ABSTRACT
Cut-and-choose (CC) is the standard approach to making Yao's garbled circuit two-party computation (2PC) protocol secure against malicious adversaries. Traditional cut-and-choose operates at the level of entire circuits, whereas the LEGO paradigm (Nielsen & Orlandi, TCC 2009) achieves asymptotic improvements by performing cut-and-choose at the level of individual gates. In this work we propose a unified approach called DUPLO that spans the entire continuum between these two extremes. The cut-and-choose step in our protocol operates on the level of arbitrary circuit "components," which can range in size from a single gate to the entire circuit itself.
With this entire continuum of parameter values at our disposal, we find that the best way to scale 2PC to computations of realistic size is to use CC components of intermediate size, and not at the extremes. On computations requiring several millions of gates or more, our more general approach to CC gives between 4-7x improvement over existing approaches.
In addition to our technical contributions of modifying and optimizing previous protocol techniques to work with general CC components, we also provide an extension of the recent Frigate circuit compiler (Mood et al, Euro S&P 2016) to effectively express any C-style program in terms of components which can be processed efficiently using our protocol.
Supplemental Material
- Arash Afshar, Zhangxiang Hu, Payman Mohassel, and Mike Rosulek. 2015. How to Efficiently Evaluate RAM Programs with Malicious Security. In EURO-CRYPT 2015, Part I (LNCS), Elisabeth Oswald and Marc Fischlin (Eds.), Vol. 9056. Springer, 702--729. https://doi.org/10.1007/978-3-662-46800-5_27 Google ScholarCross Ref
- Arash Afshar, Payman Mohassel, Benny Pinkas, and Ben Riva. 2014. Non-Interactive Secure Computation Based on Cut-and-Choose. In EUROCRYPT 2014(LNCS), Phong Q. Nguyen and Elisabeth Oswald (Eds.), Vol. 8441. Springer, 387--404. https://doi.org/10.1007/978-3-642-55220-5_22Google Scholar
- Gilad Asharov and Claudio Orlandi. 2012. Calling Out Cheaters: Covert Security with Public Verifiability. In ASIACRYPT 2012 (LNCS), Xiaoyun Wang and Kazue Sako (Eds.), Vol. 7658. Springer, 681--698. https://doi.org/10.1007/978-3-642-34961-4_41 Google ScholarDigital Library
- Donald Beaver, Silvio Micali, and Phillip Rogaway. 1990. The Round Complexity of Secure Protocols (Extended Abstract). In STOC 1990. ACM Press, 503--513.Google ScholarDigital Library
- Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. 2012. Foundations of garbled circuits, See [60], 784--796.Google ScholarDigital Library
- Joan Boyar and Rene Peralta. 2009. New logic minimization techniques with applications to cryptology. Cryptology ePrint Archive, Report 2009/191. (2009). http://eprint.iacr.org/2009/191Google Scholar
- Luís T. A. N. Brandão. 2013. Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique - (Extended Abstract). In ASIACRYPT 2013, Part II (LNCS), Kazue Sako and Palash Sarkar (Eds.), Vol. 8270. Springer, 441--463. https://doi.org/10.1007/978-3-642-42045-0_23Google ScholarCross Ref
- Ran Canetti. 2001. Universally Composable Security: A New Paradigm for Cryptographic Protocols. In FOCS 2001. IEEE Computer Society Press, 136--145. Google ScholarCross Ref
- Ran Canetti and Juan A. Garay (Eds.). 2013. CRYPTO 2013, Part II. LNCS, Vol. 8043. Springer.Google Scholar
- Ignacio Cascudo, Ivan Damgård, Bernardo David, Nico Döttling, and Jesper Buus Nielsen. 2016. Rate-1, Linear Time and Additively Homomorphic UC Commitments. In CRYPTO 2016, Part III (LNCS), Matthew Robshaw and Jonathan Katz (Eds.), Vol. 9816. Springer, 179--207. https://doi.org/10.1007/978-3-662-53015-3_7 Google ScholarDigital Library
- Seung Geol Choi, Jonathan Katz, Ranjit Kumaresan, and Hong-Sheng Zhou. 2012. On the Security of the "Free-XOR" Technique. In TCC 2012 (LNCS), Ronald Cramer (Ed.), Vol. 7194. Springer, 39--53. Google ScholarDigital Library
- Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. https://doi.org/10.100/978-3-662-04722-4Google Scholar
