Click to edit Master title style

Framework for Realizing Efficient Secure Computations

An introduction to FRESCO

Janus Dam Nielsen, ph.d

Research and Innovation Scientist

The Alexandra Institute

Joint work with the Cryptography and Security group at the University of Aarhus

Click to edit Master title style

• Non-profit application oriented research institution – focus on IT

• 5 labs including IT-Security• 100+ employees

About ”Alexandra Instituttet A/S”

R&D• Researchers• Providers• Users

generating

Commercial• Development• Consultancy• Ideation• Networks• Dissemination

inspiration

5th of June, 2012 Page 2

Click to edit Master title style

5th of June, 2012 Page 3

• Secure Computations– MPC protocols– Applications which use MPC protocols

• E.g. auctions, databases, games, benchmarking, etc.

• Efficient – Efficient implementations of MPC protocols and application

• Framework– A reusable set of libraries used to implement secure computations

• FRESCO is written in Java

A Framework for Realizing Efficient Secure Computations

Click to edit Master title style

5th of June, 2012 Page 4

• Implement protocol independent applications• Reuse MPC protocol implementations• Reuse scaffold infrastructure• Reuse network communication strategies• Fair comparison

– Applications, protocols, network

• Make it easier to utilize MPC• Share knowledge• Does not require as much effort as a domain specific

language

Why do we need a framework

Click to edit Master title style

Page 5

• Use all available cores

• Utilization of the cores

Ressource challenges for MPC applications

• Write time• Latency• Number of writes

• Use cache and RAM

• No swapping

CPU NetworkMemory

5th of June, 2012

Click to edit Master title style

5th of June, 2012 Page 6

FRESCO and CPU utilisation

Parallel

A circuit of gates

Level 1

Level 2

Level 3

Level 4Ready gate

Click to edit Master title style

Page 7

What is a gate?

• A number of input wires• One output wire• A gate can be evaluated, but only when input

is ready• Only one round of communication

– It is a unit of work– Uniform, fits most use cases

• Evaluated twice: before sending and after receiving data

5th of June, 2012

Click to edit Master title style

5th of June, 2012 Page 8

FRESCO and memory utilisation

Click to edit Master title style

Page 9

FRESCO and network utilisation - 1

InputOutput

5th of June, 2012

Click to edit Master title style

Page 10

FRESCO and network utilisation - 2

InputOutput

1 2 3

123

5th of June, 2012

Click to edit Master title style

5th of June, 2012 Page 11

The Architecture of FRESCO

Program

Gate

Evaluator

Network

Output

Evaluate

Send

Receive

Fetch

Click to edit Master title style

Page 12

Who is in control?

Framework

5th of June, 2012

Click to edit Master title style

Page 13

The Evaluator is in control

Evaluate

Send

Receive

Fetch

5th of June, 2012

Click to edit Master title style

Page 14

Consequences

Better resource utilisation

Wiring a circuit is tedious

5th of June, 2012

Click to edit Master title style

Page 15

• Application programmers care about– 8, 16, 32, or 64 bit integers– Booleans– Bits– Open or closed values

• Protocol implementers provides circuits for operations on these types– Addition– Multiplication– xor– Etc.

Application Programmer Interface

5th of June, 2012

Click to edit Master title style

Page 16

• Better suite the level of abstraction of the application programmer

• Reuse code

Circuits should be plugable

5th of June, 2012

BinaryCircuit add = provider.getAddCircuit(x, y, sum);BinaryCircuit mult = provider.getMultCircuit(sum, z, mult);OpenInt open = provider.getOpenCircuit(mult, o);evaluator.eval(add, mult, open);System.out.println(”Result: ” + o);

Click to edit Master title style

5th of June, 2012 Page 17

• Implemented following protocols– Passively secure shamir VSS [Gennaro, Rabin, Rabin. ”Simplified VSS and Fast-track

Multiparty Computations with Applications to Threshold Cryptography”]

– SHE [Bendlin, Damgård, Orlandi, Zakarias. ”Semi-homomorphic Encryption and Multiparty Computation”]

– SPZ [Damgård, Pastro, Smart, Zakarias. ”Multipary Computation from Somewhat homomorphic encryption”]

– TinyOT [Nielsen, Nordholt, Orlandi, Burra. ”A New Approach to Practical Active-Secure Two-Party Computation”]

– Kaka [Katz, Malka. ”Constant Round Private Function Evaluation”]

Practical Experiences

Click to edit Master title style

5th of June, 2012 Page 18

• Implemented the protocol by Gennaro, Rabin, and Rabin once

• Implemented three different strategies for the network and evaluator– Sequential network– Parallel network using Netty (framework for asynchronous

communication)– Parallel network using two dedicated threads at each client, one

for sending and one for receiving data

Using FRESCO for Exploration

Got a factor of 20 speedup between the first and the third

Click to edit Master title style

5th of June, 2012 Page 19

Some numbers

Multiplications [GRR], 1GHz dual core Opteron, 2mb cache, 2 Gb RAM

VIFF

• 1 KHz

FRESCO

• 50 KHz

C64

• 1 MHz

Click to edit Master title style

5th of June, 2012 Page 20

Thank you

Questions?