Brandon Broadnax,Alexander Koch,Jeremias Mechler,Tobias Müller,Jörn Müller-Quade,Matthias Nagel

DOI: https://doi.org/10.2478/popets-2021-0072

2021-07-23

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract In practice, there are numerous settings where mutually distrusting parties need to perform distributed computations on their private inputs. For instance, participants in a first-price sealed-bid online auction do not want their bids to be disclosed. This problem can be addressed using secure multi-party computation (MPC), where parties can evaluate a publicly known function on their private inputs by executing a specific protocol that only reveals the correct output, but nothing else about the private inputs. Such distributed computations performed over the Internet are susceptible to remote hacks that may take place during the computation. As a consequence, sensitive data such as private bids may leak. All existing MPC protocols do not provide any protection against the consequences of such remote hacks. We present the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking. More specifically, unless the remote hack takes place before the party received its input or all parties are corrupted, a hacker is unable to learn the parties’ inputs and outputs, and is also unable to modify them. We achieve these strong (privacy) guarantees by utilizing the fact that in practice parties may not be susceptible to remote attacks at every point in time, but only while they are online, i.e. able to receive messages. To this end, we model communication via explicit channels. In particular, we introduce channels with an airgap switch (disconnect-able by the party in control of the switch), and unidirectional data diodes . These channels and their isolation properties, together with very few, similarly simple and plausibly remotely unhackable hardware modules serve as the main ingredient for attaining such strong security guarantees. In order to formalize these strong guarantees, we propose the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework.

Christopher Harth-Kitzerow,Ajith Suresh,Yonqing Wang,Hossein Yalame,Georg Carle,Murali Annavaram

2024-06-29

Abstract:In this work, we present novel protocols over rings for semi-honest secure three-party computation (3PC) and malicious four-party computation (4PC) with one corruption. While most existing works focus on improving total communication complexity, challenges such as network heterogeneity and computational complexity, which impact MPC performance in practice, remain underexplored. Our protocols address these issues by tolerating multiple arbitrarily weak network links between parties without any substantial decrease in performance. Additionally, they significantly reduce computational complexity by requiring up to half the number of basic instructions per gate compared to related work. These improvements lead to up to twice the throughput of state-of-the-art protocols in homogeneous network settings and even larger performance improvements in heterogeneous settings. These advantages come at no additional cost: Our protocols maintain the best-known total communication complexity per multiplication, requiring 3 elements for 3PC and 5 elements for 4PC. We implemented our protocols alongside several state-of-the-art protocols (Replicated 3PC, ASTRA, Fantastic Four, Tetrad) in a novel open-source C++ framework optimized for high throughput. Five out of six implemented 3PC and 4PC protocols achieve more than one billion 32-bit multiplications or over 32 billion AND gates per second using our implementation in a 25 Gbit/s LAN environment. This represents the highest throughput achieved in 3PC and 4PC so far, outperforming existing frameworks like MP-SPDZ, ABY3, MPyC, and MOTION by two to three orders of magnitude.

Cryptography and Security

Qian Ren,Yingjun Wu,Han Liu,Yue Li,Anne Victor,Hong Lei,Lei Wang,Bangdao Chen

DOI: https://doi.org/10.48550/arXiv.2106.13926

2023-02-11

Abstract:In recent years, the confidentiality of smart contracts has become a fundamental requirement for practical applications. While many efforts have been made to develop architectural capabilities for enforcing confidential smart contracts, a few works arise to extend confidential smart contracts to Multi-Party Computation (MPC), i.e., multiple parties jointly evaluate a transaction off-chain and commit the outputs on-chain without revealing their secret inputs/outputs to each other. However, existing solutions lack public verifiability and require O(n) transactions to enable negotiation or resist adversaries, thus suffering from inefficiency and compromised security. In this paper, we propose Cloak, a framework for enabling Multi-Party Transaction (MPT) on existing blockchains. An MPT refers to transitioning blockchain states by an publicly verifiable off-chain MPC. We identify and handle the challenges of securing MPT by harmonizing TEE and blockchain. Consequently, Cloak secures the off-chain nondeterministic negotiation process (a party joins an MPT without knowing identities or the total number of parties until the MPT proposal settles), achieves public verifiability (the public can validate that the MPT correctly handles the secret inputs/outputs from multiple parties and reads/writes states on-chain), and resists Byzantine adversaries. According to our proof, Cloak achieves better security with only 2 transactions, superior to previous works that achieve compromised security at O(n) transactions cost. By evaluating examples and real-world MPTs, the gas cost of Cloak reduces by 32.4% on average.