- Tore Kasper Frederiksen, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Peter Sebastian Nordholt, and Claudio Orlandi. 2013. MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions. In EUROCRYPT 2013 (LNCS), Thomas Johansson and Phong Q. Nguyen (Eds.), Vol. 7881. Springer, 537--556. https://doi.org/10.1007/978-3-642-38348-9_32 Google ScholarCross Ref
- Tore Kasper Frederiksen, Thomas P. Jakobsen, Jesper Buus Nielsen, and Roberto Trifiletti. 2015. TinyLEGO: An Interactive Garbling Scheme for Maliciously Secure Two-Party Computation. Cryptology ePrint Archive, Report 2015/309. (2015). http://eprint.iacr.org/2015/309Google Scholar
- Tore Kasper Frederiksen, Thomas P. Jakobsen, Jesper Buus Nielsen, and Roberto Trifiletti. 2016. On the Complexity of Additively Homomorphic UC Commitments. In TCC 2016-A, Part I (LNCS), Eyal Kushilevitz and Tal Malkin (Eds.), Vol. 9562. Springer, 542--565. https://doi.org/10.1007/978-3-662-49096-9_23 Google ScholarDigital Library
- Tore Kasper Frederiksen and Jesper Buus Nielsen. 2013. Fast and Maliciously Secure Two-Party Computation Using the GPU. In ACNS 2013 (LNCS), Michael J. Jacobson Jr., Michael E. Locasto, Payman Mohassel, and Reihaneh Safavi-Naini (Eds.), Vol. 7954. Springer, 339--356. https://doi.org/10.1007/978-3-642-38980-1_21 Google ScholarDigital Library
- Juan A. Garay and Rosario Gennaro (Eds.). 2014. CRYPTO 2014, Part II. LNCS, Vol. 8617. Springer.Google Scholar
- Oded Goldreich, Silvio Micali, and Avi Wigderson. 1987. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In STOC 1987, Alfred Aho (Ed.). ACM Press, 218--229.Google ScholarDigital Library
- Vipul Goyal, Payman Mohassel, and Adam Smith. 2008. Efficient Two Party and Multi Party Computation Against Covert Adversaries. In EUROCRYPT 2008 (LNCS), Nigel P. Smart (Ed.), Vol. 4965. Springer, 289--306. Google ScholarCross Ref
- Adam Groce, Alex Ledger, Alex J. Malozemoff, and Arkady Yerukhimovich. 2016. CompGC: Efficient Offline/Online Semi-honest Two-party Computation. Cryptology ePrint Archive, Report 2016/458. (2016). http://eprint.iacr.org/2016/458Google Scholar
- Andreas Holzer, Martin Franz, Stefan Katzenbeisser, and Helmut Veith. 2012. Secure two-party computations in ANSI C, See [60], 772--783.Google Scholar
- Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 2011. Faster Secure Two-Party Computation Using Garbled Circuits. In USENIX Security 2011. USENIX Association.Google ScholarDigital Library
- Yan Huang, Jonathan Katz, and David Evans. 2013. Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose, See [9], 18--35. https://doi.org/10.1007/978-3-642-40084-1_2Google Scholar
- Yan Huang, Jonathan Katz, Vladimir Kolesnikov, Ranjit Kumaresan, and Alex J. Malozemoff. 2014. Amortizing Garbled Circuits, See [17], 458--475. https://doi.org/10.1007/978-3-662-44381-1_26Google Scholar
- Nathaniel Husted, Steven Myers, abhi shelat, and Paul Grubbs. 2013. GPU and CPU parallelization of honest-but-curious secure two-party computation. In ACSAC 2013, Charles N. Payne Jr. (Ed.). ACM, 169--178. https://doi.org/10.1145/2523649.2523681Google ScholarDigital Library
- Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2015. Actively Secure OT Extension with Optimal Overhead. In CRYPTO 2015, Part I (LNCS), Rosario Gennaro and Matthew J. B. Robshaw (Eds.), Vol. 9215. Springer, 724--741. https://doi.org/10.1007/978-3-662-47989-6_35 Google ScholarCross Ref
- Vladimir Kolesnikov and Alex J. Malozemoff. 2015. Public Verifiability in the Covert Model (Almost) for Free. In ASIACRYPT 2015, Part II (LNCS), Tetsu Iwata and Jung Hee Cheon (Eds.), Vol. 9453. Springer, 210--235. https://doi.org/10.1007/ 978-3-662-48800-3_9Google Scholar
- Vladimir Kolesnikov, Payman Mohassel, Ben Riva, and Mike Rosulek. 2015. Richer Efficiency/Security Trade-offs in 2PC. In TCC 2015, Part I (LNCS), Yevgeniy Dodis and Jesper Buus Nielsen (Eds.), Vol. 9014. Springer, 229--259. https://doi.org/10. 1007/978-3-662-46494-6_11Google ScholarCross Ref
- Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, and Roberto Trifiletti. 2017. DUPLO: Unifying Cut-and-Choose for Garbled Circuits. Cryptology ePrint Archive, Report 2017/344. (2017). http://eprint.iacr.org/2017/344.Google Scholar
