GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits

Schneider, Thomas; Zohner, Michael

doi:10.1007/978-3-642-39884-1_23

Cited by 88 publications

(112 citation statements)

References 29 publications

Supporting

Mentioning

112

Contrasting

Order By: Relevance

“…A SIMD circuit also consists of gates, but instead of operating on single bits, it operates on multiple bits in parallel. Thereby, the time for the load / process / store operations of a gate amortizes, which drastically speeds up the evaluation [38]. In contrast, a pipelined construction and evaluation approach would need to perform a load / process / store operation per bit of evaluation.…”

Section: Simd Circuitsmentioning

confidence: 99%

Privacy-Preserving Interdomain Routing at Internet Scale

Asharov

Demmler

Schapira

et al. 2017

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Abstract:The Border Gateway Protocol (BGP) computes routes between the organizational networks that make up today's Internet. Unfortunately, BGP suffers from deficiencies, including slow convergence, security problems, a lack of innovation, and the leakage of sensitive information about domains' routing preferences. To overcome some of these problems, we revisit the idea of centralizing and using secure multi-party computation (MPC) for interdomain routing which was proposed by Gupta et al. (ACM HotNets'12). We implement two algorithms for interdomain routing with state-of-the-art MPC protocols. On an empirically derived dataset that approximates the topology of today's Internet (55 809 nodes), our protocols take as little as 6 s of topologyindependent precomputation and only 3 s of online time. We show, moreover, that when our MPC approach is applied at country/region-level scale, runtimes can be as low as 0.17 s online time and 0.20 s pre-computation time. Our results motivate the MPC approach for interdomain routing and furthermore demonstrate that current MPC techniques are capable of efficiently tackling real-world problems at a large scale.

show abstract

Section: Simd Circuitsmentioning

confidence: 99%

Privacy-Preserving Interdomain Routing at Internet Scale

Asharov

Demmler

Schapira

et al. 2017

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

show abstract

“…5 In terms of communication, the SPDZ protocol requires rounds linear in the depth of the circuit, whereas our protocol is constant-round. While it is difficult to compare the impact of this without an implementation and experiments, it seems intuitive that as the latency between machines increases, the cost of each additional communication round increases as well; this intuition has been backed up by experiments in the semi-honest setting [SZ13].…”

Section: G Concrete Efficiency Of the 3pc Protocolmentioning

confidence: 99%

“…To our knowledge, SPDZ's implementation experiments [DKL + 12, DPSZ12, DKL + 13] were run on a local-area network where physical broadcast is available, and thus the delay due to accounting for round-timeouts and/or running a multi-party broadcasting protocol when operating in a wide-area network environment has not been taken into account. This delay may be non-trivial depending on circumstances: Schneider and Zohner [SZ13] have shown that as the latency between machines increases, the cost of each round becomes more and more significant.…”

Section: Introductionmentioning

confidence: 99%

Efficient Three-Party Computation from Cut-and-Choose

Choi

Katz

Malozemoff

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

With relatively few exceptions, the literature on efficient (practical) secure computation has focused on secure two-party computation (2PC). It is, in general, unclear whether the techniques used to construct practical 2PC protocols-in particular, the cut-and-choose approach-can be adapted to the multi-party setting.In this work we explore the possibility of using cut-and-choose for practical secure three-party computation. The three-party case has been studied in prior work in the semi-honest setting, and is motivated by the observation that real-world deployments of multi-party computation are likely to involve few parties. We propose a constant-round protocol for three-party computation tolerating any number of malicious parties, whose computational cost is essentially only a small constant worse than that of state-of-the-art two-party protocols.

show abstract

“…However, it is possible to still do much better. The secure computation framework of [56] improved the results of FastGC [28] by a factor of 6-80, depending on the network latency. Jumping ahead, we obtain additional speedups for both secure computation frameworks [28] and [56].…”

Section: Introductionmentioning

confidence: 99%

More efficient oblivious transfer and extensions for faster secure computation

Asharov

Lindell

Schneider

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

304

340

View full text Add to dashboard Cite

Abstract. Protocols for secure computation enable parties to compute a joint function on their private inputs without revealing anything but the result. A foundation for secure computation is oblivious transfer (OT), which traditionally requires expensive public key cryptography. A more efficient way to perform many OTs is to extend a small number of base OTs using OT extensions based on symmetric cryptography. In this work we present optimizations and efficient implementations of OT and OT extensions in the semi-honest model. We propose a novel OT protocol with security in the standard model and improve OT extensions with respect to communication complexity, computation complexity, and scalability. We also provide specific optimizations of OT extensions that are tailored to the secure computation protocols of Yao and GoldreichMicali-Wigderson and reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations. By applying our implementation to current secure computation frameworks, we can securely compute a Levenshtein distance circuit with 1.29 billion AND gates at a rate of 1.2 million AND gates per second. Moreover, we demonstrate the importance of correctly implementing OT within secure computation protocols by presenting an attack on the FastGC framework.

show abstract

GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits

Cited by 88 publications

References 29 publications

Privacy-Preserving Interdomain Routing at Internet Scale

Privacy-Preserving Interdomain Routing at Internet Scale

Efficient Three-Party Computation from Cut-and-Choose

More efficient oblivious transfer and extensions for faster secure computation

Contact Info

Product

Resources

About