Cryptography and Security

Ananya Appan,Anirudh Chandramouli,Ashish Choudhury

DOI: https://doi.org/10.1109/tit.2023.3264444

IF: 2.5

2023-01-01

IEEE Transactions on Information Theory

Abstract:Secure multi-party computation (MPC) is a fundamental problem in secure distributed computing. An MPC protocol allows a set of n mutually distrusting parties to carry out any joint computation of their private inputs, without disclosing any additional information about their inputs. MPC with information-theoretic security (also called unconditional security) provides the strongest security guarantees and remains secure even against computationally unbounded adversaries. Perfectly-secure MPC protocols are a class of information-theoretically secure MPC protocols, which provide all the security guarantees in an error-free fashion. The focus of this work is perfectly-secure MPC. Known protocols are designed assuming either a synchronous or asynchronous communication network. It is well known that perfectly-secure synchronous MPC is possible as long as the adversary can corrupt any ts < n/3 parties. On the other hand, perfectly-secure asynchronous MPC protocols can tolerate up to ta < n/4 corrupt parties. A natural question is does there exist a single MPC protocol for the setting where the parties are not aware of the exact network type and which can tolerate up to ts < n/3 corruptions in a synchronous network and up to ta < n/4 corruptions in an asynchronous network. We design such a best-of-both-worlds perfectly-secure MPC protocol, provided 3ts + ta < n holds. For designing our protocol, we design two important building blocks which are of independent interest. The first building block is a best-of-both-worlds Byzantine agreement (BA) protocol tolerating t < n/3 corruptions which remains secure both in a synchronous as well as asynchronous network. The second building block is a polynomial-based best-of-both-worlds verifiable secret-sharing (VSS) protocol, which can tolerate up to ts and ta corruptions in a synchronous and in an asynchronous network respectively.

computer science, information systems,engineering, electrical & electronic

Nishat Koti,Shravani Patil,Arpita Patra,Ajith Suresh

DOI: https://doi.org/10.48550/arXiv.2206.12224

2022-06-24

Abstract:The growing volumes of data being collected and its analysis to provide better services are creating worries about digital privacy. To address privacy concerns and give practical solutions, the literature has relied on secure multiparty computation. However, recent research has mostly focused on the small-party honest-majority setting of up to four parties, noting efficiency concerns. In this work, we extend the strategies to support a larger number of participants in an honest-majority setting with efficiency at the center stage. Cast in the preprocessing paradigm, our semi-honest protocol improves the online complexity of the decade-old state-of-the-art protocol of Damgård and Nielson (CRYPTO'07). In addition to having an improved online communication cost, we can shut down almost half of the parties in the online phase, thereby saving up to 50% in the system's operational costs. Our maliciously secure protocol also enjoys similar benefits and requires only half of the parties, except for one-time verification, towards the end. To showcase the practicality of the designed protocols, we benchmark popular applications such as deep neural networks, graph neural networks, genome sequence matching, and biometric matching using prototype implementations. Our improved protocols aid in bringing up to 60-80% savings in monetary cost over prior work.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory,Machine Learning

Ananya Appan,Anirudh Chandramouli,Ashish Choudhury

DOI: https://doi.org/10.48550/arXiv.2205.13169

2022-05-26

Cryptography and Security

Abstract:In this paper, we design secure multi-party computation (MPC) protocols in the asynchronous communication setting with optimal resilience. Our protocols are secure against a computationally-unbounded malicious adversary, characterized by an adversary structure $\mathcal{Z}$, which enumerates all possible subsets of potentially corrupt parties. Our protocols incur a communication of $\mathcal{O}(|\mathcal{Z}|^2)$ and $\mathcal{O}(|\mathcal{Z}|)$ bits per multiplication for perfect and statistical security respectively. These are the first protocols with this communication complexity, as such protocols were known only in the synchronous communication setting (Hirt and Tschudi, ASIACRYPT 2013).

Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-24316-5_6

2011-01-01

Abstract:During an adaptive oblivious transfer (OT), a sender has n private documents, and a receiver can adaptively fetch k documents from them such that the sender learns nothing about the receiver’s selection and the receiver learns nothing more than those k documents. Most recent fully simulatable adaptive OT schemes are based on so-called “assisted decryption” or “blind decryption”. In this paper, we revisit another technique, “blind permute-decryption”, for designing adaptive OT. We propose an efficient generic fully simulatable oblivious transfer framework with statistical receiver’s privacy that based on “blind permute-decryption” together with three concrete installations. The first one is based on Elgamal, so the corresponding OT is secure under classical DDH assumption. The second one is based on Paillier, so the corresponding OT is secure under Decisional n-th Residuosity assumption. Besides, we introduce an extended zero-knowledge proof framework with several applications.

Kemal Akkaya,Soamar Homsi,Oscar G. Bautista

DOI: https://doi.org/10.1109/LCN52139.2021.9524971

2021-10-04

Abstract:With the increasing interest in Secure Multi-Party Computation protocols (MPC), there have been several works such as the SPDZ1 protocol that tackled this problem under a malicious security with dishonest majority attack model. However, most of these MPC efforts assume that the nodes running the computations are also supplying the inputs, which is not a realistic assumption for many real-life applications. In this paper, we extend the SPDZ protocol to enable clients outsource data and computation to the clouds while ensuring the correctness of the results, in addition to integrity and confidentiality of the input and output. We guarantee that the computation among nodes is done correctly by verifying their output’s Message Authentication Codes (MACs) at the end. Specifically, we delegate this task to an honest server. Our approach strives to minimize the burden on clients while enabling cheating detection even when assuming a malicious attack model with dishonest majority.

Engineering,Computer Science

Helene Haagh,Aleksandr Karbyshev,Sabine Oechsner,Bas Spitters,Pierre-Yves Strub

DOI: https://doi.org/10.1109/csf.2018.00016

2018-07-01

Abstract:Secure multi-party computation (MPC) is a general cryptographic technique that allows distrusting parties to compute a function of their individual inputs, while only revealing the output of the function. It has found applications in areas such as auctioning, email filtering. and secure teleconference. Given their importance, it is crucial that the protocols are specified and implemented correctly. In the programming language community, it has become good practice to use computer proof assistants to verify correctness proofs. In the field of cryptography, EasyCrypt is the state of the art proof assistant. It provides an embedded language for probabilistic programming, together with a specialized logic, embedded into an ambient general purpose higher-order logic. It allows us to conveniently express cryptographic properties. EasyCrypt has been used successfully on many applications, including public-key encryption, signatures, garbled circuits and differential privacy. Here we show for the first time that it can also be used to prove security of MPC against a malicious adversary. We formalize additive and replicated secret sharing schemes and apply them to Maurer's MPC protocol for secure addition and multiplication. Our method extends to general polynomial functions. We follow the insights from EasyCrypt that security proofs can often be reduced to proofs about program equivalence, a topic that is well understood in the verification of programming languages. In particular, we show that for a class of MPC protocols in the passive case the non-interference-based (NI) definition is equivalent to a standard simulation-based security definition. For the active case, we provide a new non-interference based alternative to the usual simulation-based cryptographic definition that is tailored specifically to our protocol.