- Vladimir Kolesnikov and Thomas Schneider. 2008. Improved Garbled Circuit: Free XOR Gates and Applications. In ICALP 2008, Part II (LNCS), Luca Aceto, Ivan Damgård, Leslie Ann Goldberg, Magnús M. Halldórsson, Anna Ingólfsdóttir, and Igor Walukiewicz (Eds.), Vol. 5126. Springer, 486--498. Google ScholarDigital Library
- Benjamin Kreuter, abhi shelat, and Chih-Hao Shen. 2012. Billion-Gate Secure Computation with Malicious Adversaries. In USENIX Security 2012. USENIX Association.Google Scholar
- Yehuda Lindell. 2013. Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries, See [9], 1--17. https://doi.org/10.1007/978-3-642-40084-1_1Google Scholar
- Yehuda Lindell and Benny Pinkas. 2007. An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries. In EUROCRYPT 2007 (LNCS), Moni Naor (Ed.), Vol. 4515. Springer, 52--78. Google ScholarDigital Library
- Yehuda Lindell and Benny Pinkas. 2011. Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer. In TCC 2011 (LNCS), Yuval Ishai (Ed.), Vol. 6597. Springer, 329--346. Google ScholarCross Ref
- Yehuda Lindell, Benny Pinkas, and Nigel P. Smart. 2008. Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries. In SCN 2008 (LNCS), Rafail Ostrovsky, Roberto De Prisco, and Ivan Visconti (Eds.), Vol. 5229. Springer, 2--20. Google ScholarDigital Library
- Yehuda Lindell and Ben Riva. 2014. Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings, See [17], 476--494. https://doi.org/10.1007/978-3-662-44381-1_27Google Scholar
- Yehuda Lindell and Ben Riva. 2015. Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries. In ACM CCS 2015, Indrajit Ray, Ninghui Li, and Christopher Kruegel: (Eds.). ACM Press, 579--590.Google ScholarDigital Library
- C. Liu, X. S. Wang, K. Nayak, Y. Huang, and E. Shi. 2015. ObliVM: A Programming Framework for Secure Computation. In 2015 IEEE Symposium on Security and Privacy. 359--376. https://doi.org/10.1109/SP.2015.29Google Scholar
- Dahlia Malkhi, Noam Nisan, Benny Pinkas, and Yaron Sella. 2004. Fairplay--a Secure Two-party Computation System. In USENIX Security 2004. USENIX Association.Google ScholarDigital Library
- Payman Mohassel and Matthew Franklin. 2006. Efficiency Tradeoffs for Malicious Two-Party Computation. In PKC 2006 (LNCS), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), Vol. 3958. Springer, 458--473. Google ScholarDigital Library
- Payman Mohassel and Ben Riva. 2013. Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation, See [9], 36--53. https://doi.org/10.1007/978-3-642-40084-1_3Google Scholar
- Benjamin Mood, Debayan Gupta, Kevin R. B. Butler, and Joan Feigenbaum. 2014. Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values. In ACM CCS 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li(Eds.). ACM Press, 582--596. Google ScholarDigital Library
- B. Mood, D. Gupta, H. Carter, K. Butler, and P. Traynor. 2016. Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P). 112--127. https://doi.org/10.1109/EuroSP.2016.20Google ScholarCross Ref
- Jesper Buus Nielsen and Claudio Orlandi. 2009. LEGO for Two-Party Secure Computation. In TCC 2009 (LNCS), Omer Reingold (Ed.), Vol. 5444. Springer, 368--386. Google ScholarDigital Library
- Jesper Buus Nielsen and Samuel Ranellucci. 2016. Reactive Garbling: Foundation, Instantiation, Application. In ASIACRYPT 2016, Part II (LNCS). Springer, 1022--1052. https://doi.org/10.1007/978-3-662-53890-6_34 Google ScholarDigital Library
- Jesper Buus Nielsen, Thomas Schneider, and Roberto Trifiletti. 2017. Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO. In 24. Annual Network and Distributed System Security Symposium (NDSS'17). The Internet Society.Google Scholar
- Benny Pinkas, Thomas Schneider, Nigel P. Smart, and Stephen C. Williams. 2009. Secure Two-Party Computation Is Practical. In ASIACRYPT 2009 (LNCS), Mitsuru Matsui (Ed.), Vol. 5912. Springer, 250--267. Google ScholarDigital Library
- Peter Rindal. 2017. libOTe: an efficient, portable, and easy to use Oblivious Transfer Library. https://github.com/osu-crypto/libOTe. (2017).Google Scholar
