow multiplication is given. This implementation uses only 14 instructions.

figure g

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Büscher, N., Franz, M., Holzer, A. et al. On compiling Boolean circuits optimized for secure multi-party computation. Form Methods Syst Des 51, 308–331 (2017). https://doi.org/10.1007/s10703-017-0300-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-017-0300-0

Keywords

Search

Navigation