Abstract:This paper deals with distributed matrix multiplication. Each player owns only one row of both matrices and wishes to learn about one distinct row of the product matrix, without revealing its input to the other players. We first improve on a weighted average protocol, in order to securely compute a dot-product with a quadratic volume of communications and linear number of rounds. We also propose two dual protocols with five communication rounds, using a Paillier-like underlying homomorphic public key cryptosys… Show more
“…We consider the setting where the two input matrices A and B have dimension N × N and each of the N players stores one row of A and the corresponding row of B and learns the corresponding row of C = A × B. In this setting, the YTP-SS Algorithm [11,Algorithm 15] can compute C by encrypting the rows of A only and then relying on homomorphic multiplications of encrypted coefficients of A by plain coefficients of B.…”
Section: Data Layout and Encryptionmentioning
confidence: 99%
“…For instance, for a product of dimension 12, with base case dimension b = 3, this gives; L A = L B = L C = (1,2,0,4,5,3,7,8,6,11,9,10) and K A = K B = K C = (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11).…”
Section: Data Layout and Encryptionmentioning
confidence: 99%
“…The matrix multiplication algorithm using the secure dot-product protocol YTP-SS [11,Algorithm 15] is secure against semi-honest adversaries over insecure communication channels. In order to analyze the difference with our proposition, Protocol 7 MP-SW, we extract here the core of the former protocol, i.e., without the securization of the channel (that is we remove the protection of the players private elements by random values, and the final communications to derandomize the results).…”
Section: Relaxing An Existing Algorithm: Ytp-ssmentioning
confidence: 99%
“…Some of them are for two parties only and most of the others are generic and transform programs into circuits or use oblivious transfer [7,26,6,16,23]. For instance the symmetric system solving phase of the Linreg-MPC software is reported in [12] to take about 45 minutes for n = 200, while, in [11], a secure multiparty specific algorithm, YTP-SS, was developed for matrix multiplication requires about a hundred seconds to perform an n = 200 matrix multiplication. These timings, however, do not take into account communications, but for multiparty matrix multiplication, the number of communications and the number of operations should be within the same order of magnitude.…”
Section: Introductionmentioning
confidence: 99%
“…Finally, Strassen-Winograd algorithm involves numerous additions and subtractions on parts of the A and B matrices that are held by different players. Security concerns require then that these entries should be encrypted from the start, contrarily to [11]. As a consequence, the classical matrix multiplication can no longer be used as stated in the latter reference, even for the base case of the recursive algorithm.…”
This paper presents a secure multiparty computation protocol for the Strassen-Winograd matrix multiplication algorithm. We focus on the setting in which any given player knows only one row (or one block of rows) of both input matrices and learns the corresponding row (or block of rows) of the resulting product matrix. Neither the player initial data, nor the intermediate values, even during the recurrence part of the algorithm, are ever revealed to other players. We use a combination of partial homomorphic encryption schemes and additive masking techniques together with a novel schedule for the location and encryption layout of all intermediate computations to preserve privacy. Compared to state of the art protocols, the asymptotic communication volume of our construction is reduced from O(n 3) to O(n 2.81). This improvement in terms of communication volume arises with matrices of dimension as small as n = 96 which is confirmed by experiments.
“…We consider the setting where the two input matrices A and B have dimension N × N and each of the N players stores one row of A and the corresponding row of B and learns the corresponding row of C = A × B. In this setting, the YTP-SS Algorithm [11,Algorithm 15] can compute C by encrypting the rows of A only and then relying on homomorphic multiplications of encrypted coefficients of A by plain coefficients of B.…”
Section: Data Layout and Encryptionmentioning
confidence: 99%
“…For instance, for a product of dimension 12, with base case dimension b = 3, this gives; L A = L B = L C = (1,2,0,4,5,3,7,8,6,11,9,10) and K A = K B = K C = (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11).…”
Section: Data Layout and Encryptionmentioning
confidence: 99%
“…The matrix multiplication algorithm using the secure dot-product protocol YTP-SS [11,Algorithm 15] is secure against semi-honest adversaries over insecure communication channels. In order to analyze the difference with our proposition, Protocol 7 MP-SW, we extract here the core of the former protocol, i.e., without the securization of the channel (that is we remove the protection of the players private elements by random values, and the final communications to derandomize the results).…”
Section: Relaxing An Existing Algorithm: Ytp-ssmentioning
confidence: 99%
“…Some of them are for two parties only and most of the others are generic and transform programs into circuits or use oblivious transfer [7,26,6,16,23]. For instance the symmetric system solving phase of the Linreg-MPC software is reported in [12] to take about 45 minutes for n = 200, while, in [11], a secure multiparty specific algorithm, YTP-SS, was developed for matrix multiplication requires about a hundred seconds to perform an n = 200 matrix multiplication. These timings, however, do not take into account communications, but for multiparty matrix multiplication, the number of communications and the number of operations should be within the same order of magnitude.…”
Section: Introductionmentioning
confidence: 99%
“…Finally, Strassen-Winograd algorithm involves numerous additions and subtractions on parts of the A and B matrices that are held by different players. Security concerns require then that these entries should be encrypted from the start, contrarily to [11]. As a consequence, the classical matrix multiplication can no longer be used as stated in the latter reference, even for the base case of the recursive algorithm.…”
This paper presents a secure multiparty computation protocol for the Strassen-Winograd matrix multiplication algorithm. We focus on the setting in which any given player knows only one row (or one block of rows) of both input matrices and learns the corresponding row (or block of rows) of the resulting product matrix. Neither the player initial data, nor the intermediate values, even during the recurrence part of the algorithm, are ever revealed to other players. We use a combination of partial homomorphic encryption schemes and additive masking techniques together with a novel schedule for the location and encryption layout of all intermediate computations to preserve privacy. Compared to state of the art protocols, the asymptotic communication volume of our construction is reduced from O(n 3) to O(n 2.81). This improvement in terms of communication volume arises with matrices of dimension as small as n = 96 which is confirmed by experiments.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.