Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers

Guo, Chun; Katz, Jonathan; Wang, Xiao; Yu, Yu

doi:10.1109/sp40000.2020.00016

Cited by 44 publications

(20 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, DeepSecure reports the number of non-XOR gates that can be used for performance estimates. We used state-of-the-art for GC implementation, i.e., EMP-Toolkit [1], [52], [53], to obtain these performance estimates that are better than the performance reported by DeepSecure. The communication of our protocols is 25× lower (4 th row of Table I).…”

Section: Discussionmentioning

confidence: 99%

SIRNN: A Math Library for Secure RNN Inference

Rathee¹,

Rathee²,

Goli³

et al. 2021

Preprint

View full text Add to dashboard Cite

Complex machine learning (ML) inference algorithms like recurrent neural networks (RNNs) use standard functions from math libraries like exponentiation, sigmoid, tanh, and reciprocal of square root. Although prior work on secure 2party inference provides specialized protocols for convolutional neural networks (CNNs), existing secure implementations of these math operators rely on generic 2-party computation (2PC) protocols that suffer from high communication. We provide new specialized 2PC protocols for math functions that crucially rely on lookup-tables and mixed-bitwidths to address this performance overhead; our protocols for math functions communicate up to 423× less data than prior work. Some of the mixed bitwidth operations used by our math implementations are (zero and signed) extensions, different forms of truncations, multiplication of operands of mixed-bitwidths, and digit decomposition (a generalization of bit decomposition to larger digits). For each of these primitive operations, we construct specialized 2PC protocols that are more communication efficient than generic 2PC, and can be of independent interest. Furthermore, our math implementations are numerically precise, which ensures that the secure implementations preserve model accuracy of cleartext. We build on top of our novel protocols to build SIRNN, a library for end-to-end secure 2-party DNN inference, that provides the first secure implementations of an RNN operating on time series sensor data, an RNN operating on speech data, and a stateof-the-art ML architecture that combines CNNs and RNNs for identifying all heads present in images. Our evaluation shows that SIRNN achieves up to three orders of magnitude of performance improvement when compared to inference of these models using an existing state-of-the-art 2PC framework.Index Terms-privacy-preserving machine learning; secure two-party computation; recurrent neural networks; math functions; mixed-bitwidths; secure inference 1 We relegate comparisons with works that need additional parties for security, e.g., 3-party computation (3PC) to Section VII.

show abstract

Section: Discussionmentioning

confidence: 99%

SIRNN: A Math Library for Secure RNN Inference

Rathee¹,

Rathee²,

Goli³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Factoring in the cost of securely distributing Gen (with semi-honest security, building on [Ds17]), the amortized communication complexity of our silent OT extension protocol is 0-3 bits for each random 128-bit string-OT. To put that into context, state-of-the-art OT extension protocols [IKNP03,ALSZ13] require 128 bits of communication per random 128-bit string-OT and can generate around 10 million OTs per second [GKWY19] over a fast network, so the price we pay for the (much) lower communication complexity seems quite modest. Even for the easier case of random bit-OT, the best previous OT extension protocol [KK13] required roughly 80 bits of communication per OT.…”

Section: Silent Ot Extensionmentioning

confidence: 99%

“…We use the following generalization of a correlation robust function over F p . As recently shown in [GKWY19], this can be instantiated with fixed-key AES modeled as a random permutation when p = 2.…”

