Toshinori Araki
Yehuda Lindell
ABSTRACT
In this paper, we describe a new information-theoretic protocol (and a computationally-secure variant) for secure three-party computation with an honest majority. The protocol has very minimal computation and communication; for Boolean circuits, each party sends only a single bit for every AND gate (and nothing is sent for XOR gates). Our protocol is (simulation-based) secure in the presence of semi-honest adversaries, and achieves privacy in the client/server model in the presence of malicious adversaries. On a cluster of three 20-core servers with a 10Gbps connection, the implementation of our protocol carries out over 1.3 million AES computations per second, which involves processing over 7 billion gates per second. In addition, we developed a Kerberos extension that replaces the ticket-granting-ticket encryption on the Key Distribution Center (KDC) in MIT-Kerberos with our protocol, using keys/ passwords that are shared between the servers. This enables the use of Kerberos while protecting passwords. Our implementation is able to support a login storm of over 35,000 logins per second, which suffices even for very large organizations. Our work demonstrates that high-throughput secure computation is possible on standard hardware.
- G. Asharov and Y. Lindell. A Full Proof of the BGW Protocol for Perfectly-Secure Multiparty Computation. To appear in phJ.\ of Cryptology.Google Scholar
- M. Ben-Or, S. Goldwasser, A. Wigderson.Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation. phSTOC 1988: 1--10 Google ScholarDigital Library
- D. Beaver, S. Micali, and P. Rogaway. The round complexity of secure protocols. In the 22nd STOC, pages 503--513, 1990. Google ScholarDigital Library
- . Bogdanov, S. Laur and J. Willemson. Sharemind: A framework for fast privacy-preserving computations. In phESORICS 2008, Springer (LNCS 5283), 192--206, 2008. Google ScholarDigital Library
- D. Bogdanov, M. Niitsoo, T. Toft, J. Willemson.High-performance secure multi-party computation for data mining applications. phInt. J. Inf. Sec. 11(6): 403--418, 2012. Google ScholarDigital Library
- R. Canetti. Security and Composition of Multiparty Cryptographic Protocols. In the phJournal of Cryptology, 13(1):143--202, 2000. Google ScholarDigital Library
- R. Canetti. Universally Composable Security: A New Paradigm for CryptographicProtocols. In 42nd FOCS, pages 136--145, 2001. Google ScholarDigital Library
- D. Chaum, C. Crépeau and I. Damgå rd. Multi-party Unconditionally Secure Protocols. In 20th STOC, pages 11--19, 1988. Google ScholarDigital Library
- I. Damgård and M. Keller. Secure multiparty AES. In Financial Cryptography, Springer (LNCS 6052), pages 367--374, 2010. Google ScholarDigital Library
- O. Goldreich: Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press 2004 Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. 19th STOC, 218--229, 1987. Google ScholarDigital Library
- S. Gueron, Y. Lindell, A. Nof and B. Pinkas. Fast Garbling of Circuits Under Standard Assumptions. Intextit22nd ACM CCS, pages 567--578, 2015. Google ScholarDigital Library
- Y. Ishai and E. Kushilevitz.On the Hardness of Information-Theoretic Multiparty Computation. In EUROCRYPT 2004, Springer (LNCS 3027),pages 439--455, 2004.Google ScholarCross Ref
- M. Keller, E. Orsini and P. Scholl. Actively Secure OT Extension with Optimal Overhead. In CRYPTO 2015, Springer (LNCS 9215), pages 724--741, 2015.Google Scholar
- L. Kerik, P. Laud and J. Randmets. Optimizing MPC for robust and scalable integer and floating-point arithmetic. In 4th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, 2016. In 4th WAHC, 2016.Google ScholarCross Ref
- E. Kushilevitz, Y. Lindell and T. Rabin. Information-Theoretically Secure Protocols and Security Under Composition. In the SIAM Journal on Computing, 39(5): 2090--2112, 2010.Google ScholarDigital Library
- J. Launchbury, I.S. Diatchki, T. DuBuisson and A. Adams-Moran. Efficient lookup-table protocol in secure multiparty computation. In ACM ICFP'12, pages 189--200, 2012. Google ScholarDigital Library
- . Laur, R. Talviste and J. Willemson. From Oblivious AES to Efficient and Secure Database Join in the Multiparty Setting. In ACNS'13, Springer (LNCS 7954), pages 84--101, 2013. Google ScholarDigital Library
- J. Perry, A. Ousterhout, H. Balakrishnan, D. Shah and H Fugal. Fastpass: a centralized "zero-queue" datacenter network. In SIGCOMM 2014, pages 307--318, 2014 Google ScholarDigital Library
- T. Rabin, M. Ben-Or.Verifiable Secret Sharing and Multiparty Protocols with Honest Majority (Extended Abstract). STOC 1989: 73--85 Google ScholarDigital Library
- . Randmets. Personal comm. -- AES performance on the new Sharemind cluster. May, 2016.Google Scholar
- . Talviste. Applying Secure Multi-Party Computation in Practice. Ph.D dissertation, Univ. of Tartu, 2016.Google Scholar
- . Shamir. How to Share a Secret. Communications of the ACM, 22(11):612--613, 1979. Google ScholarDigital Library
- . Yao. How to Generate and Exchange Secrets. In the 27th FOCS, pages 162--167, 1986. Google ScholarDigital Library
- . Zahur, M. Rosulek and D. Evans.Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates. EUROCRYPT, pages 220--250, 2015.Google Scholar
- Sharemind, Cybernetica. https://sharemind.cyber.ee.Google Scholar
Index Terms
- High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority
Recommendations
Optimizing Semi-Honest Secure Multiparty Computation for the Internet
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityIn the setting of secure multiparty computation, a set of parties with private inputs wish to compute some function of their inputs without revealing anything but their output. Over the last decade, the efficiency of secure two-party computation has ...
Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecuritySecure multiparty computation (MPC) enables a set of parties to securely carry out a joint computation of their private inputs without revealing anything but the output. Protocols for semi-honest adversaries guarantee security as long as the corrupted ...
High-Throughput Secure Three-Party Computation with an Honest Majority
AbstractIn the setting of secure multiparty computation, a set of parties wish to carry out a joint computation of their inputs while keeping them private. In this paper, we describe new information-theoretic protocols for secure three-party computation ...
Comments