click to edit master title style framework for realizing efficient secure computations an...
TRANSCRIPT
Click to edit Master title style
Framework for Realizing Efficient Secure Computations
An introduction to FRESCO
Janus Dam Nielsen, ph.d
Research and Innovation Scientist
The Alexandra Institute
Joint work with the Cryptography and Security group at the University of Aarhus
Click to edit Master title style
• Non-profit application oriented research institution – focus on IT
• 5 labs including IT-Security• 100+ employees
About ”Alexandra Instituttet A/S”
R&D• Researchers• Providers• Users
generating
Commercial• Development• Consultancy• Ideation• Networks• Dissemination
inspiration
5th of June, 2012 Page 2
Click to edit Master title style
5th of June, 2012 Page 3
• Secure Computations– MPC protocols– Applications which use MPC protocols
• E.g. auctions, databases, games, benchmarking, etc.
• Efficient – Efficient implementations of MPC protocols and application
• Framework– A reusable set of libraries used to implement secure computations
• FRESCO is written in Java
A Framework for Realizing Efficient Secure Computations
Click to edit Master title style
5th of June, 2012 Page 4
• Implement protocol independent applications• Reuse MPC protocol implementations• Reuse scaffold infrastructure• Reuse network communication strategies• Fair comparison
– Applications, protocols, network
• Make it easier to utilize MPC• Share knowledge• Does not require as much effort as a domain specific
language
Why do we need a framework
Click to edit Master title style
Page 5
• Use all available cores
• Utilization of the cores
Ressource challenges for MPC applications
• Write time• Latency• Number of writes
• Use cache and RAM
• No swapping
CPU NetworkMemory
5th of June, 2012
Click to edit Master title style
5th of June, 2012 Page 6
FRESCO and CPU utilisation
Parallel
A circuit of gates
Level 1
Level 2
Level 3
Level 4Ready gate
Click to edit Master title style
Page 7
What is a gate?
• A number of input wires• One output wire• A gate can be evaluated, but only when input
is ready• Only one round of communication
– It is a unit of work– Uniform, fits most use cases
• Evaluated twice: before sending and after receiving data
5th of June, 2012
Click to edit Master title style
Page 9
FRESCO and network utilisation - 1
InputOutput
5th of June, 2012
Click to edit Master title style
Page 10
FRESCO and network utilisation - 2
InputOutput
1 2 3
123
5th of June, 2012
Click to edit Master title style
5th of June, 2012 Page 11
The Architecture of FRESCO
Program
Gate
Evaluator
Network
Output
Evaluate
Send
Receive
Fetch
Click to edit Master title style
Page 13
The Evaluator is in control
Evaluate
Send
Receive
Fetch
5th of June, 2012
Click to edit Master title style
Page 14
Consequences
Better resource utilisation
Wiring a circuit is tedious
5th of June, 2012
Click to edit Master title style
Page 15
• Application programmers care about– 8, 16, 32, or 64 bit integers– Booleans– Bits– Open or closed values
• Protocol implementers provides circuits for operations on these types– Addition– Multiplication– xor– Etc.
Application Programmer Interface
5th of June, 2012
Click to edit Master title style
Page 16
• Better suite the level of abstraction of the application programmer
• Reuse code
Circuits should be plugable
5th of June, 2012
BinaryCircuit add = provider.getAddCircuit(x, y, sum);BinaryCircuit mult = provider.getMultCircuit(sum, z, mult);OpenInt open = provider.getOpenCircuit(mult, o);evaluator.eval(add, mult, open);System.out.println(”Result: ” + o);
Click to edit Master title style
5th of June, 2012 Page 17
• Implemented following protocols– Passively secure shamir VSS [Gennaro, Rabin, Rabin. ”Simplified VSS and Fast-track
Multiparty Computations with Applications to Threshold Cryptography”]
– SHE [Bendlin, Damgård, Orlandi, Zakarias. ”Semi-homomorphic Encryption and Multiparty Computation”]
– SPZ [Damgård, Pastro, Smart, Zakarias. ”Multipary Computation from Somewhat homomorphic encryption”]
– TinyOT [Nielsen, Nordholt, Orlandi, Burra. ”A New Approach to Practical Active-Secure Two-Party Computation”]
– Kaka [Katz, Malka. ”Constant Round Private Function Evaluation”]
Practical Experiences
Click to edit Master title style
5th of June, 2012 Page 18
• Implemented the protocol by Gennaro, Rabin, and Rabin once
• Implemented three different strategies for the network and evaluator– Sequential network– Parallel network using Netty (framework for asynchronous
communication)– Parallel network using two dedicated threads at each client, one
for sending and one for receiving data
Using FRESCO for Exploration
Got a factor of 20 speedup between the first and the third
Click to edit Master title style
5th of June, 2012 Page 19
Some numbers
Multiplications [GRR], 1GHz dual core Opteron, 2mb cache, 2 Gb RAM
VIFF
• 1 KHz
FRESCO
• 50 KHz
C64
• 1 MHz