Fast and Maliciously Secure Two-Party Computation Using the GPU

Frederiksen, Tore Kasper; Nielsen, Jesper Buus

doi:10.1007/978-3-642-38980-1_21

Cited by 30 publications

(41 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The generic technique for making garbled circuits into a reactive SMC protocol requires additional, MAC operations inside the circuit [19]. More efficient reactive garbled circuit protocols exist [14,38], but require special constructions that cannot be combined with all garbled circuit protocols in a generic way. Our protocol allows for true black box outsourcing of any SMC protocol (reactive or non-reactive), and our empirical performance evaluation demonstrates that the overhead of adding AND operations to the circuit is minimal when the circuit size is large.…”

Section: Jnomentioning

confidence: 99%

Outsourcing Secure Two-Party Computation as a Black Box

Carter

Mood

Traynor

et al. 2015

Cryptology and Network Security

View full text Add to dashboard Cite

Secure multiparty computation (SMC) offers a technique to preserve functionality and data privacy in mobile applications. Current protocols that make this costly cryptographic construction feasible on mobile devices securely outsource the bulk of the computation to a cloud provider. However, these outsourcing techniques are built on specific secure computation assumptions and tools, and applying new SMC ideas to the outsourced setting requires the protocols to be completely rebuilt and proven secure. In this work, we develop a generic technique for lifting any secure two-party computation protocol into an outsourced two-party SMC protocol. By augmenting the function being evaluated with auxiliary consistency checks and input values, we can create an outsourced protocol with low overhead cost. Our implementation and evaluation show that in the best case, our outsourcing additions execute within the confidence intervals of two servers running the same computation, and consume approximately the same bandwidth. In addition, the mobile device itself uses minimal bandwidth over a single round of communication. This work demonstrates that efficient outsourcing is possible with any underlying SMC scheme, and provides an outsourcing protocol that is efficient and directly applicable to current and future SMC techniques.

show abstract

Section: Jnomentioning

confidence: 99%

Outsourcing Secure Two-Party Computation as a Black Box

Carter

Mood

Traynor

et al. 2015

Cryptology and Network Security

View full text Add to dashboard Cite

show abstract

“…Whether our proposed protocol will be more efficient in practice than protocols with standard cut-and-choose [7,18,20,29,31] will only be decided by performing a serious comparison of similar implementations running on the same hardware-network configuration of our and other approaches. This is on-going work.…”

Section: Lego Is Not Compatible With Known Optimization For Yao's Promentioning

confidence: 99%

MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions

Frederiksen

Jakobsen

Nielsen

et al. 2013

Advances in Cryptology – EUROCRYPT 2013

Self Cite

View full text Add to dashboard Cite

Abstract. One of the main tools to construct secure two-party computation protocols are Yao garbled circuits. Using the cut-and-choose technique, one can get reasonably efficient Yao-based protocols with security against malicious adversaries. At TCC 2009, Nielsen and Orlandi [28] suggested to apply cut-andchoose at the gate level, while previously cut-and-choose was applied on the circuit as a whole. This idea allows for a speed up with practical significance (in the order of the logarithm of the size of the circuit) and has become known as the "LEGO" construction. Unfortunately the construction in [28] is based on a specific number-theoretic assumption and requires public-key operations per gate of the circuit. The main technical contribution of this work is a new XORhomomorphic commitment scheme based on oblivious transfer, that we use to cope with the problem of connecting the gates in the LEGO construction. Our new protocol has the following advantages:1. It maintains the efficiency of the LEGO cut-and-choose. 2. After a number of seed oblivious transfers linear in the security parameter, the construction uses only primitives from Minicrypt (i.e., private-key cryptography) per gate in the circuit (hence the name MiniLEGO). 3. MiniLEGO is compatible with all known optimization for Yao garbled gates (row reduction, free-XORs, point-and-permute).

show abstract

“…This has been demonstrated in implementations. In [10], the cost of the circuit communication and computation for secure AES computation is approximately 80% of the work. Likewise in [20, Table 7] regarding secure AES computation, the bandwidth due to the circuits was 83% of all bandwidth and the time was over 50% of the time.…”

Section: Introductionmentioning

confidence: 99%

“…In addition, a selective input attack whereby P 1 provides correct garbled inputs only for a subset of the possible inputs of P 2 must be prevented (since otherwise P 2 will abort if its input is not in the subset because it cannot compute any circuit in this case, and thus P 1 will learn something about P 2 's input based on whether or not it aborts). There are a number of different solutions to these problems that have been presented in [23,25,32,28,10]. The full protocol that we present here is based on the protocol of [25].…”

Section: Introductionmentioning

confidence: 99%

Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries

Lindell

2015

J Cryptol

111

View full text Add to dashboard Cite

In the setting of secure two-party computation, two parties wish to securely compute a joint function of their private inputs, while revealing only the output. One of the primary techniques for achieving efficient secure two-party computation is that of Yao's garbled circuits (FOCS 1986). In the semi-honest model, where just one garbled circuit is constructed and evaluated, Yao's protocol has proven itself to be very efficient. However, a malicious adversary who constructs the garbled circuit may construct a garbling of a different circuit computing a different function, and this cannot be detected (due to the garbling). In order to solve this problem, many circuits are sent and some of them are opened to check that they are correct while the others are evaluated. This methodology, called cut-and-choose, introduces significant overhead, both in computation and in communication, and is mainly due to the number of circuits that must be used in order to prevent cheating.In this paper, we present a cut-and-choose protocol for secure computation based on garbled circuits, with security in the presence of malicious adversaries, that vastly improves on all previous protocols of this type. Concretely, for a cheating probability of at most 2 −40 , the best previous works send between 125 and 128 circuits. In contrast, in our protocol 40 circuits alone suffice (with some additional overhead). Asymptotically, we achieve a cheating probability of 2 −s where s is the number of garbled circuits, in contrast to the previous best of 2 −0.32s . We achieve this by introducing a new cut-and-choose methodology with the property that in order to cheat, all of the evaluated circuits must be incorrect, and not just the majority as in previous works. The security of our protocol relies on the Decisional Diffie-Hellman assumption.

show abstract

Fast and Maliciously Secure Two-Party Computation Using the GPU

Cited by 30 publications

References 22 publications

Outsourcing Secure Two-Party Computation as a Black Box

Outsourcing Secure Two-Party Computation as a Black Box

MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions

Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries

Contact Info

Product

Resources

About