Abstract. In this paper we show how Isolated Execution Environments (IEE) offered by novel commodity hardware such as Intel's SGX provide a new path to constructing general secure multiparty computation (MPC) protocols. Our protocol is intuitive and elegant: it uses code within an IEE to play the role of a trusted third party (TTP), and the attestation guarantees of SGX to bootstrap secure communications between participants and the TTP. The load of communications and computations on participants only depends on the size of each party's inputs and outputs and is thus small and independent from the intricacies of the functionality to be computed. The remaining computational load-essentially that of computing the functionality -is moved to an untrusted party running an IEE-enabled machine, an attractive feature for Cloud-based scenarios. Our rigorous modular security analysis relies on the novel notion of labeled attested computation which we put forth in this paper. This notion is a convenient abstraction of the kind of attestation guarantees one can obtain from trusted hardware in multi-user scenarios. Finally, we present an extensive experimental evaluation of our solution on SGXenabled hardware. Our implementation is open-source and it is functionality agnostic: it can be used to securely outsource to the Cloud arbitrary off-the-shelf collaborative software, such as the one employed on financial data applications, enabling secure collaborative execution over private inputs provided by multiple parties.
IntroductionSecure multiparty computation (MPC) allows a set of mutually distrusting parties to collaboratively carry out a computation that involves their private inputs. The security guarantee that parties get are essentially those provided by carrying out the same computation using a Trusted Third Party (TTP). The computations to be carried out range from simple functionalities, for example where a party commits to a secret value and later on reveals it; or they can be highly complex, for example running sealed bid auctions [11] or bank customer benchmarking [20]. Most of the existent approaches are software only. The trust barrier between parties is overcome using cryptographic techniques that permit computing over encrypted and/or secret-shared data [35,28,19]. Another approach first studied by Katz [31] formalizes a trusted hardware assumptionwhere users have access to tamper-proof tokens on which they can load arbitrary codethat is sufficient to bootstrap universally composable MPC.Broadly speaking, this work fits within the same category as that by Katz [15]. However, our starting point is a novel real-world form of trusted hardware that is currently shipped on commodity PCs: Intel's Software Guard Extensions [30]. Our goal is to leverage this hardware to significantly reduce the computational costs of practical secure computation protocols. The main security capability that such hardware offers are Isolated Execution Environments (IEE) -a powerful tool for boosting trust in remote systems under the tot...