Satsuya Ohata,Koji Nuida

DOI: https://doi.org/10.48550/arXiv.1907.03415

2020-01-04

Abstract:Secure multi-party computation (MPC) allows a set of parties to compute a function jointly while keeping their inputs private. Compared with the MPC based on garbled circuits,some recent research results show that MPC based on secret sharing (SS) works at a very high speed. Moreover, SS-based MPC can be easily vectorized and achieve higher throughput. In SS-based MPC, however, we need many communication rounds for computing concrete protocols like equality check, less-than comparison, etc. This property is not suited for large-latency environments like the Internet (or WAN). In this paper, we construct semi-honest secure communication-efficient two-party protocols. The core technique is Beaver triple extension, which is a new tool for treating multi-fan-in gates, and we also show how to use it efficiently. We mainly focus on reducing the number of communication rounds, and our protocols also succeed in reducing the number of communication bits (in most cases). As an example, we propose a less-than comparison protocol (under practical parameters) with three communication rounds. Moreover, the number of communication bits is also $38.4\%$ fewer. As a result, total online execution time is $56.1\%$ shorter than the previous work adopting the same settings. Although the computation costs of our protocols are more expensive than those of previous work, we confirm via experiments that such a disadvantage has small effects on the whole online performance in the typical WAN environments.

Cryptography and Security

J. Mueller-Quade,H. Imai

DOI: https://doi.org/10.48550/arXiv.cs/0101020

2001-06-23

Abstract:With oblivious transfer multiparty protocols become possible even in the presence of a faulty majority. But all known protocols can be aborted by just one disruptor. This paper presents more robust solutions for multiparty protocols with oblivious transfer. This additional robustness against disruptors weakens the security of the protocol and the guarantee that the result is correct. We can observe a trade off between robustness against disruption and security and correctness. We give an application to quantum multiparty protocols. These allow the implementation of oblivious transfer and the protocols of this paper relative to temporary assumptions, i.e., the security increases after the termination of the protocol.

Cryptography and Security

Marc Rivinius,Pascal Reisert,Sebastian Hasler,Ralf Küsters

DOI: https://doi.org/10.56553/popets-2023-0084

2023-07-01

Proceedings on Privacy Enhancing Technologies

Abstract:Machine learning (ML) has seen a strong rise in popularity in recent years and has become an essential tool for research and industrial applications. Given the large amount of high quality data needed and the often sensitive nature of ML data, privacy-preserving collaborative ML is of increasing importance. In this paper, we introduce new actively secure multiparty computation (MPC) protocols which are specially optimized for privacy-preserving machine learning applications. We concentrate on the optimization of (tensor) convolutions which belong to the most commonly used components in ML architectures, especially in convolutional neural networks but also in recurrent neural networks or transformers, and therefore have a major impact on the overall performance. Our approach is based on a generalized form of structured randomness that speeds up convolutions in a fast online phase. The structured randomness is generated with homomorphic encryption using adapted and newly constructed packing methods for convolutions, which might be of independent interest. Overall our protocols extend the state-of-the-art Overdrive family of protocols (Keller et al., EUROCRYPT 2018). We implemented our protocols on-top of MP-SPDZ (Keller, CCS 2020) resulting in a full-featured implementation with support for faster convolutions. Our evaluation shows that our protocols outperform state-of-the-art actively secure MPC protocols on ML tasks like evaluating ResNet50 by a factor of 3 or more. Benchmarks for depthwise convolutions show order-of-magnitude speed-ups compared to existing approaches.

Yibiao Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3322397

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Secure multi-party computation (MPC) provides provable security guarantees for many privacy critical applications. The semi-honest MPC protocols are secure against semi-honest adversaries who can only observe the protocol execution, while the maliciously secure MPC protocols are secure against malicious adversaries who can deviate from the protocol description arbitrarily. Many security sensitive applications tend to use semi-honest MPC protocols because malicious security comes with huge communication and/or computation costs. In this work, we show how to efficiently transform generic semi-honest two-party protocols into maliciously secure multi-party protocol in the server-aided setting. We further propose an optimized constant-round server-aided MPC protocol. The proposed protocols are secure when all but one parties are maliciously corrupted, while the remaining party and the server are corrupted by semi-honest and non-colluding adversaries. We implement and evaluate our constant-round protocol. For the 2-party case, our protocol is only 1.11× slower than the semi-honest Yao's Garbled Circuits protocol, and it is 9.16× faster than the maliciously secure authenticated garbling protocol and 4.96× faster than the state-of-the-art maliciously secure server-aided protocol of Wu et al. For the 8-party case, our protocol is 103.29× faster than the authenticated garbling protocol and 17.03× faster than the protocol of Wu et al.