Section: Al [Iknp03] Which Convertsmentioning

confidence: 99%

Efficient Pseudorandom Correlation Generators: Silent OT Extension and More

Boyle

Couteau

Gilboa

et al. 2019

Lecture Notes in Computer Science

141

View full text Add to dashboard Cite

Secure multiparty computation (MPC) often relies on sources of correlated randomness for better efficiency and simplicity. This is particularly useful for MPC with no honest majority, where input-independent correlated randomness enables a lightweight "non-cryptographic" online phase once the inputs are known. However, since the amount of correlated randomness typically scales with the circuit size of the function being computed, securely generating correlated randomness forms an efficiency bottleneck, involving a large amount of communication and storage. A natural tool for addressing the above limitations is a pseudorandom correlation generator (PCG). A PCG allows two or more parties to securely generate long sources of useful correlated randomness via a local expansion of correlated short seeds and no interaction. PCGs enable MPC with silent preprocessing, where a small amount of interaction used for securely sampling the seeds is followed by silent local generation of correlated pseudorandomness. A concretely efficient PCG for Vector-OLE correlations was recently obtained by Boyle et al. (CCS 2018) based on variants of the learning parity with noise (LPN) assumption over large fields. In this work, we initiate a systematic study of PCGs and present concretely efficient constructions for several types of useful MPC correlations. We obtain the following main contributions:-PCG foundations. We give a general security definition for PCGs. Our definition suffices for any MPC protocol satisfying a stronger security requirement that is met by existing protocols. We prove that a stronger security requirement is indeed necessary, and justify our PCG definition by ruling out a stronger and more natural definition. -Silent OT extension. We present the first concretely efficient PCG for oblivious transfer correlations. Its security is based on a variant of the binary LPN assumption and any correlationrobust hash function. We expect it to provide a faster alternative to the IKNP OT extension protocol (Crypto '03) when communication is the bottleneck. We present several applications, including protocols for non-interactive zero-knowledge with bounded-reusable preprocessing from binary LPN, and concretely efficient related-key oblivious pseudorandom functions. -PCGs for simple 2-party correlations. We obtain PCGs for several other types of useful 2-party correlations, including (authenticated) one-time truth-tables and Beaver triples. While the latter PCGs are slower than our PCG for OT, they are still practically feasible. These PCGs are based on a host of assumptions and techniques, including specialized homomorphic secret sharing schemes and pseudorandom generators tailored to their structure. -Multiparty correlations. We obtain PCGs for multiparty correlations that can be used to make the circuit-dependent communication of MPC protocols scale linearly (instead of quadratically) with the number of parties. * This is a full version of [BCG + 19].* PRG stands for an arbitrary pseudorandom generator, OT for random oblivio...

show abstract

“…Our protocol makes ℓ/𝑚 calls to 𝑀 1 -OT 2 (after merging steps 9&10), where 𝑀 = 2 𝑚 . Using OT extension techniques, generating an instance of 𝑀 1 -OT 2 requires 6 AES FK 256 9 There are two types of AES in MPC applications -fixed-key (FK) and re-keyed (RK) [10,35]. While the former runs key schedule only once and is more efficient, the latter generates a new key schedule for every invocation and is required in this application.…”

Section: Cryptographic Backendmentioning

confidence: 99%

CrypTFlow2: Practical 2-Party Secure Inference

Rathee,

Kumar

et al. 2020

Preprint

View full text Add to dashboard Cite

We present CrypTFlow2, a cryptographic framework for secure inference over realistic Deep Neural Networks (DNNs) using secure 2-party computation. CrypTFlow2 protocols are both correct -i.e., their outputs are bitwise equivalent to the cleartext execution -and efficient -they outperform the state-of-the-art protocols in both latency and scale. At the core of CrypTFlow2, we have new 2PC protocols for secure comparison and division, designed carefully to balance round and communication complexity for secure inference tasks. Using CrypTFlow2, we present the first secure inference over ImageNet-scale DNNs like ResNet50 and DenseNet121. These DNNs are at least an order of magnitude larger than those considered in the prior work of 2-party DNN inference. Even on the benchmarks considered by prior work, CrypTFlow2 requires an order of magnitude less communication and 20×-30× less time than the state-of-the-art.

show abstract

Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers

Cited by 44 publications

References 49 publications

SIRNN: A Math Library for Secure RNN Inference

SIRNN: A Math Library for Secure RNN Inference

Efficient Pseudorandom Correlation Generators: Silent OT Extension and More

CrypTFlow2: Practical 2-Party Secure Inference

Contact Info

Product

Resources

About