ABSTRACT
In theory secure computation offers a solution for privacy in many collaborative applications. However, in practice poor efficiency of the protocols prevents their use. Hand-crafted protocols are more efficient than those implemented in compilers, but they require significantly more development effort in programming and verification. Recently, Kerschbaum introduced an automatic compiler optimization technique for secure computations that can make compilers as efficient as hand-crafted protocols. This optimization relies on the structure of the secure computation program. The programmer has to implement the program in such a way, such that the optimization can yield the optimal performance. In this paper we present an algorithm that rewrites the program -- most notably its expressions -- optimizing their efficiency in secure computation protocols. We give a heuristic for whole-program optimization and show the resulting performance gains using examples from the literature.
- J. B. Almeida, E. Bangerter, M. Barbosa, S. Krenn, A.-R. Sadeghi, and T. Schneider. A certifying compiler for zero-knowledge proofs of knowledge based on σ-protocols. In ESORICS'10: Proceedings of the 15th European Conference on Research in Computer Security, 2010. Google ScholarDigital Library
- M. Backes, M. Maffei, and K. Pecina. Automated synthesis of privacy-preserving distributed applications. In NDSS'12: Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012.Google Scholar
- A. Banerjee. A joint economic lot-size model for purchaser and vendor. Decision Sciences, 17(3), 1986.Google Scholar
- D. Beaver, S. Micali, and P. Rogaway. The round complexity of secure protocols. In STOC'90: Proceedings of the 22nd ACM Symposium on Theory of Computing, 1990. Google ScholarDigital Library
- A. Ben-David, N. Nisan, and B. Pinkas. Fairplaymp: a system for secure multi-party computation. In CCS'08: Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008. Google ScholarDigital Library
- M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In STOC'88: Proceedings of the 20th ACM Symposium on Theory of Computing, 1988. Google ScholarDigital Library
- D. Bogdanov, S. Laur, and J. Willemson. Sharemind: a framework for fast privacy-preserving computations. In ESORICS'08: Proceedings of the 13th European Symposium on Research in Computer Security, 2008. Google ScholarDigital Library
- D. Bogdanov, R. Talviste, and J. Willemson. Deploying secure multi-party computation for financial data analysis. In FC'12: Proceedings of the 16th International Conference on Financial Cryptography and Data Security, 2012.Google ScholarCross Ref
- P. Bogetoft, D. L. Christensen, I. Damgård, M. Geisler, T. P. Jakobsen, M. Krøigaard, J. D. Nielsen, J. B. Nielsen, K. Nielsen, J. Pagter, M. I. Schwartzbach, and T. Toft. Secure multiparty computation goes live. In FC'09: Proceedings of the 13th International Conference on Financial Cryptography and Data Security, 2009. Google ScholarDigital Library
- O. Catrina and A. Saxena. Secure computation with fixed-point numbers. In FC'10: Proceedings of the 14th International Conference on Financial Cryptography and Data Security, 2010. Google ScholarDigital Library
- J. Cocke. Global common subexpression elimination. SIGPLAN Notices, 5, 1970. Google ScholarDigital Library
- R. Cramer, I. Damgård, and U. Maurer. Efficient general secure multi-party computation from any linear secret-sharing scheme. In EUROCRYPT'00: Proceedings of the 19th European Cryptology Conference, 2000. Google ScholarDigital Library
- R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO'94: Proceedings of the 14th International Cryptology Conference, 1994. Google ScholarDigital Library
- I. Damgård, M. Geisler, M. Krøigaard, and J. B. Nielsen. Asynchronous multiparty computation: theory and implementation. In PKC'09: Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography, 2009. Google ScholarDigital Library
- L. Devroye. Branching processes in the analysis of the heights of trees. Acta Informatica, 24, 1987. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography, volume 2. Cambridge University Press, 2004. Google ScholarCross Ref
- S. Goldwasser. Multi-party computations: past and present. In PODC'97: Proceedings of the 16th ACM Symposium on Principles of Distributed Computing, 1997. Google ScholarDigital Library
- J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In EUROCRYPT'08: Proceedings of the 27th European Cryptology Conference, 2008. Google ScholarDigital Library
- W. Henecka, S. Kögl, A.-R. Sadeghi, T. Schneider, and I. Wehrenberg. Tasty: tool for automating secure two-party computations. In CCS'10: Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010. Google ScholarDigital Library
- Y. Huang, D. Evans, and J. Katz. Private set intersection: Are garbled circuits better than custom protocols? In Proceedings of the 19th Network and Distributed Security Symposium, 2012.Google Scholar