Josep Domingo-Ferrer,Jesús Manjón

DOI: https://doi.org/10.48550/arXiv.2112.15001

2021-12-30

Abstract:Multiparty computation (MPC) consists in several parties engaging in joint computation in such a way that each party's input and output remain private to that party. Whereas MPC protocols for specific computations have existed since the 1980s, only recently general-purpose compilers have been developed to allow MPC on arbitrary functions. Yet, using today's MPC compilers requires substantial programming effort and skill on the user's side, among other things because nearly all compilers translate the code of the computation into a Boolean or arithmetic circuit. In particular, the circuit representation requires unrolling loops and recursive calls, which forces programmers to (often manually) define loop bounds and hardly use recursion. We present an approach allowing MPC on an arbitrary computation expressed as ordinary code with all functionalities that does not need to be translated into a circuit. Our notion of input and output privacy is predicated on unlinkability. Our method leverages co-utile computation outsourcing using anonymous channels via decentralized reputation, makes a minimalistic use of cryptography and does not require participants to be honest-but-curious: it works as long as participants are rational (self-interested), which may include rationally malicious peers (who become attackers if this is advantageous to them). We present example applications, including e-voting. Our empirical work shows that reputation captures well the behavior of peers and ensures that parties with high reputation obtain correct results.

Cryptography and Security

Yehuda Lindell

Abstract:. Protocols for secure multiparty computation (MPC) enable a set of parties to interact and compute a joint function of their private inputs while revealing nothing but the output. The potential applications for MPC are huge: privacy-preserving auctions, private DNA comparisons, private machine learning, threshold cryptography, and more. Due to this, MPC has been an intensive topic of research in academia ever since it was introduced in the 1980s by Yao for the two-party case (FOCS 1986), and by Goldreich, Micali and Wigderson for the multiparty case (STOC 1987). Recently, MPC has become efficient enough to be used in practice, and has made the transition from an object of theoretical study to a technology being used in industry. In this article, we will review what MPC is, what problems it solves, and how it is being currently used. We note that the examples and references brought in this review article are far from comprehensive, and due to the lack of space many highly relevant works are not cited.

Computer Science

Oscar G. Bautista,Mohammad Hossein Manshaei,Richard Hernandez,Kemal Akkaya,Soamar Homsi,Selcuk Uluagac,Bautista, Oscar G.,Manshaei, Mohammad Hossein,Hernandez, Richard,Akkaya, Kemal,Uluagac, Selcuk

DOI: https://doi.org/10.1007/s10922-023-09739-y

2023-07-22

Journal of Network and Systems Management

Abstract:Secure Multiparty Computation (MPC) offers privacy-preserving computation that could be critical in many health and finance applications. Specifically, two or more parties jointly compute a function on private inputs by following a protocol executed in rounds. The MPC network typically consists of direct peer-to-peer (P2P) connections among parties. However, this significantly increases the computation time as parties need to wait for messages from each other, thus making network communication a bottleneck. Most recent works tried to address the communication efficiency by focusing on optimizing the MPC protocol rather than the underlying network topologies and protocols. In this paper, we propose the MPC over Algorand Blockchain (MPC-ABC) protocol that packs messages into Algorand transactions and utilizes its fast gossip protocol to transmit them efficiently among MPC parties. Our approach, therefore, reduces the delay and complexity associated with the fully connected P2P network while assuring the integrity of broadcasted data. We implemented MPC-ABC and utilized it to outsource the SPDZ (SPDZ—pronounced "Speedz"—is the nickname of the MPC protocol of Damgård et al. in (European Symposium on Research in Computer Security, pp 1–18, 2013)) protocol across multiple Cloud Service Providers (CSP). Experimental results show that our approach outperforms the commonly adopted approaches over the P2P TCP/IP network in terms of the average delay and network complexity.