- Peter Rindal and Mike Rosulek. 2016. Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution. In USENIX Security 2016. USENIX Association.Google Scholar
- Peter Rindal and Roberto Trifiletti. 2017. SplitCommit: Implementing and Analyzing Homomorphic UC Commitments. Cryptology ePrint Archive, Report 2017/407. (2017). http://eprint.iacr.org/2017/407Google Scholar
- abhi shelat and Chih-Hao Shen. 2011. Two-Output Secure Computation with Malicious Adversaries. In EUROCRYPT 2011 (LNCS), Kenneth G. Paterson (Ed.), Vol. 6632. Springer, 386--405.Google Scholar
- abhi shelat and Chih-Hao Shen. 2013. Fast two-party secure computation with minimal assumptions. In ACM CCS 2013, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM Press, 523--534.Google Scholar
- Nigel Smart and Stefan Tillich. 2017. Circuits of Basic Functions Suitable For MPC and FHE. (2017). http://www.cs.bris.ac.uk/Research/CryptographySecurity/MPC/Google Scholar
- Ebrahim M. Songhori, Siam U. Hussain, Ahmad-Reza Sadeghi, Thomas Schneider, and Farinaz Koushanfar. 2015. TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits. In 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 411--428. https://doi.org/10.1109/SP.2015.32Google Scholar
- Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2017. Faster Secure Two-Party Computation in the Single-Execution Setting. In EUROCRYPT 2017 (LNCS), Jean-Sébastien Coron and Jesper Buus Nielsen (Eds.), Vol. 10212. 399--424. https://doi.org/10.1007/978-3-319-56617-7_14Google Scholar
- Xiao Wang, Samuel Ranellucci, and Jonathan Katz. 2017. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation. Cryptology ePrint Archive, Report 2017/030. (2017). http://eprint.iacr.org/2017/030.Google Scholar
- Xiao Wang, Samuel Ranellucci, and Jonathan Katz. 2017. Global-Scale Secure Multiparty Computation. Cryptology ePrint Archive, Report 2017/189. (2017). http://eprint.iacr.org/2017/189.Google Scholar
- Xiao Shaun Wang, S. Dov Gordon, Allen McIntosh, and Jonathan Katz. 2016. Secure Computation of MIPS Machine Code. In ESORICS 2016, Part II (LNCS). Springer, 99--117. https://doi.org/10.1007/978-3-319-45741-3_6 Google ScholarCross Ref
- Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets (Extended Abstract). In FOCS 1986. IEEE Computer Society Press, 162--167.Google Scholar
- Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). 2012. ACM CCS 2012. ACM Press.Google Scholar
- Samee Zahur and David Evans. 2015. Obliv-C: A Language for Extensible Data-Oblivious Computation. Cryptology ePrint Archive, Report 2015/1153. (2015). http://eprint.iacr.org/2015/1153Google Scholar
- Samee Zahur, Mike Rosulek, and David Evans. 2015. Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates. In EUROCRYPT 2015, Part II (LNCS), Elisabeth Oswald and Marc Fischlin (Eds.), Vol. 9057. Springer, 220--250. https://doi.org/10.1007/978-3-662-46803-6_8Google Scholar
- Ruiyu Zhu and Yan Huang. 2017. Faster LEGO-based Secure Computation without Homomorphic Commitments. Cryptology ePrint Archive, Report 2017/226. (2017). http://eprint.iacr.org/2017/226Google Scholar
Index Terms
- DUPLO: Unifying Cut-and-Choose for Garbled Circuits
Recommendations
High-Throughput Secure Three-Party Computation with an Honest Majority
AbstractIn the setting of secure multiparty computation, a set of parties wish to carry out a joint computation of their inputs while keeping them private. In this paper, we describe new information-theoretic protocols for secure three-party computation ...
Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries
In the setting of secure two-party computation, two parties wish to securely compute a joint function of their private inputs, while revealing only the output. One of the primary techniques for achieving efficient secure two-party computation is that of ...
Efficient Constant-Round Multi-party Computation Combining BMR and SPDZ
Recently, there has been huge progress in the field of concretely efficient secure computation, even while providing security in the presence of malicious adversaries. This is especially the case in the two-party setting, where constant-round protocols ...
Comments