A comparative survey of SecureMultiparty Computation Frameworks
Seminar Talk
Benjamin Assadsolimani
http://comsys.rwth-aachen.de Aachen, 15.07.2015
Outline
1 Introduction
2 Approaches to SMPC
3 Frameworks
4 Comparison
5 Conclusion
Benjamin Assadsolimani 2
Motivation
There is a variety of frameworks for SMPC
Developer needs to decide which one is suited best
Comparison of 4 selected frameworks regarding:
underlying assumptionsfeaturesperformance
Benjamin Assadsolimani 3
Secure Multiparty Computation
Secure Multiparty Computation (SMPC) allows mutuallydistrusting parties to cooperatively compute over their private data.
A B C
P1 P2 P3
F(A, B, C)
o
Benjamin Assadsolimani 4
Scheduling Application
Three business men want to schedule a meeting.They perform a Set Intersection (SI) of their available days
{Mo, Tue} {Tue, Thu} {Tue, Fri}
P1 P2 P3
SI({...},{...},{...})
Tue
Benjamin Assadsolimani 5
Outline
1 Introduction
2 Approaches to SMPC
3 Frameworks
4 Comparison
5 Conclusion
Benjamin Assadsolimani 6
Garbled Circuits
Represent the function by a boolean circuit
Assign random keys to each wire: k0 for 0, k1 for 1
Encrypt each gate such that one can compute the key of theoutput wire from the keys of the input wires
0 1
0 1 0 1
u v w
0 0 0
0 1 0
1 0 0
1 1 1
Benjamin Assadsolimani 6
Garbled Circuits
Represent the function by a boolean circuit
Assign random keys to each wire: k0 for 0, k1 for 1
Encrypt each gate such that one can compute the key of theoutput wire from the keys of the input wires
u v w
k0u k0v k0wk0u k1v k0wk1u k0v k0wk1u k1v k1w
Benjamin Assadsolimani 7
Secret Sharing
Produce n shares of the private variable
Use shares to compute function
Recombine shares to retrieve the result
D
D1 D2 D3
Figure : Divide a secret D into n shares D1, ...,Dn
Benjamin Assadsolimani 8
Protocol Flow
A
B
C
A1, B1, C1
O1
O2
Input parties comp. parties output parties
Pi1
Pi2
Pi3
Pc1
Pc2
Pc3
Po1
Po2
A2, B2, C2
A3, B3, C3
Figure : General SMPC protocol setup using secret sharing
Benjamin Assadsolimani 9
Adversary Models
A1, B1, C1
comp. parties
Pc1
Pc2
Pc3
A2, B2, C2
A3, B3, C3
Passive adversary:
Follows the protocolexecutionAttempts to learn privatedata from the informationavailable
Active adversary:
Behaviour may arbitrarilydeviate from the protocolspecification
Benjamin Assadsolimani 10
Performance Measurement
How does the runtime increase in relation to:
The number of partiesThe size of the input
Garbled Circuits
Number of gates
Depth of the circuit
Secret Sharing
Number of multiplications
Number of rounds
Benjamin Assadsolimani 11
Outline
1 Introduction
2 Approaches to SMPC
3 Frameworks
4 Comparison
5 Conclusion
Benjamin Assadsolimani 12
PICCO
Technique
Source-to-source compilerBased on secret sharing
Features
Support for floating point arithmeticParallelization of loops, arrays and user-specific code blocks
Performance Enhancement
The length of numeric data types can be specifiedReduce round time complexity as much as possible
Benjamin Assadsolimani 12
SEPIA
Technique
SMPC library for privacy preserving network analysisBased on secret sharing
Features
API providing a set of basic SMPC operationsOffers defence mechanisms against malicious behaviour
Performance Enhancement
Reduce number of multiplications at the expense of the roundtime complexityOptimize comparison operations by parallel execution
Benjamin Assadsolimani 13
FairplayMP
Technique
Generic SMPC systemBased on garbled circuits
Features
Extends the Fairplay system to the multiparty caseFunction specific optimizations can be done manually
Performance Enhancement
Protocol executes in a constant number of roundsReduced the gate’s truth table overhead
Benjamin Assadsolimani 14
WYSTERIA
Technique
Functional programming languageBased on garbled circuits
Features
Offers secret sharing on top of garbled circuitsAllows a dynamic number of participants
Performance Enhancement
Allows programmer to define parallel executionsSupports mixed-mode programs
Benjamin Assadsolimani 15
Outline
1 Introduction
2 Approaches to SMPC
3 Frameworks
4 Comparison
5 Conclusion
Benjamin Assadsolimani 16
Runtime Dependency
Frameworks are very similar concerning their scalability
Framework Number of parties Input size
FairplayMP close to quadratic linearWYSTERIA linear linearPICCO slightly higher than linear linearSEPIA linear linear
Table : Runtime Dependencies
Benjamin Assadsolimani 16
Performance Comparison
SEPIA has a slight performance edge over PICCO while bothoutperform FairplayMP
Framework Parties Input Size Hardware Setup Runtime
FairplayMP 5 32 Bit 1Gb/s LAN 1.6 Mult./s2.3 Equals/s
SEPIA 5 32 Bit 1Gb/s LAN 82730 Mult./s2070 Equals/s
PICCO 3 33 Bit 1Gb/s LAN 70250 Mult./s
Table : Performance of basic SMPC operations
Benjamin Assadsolimani 17
Outline
1 Introduction
2 Approaches to SMPC
3 Frameworks
4 Comparison
5 Conclusion
Benjamin Assadsolimani 18
Conclusion
Efficiency of a framework heavily depends on the use-casescenario:
input sizenumber of partiescomplexity of the functionmachine/ network quality
programmer has to choose the suitable framework dependingon those parameters
Benjamin Assadsolimani 18
Thank you for your attention.
Make sure to like, follow, subscribe and share:
Insta
Benjamin Assadsolimani 19