computer science, information systems,telecommunications

Dengguo Feng,Kang Yang

DOI: https://doi.org/10.1051/sands/2021001

2022-01-01

Security and Safety

Abstract:Secure multi-party computation (MPC) allows a set of parties to jointly compute a function on their private inputs, and reveals nothing but the output of the function. In the last decade, MPC has rapidly moved from a purely theoretical study to an object of practical interest, with a growing interest in practical applications such as privacy-preserving machine learning (PPML). In this paper, we comprehensively survey existing work on concretely efficient MPC protocols with both semi-honest and malicious security, in both dishonest-majority and honest-majority settings. We focus on considering the notion of security with abort, meaning that corrupted parties could prevent honest parties from receiving output after they receive output. We present high-level ideas of the basic and key approaches for designing different styles of MPC protocols and the crucial building blocks of MPC. For MPC applications, we compare the known PPML protocols built on MPC, and describe the efficiency of private inference and training for the state-of-the-art PPML protocols. Furthermore, we summarize several challenges and open problems to break though the efficiency of MPC protocols as well as some interesting future work that is worth being addressed. This survey aims to provide the recent development and key approaches of MPC to researchers, who are interested in knowing, improving, and applying concretely efficient MPC protocols.

Run-hua SHI,Hong ZHONG,Jie CUI,Yan XU,Shun ZHANG,Liu-sheng HUANG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.11.022

2014-01-01

Abstract:Oblivious Transfer (OT) protocol is a fundamental building block for Secure Multiparty Computation and finds critically important applications in protecting privacy in various settings .Nevertheless ,existing OT protocols do not include the pro-cedure to conduct the statistical analysis in a cooperative environment .Here ,a new OT protocol is proposed with a cooperative sta-tistical analysis by pursuing secure multiparty computation of the sum ,adopting the homomorphic encryption scheme ,and using a clever coding method .Specifically ,the sender can calculate the total number of each message sent privately within a given period . Theoretical analysis indicates that the new protocol allows for secure and efficient transfer of private messages in an oblivious way and shows great promise for practical applications in Electronic Commerce ,Healthcare Management and other secure systems as well .

Ronald Cramer,Ivan Damgård,Daniel Escudero,Peter Scholl,Chaoping Xing

DOI: https://doi.org/10.1007/978-3-319-96881-0_26

2018-01-01

Abstract:Most multi-party computation protocols allow secure computation of arithmetic circuits over a finite field, such as the integers modulo a prime. In the more natural setting of integer computations modulo , which are useful for simplifying implementations and applications, no solutions with active security are known unless the majority of the participants are honest. We present a new scheme for information-theoretic MACs that are homomorphic modulo , and are as efficient as the well-known standard solutions that are homomorphic over fields. We apply this to construct an MPC protocol for dishonest majority in the preprocessing model that has efficiency comparable to the well-known SPDZ protocol (Damgård et al., CRYPTO 2012), with operations modulo instead of over a field. We also construct a matching preprocessing protocol based on oblivious transfer, which is in the style of the MASCOT protocol (Keller et al., CCS 2016) and almost as efficient.

Michael Clear,Constantinos Patsakis,Paul Laird

DOI: https://doi.org/10.48550/arXiv.1402.7118

2014-02-28

Abstract:In this work we compare two recent multiparty computation (MPC) protocols for private summation in terms of performance. Both protocols allow multiple rounds of aggregation from the same set of public keys generated by parties in an initial stage. We instantiate the protocols with a fast elliptic curve and provide an experimental comparison of their performance for different phases of the protocol. Furthermore, we introduce a technique that allows the computational load of both protocols to be reduced at the expense of protection against collusion tolerance. We prove that both protocols remain secure with this technique, and evaluate its impact on collusion tolerance and the number of rounds supported.

Cryptography and Security