- Y. Huang, D. Evans, J. Katz, and L. Malka. Faster secure two-party computation using garbled circuits. In Proceedings of the 20th USENIX Security Symposium, 2011. Google ScholarDigital Library
- R. Jagomagis. Secrec: a privacy-aware programming language with applications in data mining. Master's thesis, University of Tartu, 2010.Google Scholar
- M. Jensen and F. Kerschbaum. Towards privacy-preserving xml transformation. In ICWS'11: Proceedings of the 9th IEEE International Conference on Web Services, 2011. Google ScholarDigital Library
- F. Kerschbaum. Automatically optimizing secure computation. In CCS'11: Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- F. Kerschbaum. A type-system for mixed protocol secure computation. Unpublished manuscript, 2012.Google Scholar
- F. Kerschbaum, D. Dahlmeier, A. Schröpfer, and D. Biswas. On the practical importance of communication complexity for secure multi-party computation protocols. In SAC'09: Proceedings of the 24th ACM Symposium on Applied Computing, 2009. Google ScholarDigital Library
- F. Kerschbaum, A. Schröpfer, A. Zilli, R. Pibernik, O. Catrina, S. de Hoogh, B. Schoenmakers, S. Cimato, and E. Damiani. Secure collaborative supply chain management. IEEE Computer, 44(9), 2011. Google ScholarDigital Library
- V. Kolesnikov, A.-R. Sadeghi, and T. Schneider. Modular design of efficient secure function evaluation protocols. Technical Report Report 2010/079, Cryptology ePrint Archive, 2010.Google Scholar
- V. Kolesnikov and T. Schneider. Improved garbled circuit: free xor gates and applications. In ICALP'08: Proceedings of the 35th International Colloquium on Automata, Languages and Programming, Part II, 2008. Google ScholarDigital Library
- Y. Lindell and B. Pinkas. A proof of security of yao's protocol for two-party computation. Journal of Cryptology, 22(2), 2009. Google ScholarDigital Library
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay--a secure two-party computation system. In Proceedings of the 13th USENIX Security Symposium, 2004. Google ScholarDigital Library
- S. Meiklejohn, C. C. Erway, A. Küpçü, T. Hinkle, and A. Lysyanskaya. Zkpdl: A language-based system for efficient zero-knowledge proofs and electronic cash. In Proceedings of the 19th USENIX Security Symposium, 2010. Google ScholarDigital Library
- J. D. Nielsen and M. I. Schwartzbach. A domain-specific programming language for secure multiparty computation. In PLAS'07: Proceedings of the ACM Workshop on Programming Languages and Analysis for Security, 2007. Google ScholarDigital Library
- J. A. Painter. Effectiveness of an optimizing compiler for arithmetic expressions. SIGPLAN Notices, 5, 1970. Google ScholarDigital Library
- R. Pibernik, Y. Zhang, F. Kerschbaum, and A. Schröpfer. Secure collaborative supply chain planning and inverse optimization - the jels model. European Journal of Operational Research, 208(1), 2011.Google ScholarCross Ref
- A. Schröpfer and F. Kerschbaum. Demo: secure computation in javascript. In CCS'11: Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- A. Schröpfer and F. Kerschbaum. Forecasting run-times of secure two-party computation. In QEST'11: Proceedings of the 8th International Conference on Quantitative Evaluation of Systems, 2011. Google ScholarDigital Library
- A. Schröpfer, F. Kerschbaum, and G. Müller. L1 -- an intermediate language for mixed-protocol secure computation. In COMPSAC'11: Proceedings of the 35th IEEE Computer Software and Applications Conference, 2011. Google ScholarDigital Library
- A. C. Yao. Protocols for secure computations. In FOCS'82: Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, 1982. Google ScholarDigital Library
Index Terms
- Expression rewriting for optimizing secure computation
Recommendations
Automatically optimizing secure computation
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityOn the one hand, compilers for secure computation protocols, such as FairPlay or FairPlayMP, have significantly simplified the development of such protocols. On the other hand, optimized protocols with high performance for special problems demand manual ...
An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries
We show an efficient secure two-party protocol, based on Yao's construction, which provides security against malicious adversaries. Yao's original protocol is only secure in the presence of semi-honest adversaries, and can be transformed into a protocol ...
On the Power of Secure Two-Party Computation
Proceedings, Part II, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9815Ishai, Kushilevitz, Ostrovsky and Sahai STOC 2007, SIAM JoC 2009 introduced the powerful "MPC-in-the-head" technique that provided a general transformation of information-theoretic MPC protocols secure against passive adversaries to a ZK proof in a "...
Comments