Faster secure two-party computation with less memory

Private set intersection (PSI) is a cryptographic technique that is applicable to many privacysensitive scenarios. For decades, researchers have been focusing on improving its efficiency in both communication and computation. However, most of the existing solutions are inefficient for an unequal number of inputs, which is common in conventional client-server settings.In this paper, we analyze and optimize the efficiency of existing PSI protocols to support precomputation so that they can efficiently deal with such input sets. We transform four existing PSI protocols into the precomputation form such that in the setup phase the communication is linear only in the size of the larger input set, while in the online phase the communication is linear in the size of the smaller input set. We implement all four protocols and run experiments between two PCs and between a PC and a smartphone and give a systematic comparison of their performance. Our experiments show that a protocol based on securely evaluating a garbled AES circuit achieves the fastest setup time by several orders of magnitudes, and the fastest online time in the PC setting where AES-NI acceleration is available. In the mobile setting, the fastest online time is achieved by a protocol based on the Diffie-Hellman assumption.

show abstract

“…An AES circuit using the S-box of [9] has 5,120 AND gates [32]. Alternatively, we could use the LowMC cipher of [1] with only 2,268 AND gates.…”

Section: Aes Gc-based Psi (Gc-psi)mentioning

confidence: 99%

Private Set Intersection for Unequal Set Sizes with Mobile Applications

Kiss

Liu

Schneider

et al. 2017

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

show abstract

“…On the one hand, one recent implementation by Bellare et al [3] shows that improving the speed of cryptographic functions improves the overall performance. On the other hand, another recent implementation by Henecka and Schneider is bound by the network speed [14]. We did not implement a full garbling scheme, but only the functions necessary for our outsourcing scheme.…”

Section: Methodsmentioning

confidence: 99%

“…We follow the original construction of Yao [32] which has been adopted in several recent implementations [14,16,25,31]. We are going to describe in detail the function Gb(1 κ , f ), since it is crucial for the understanding of our scheme.…”

Section: Methodsmentioning

confidence: 99%

Oblivious outsourcing of garbled circuit generation

Kerschbaum

2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Yao's garbled circuit technique is often used in outsourced computation. Current approaches divide the computation to two or more servers. The assumption is that the servers collaborate in offering the outsourced computation, but do not share data. This seems somewhat paradoxical in the current cloud economy. We therefore propose oblivious outsourcing where one server is unaware that other servers are involved. We present a garbled circuit generation outsourcing scheme built on lattice-based cryptography implementing this model. Our scheme does not increase the cost of circuit evaluation, but achieves a speed up of 98% (factor 55) for circuit generation.

show abstract

“…Additionally, this method for pipelining is designed to run exactly two threads and thus cannot easily be scaled to a larger number of threads. As observed in [24], a large number of OT extensions can be performed by sequentially running the OT extension protocol on blocks of fixed size. This reduces the total memory consumption at the expense of more communication rounds.…”

Section: Blockwise Parallelized Ot Extensionmentioning

confidence: 99%

“…There is independent work on the efficiency of OT extension with security against stronger malicious adversaries [21,48,49]. In the semi-honest model, [24] improved the implementation of the OT extension protocol of [32] in FastGC [28]. They reduce the memory footprint by splitting the OT extension protocol sequentially into multiple rounds and obtain speedups by instantiating the pseudo-random generator with AES instead of SHA-1.…”

Section: Introductionmentioning

confidence: 99%

More efficient oblivious transfer and extensions for faster secure computation

Asharov

Lindell

Schneider

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

290

340

View full text Add to dashboard Cite

Abstract. Protocols for secure computation enable parties to compute a joint function on their private inputs without revealing anything but the result. A foundation for secure computation is oblivious transfer (OT), which traditionally requires expensive public key cryptography. A more efficient way to perform many OTs is to extend a small number of base OTs using OT extensions based on symmetric cryptography. In this work we present optimizations and efficient implementations of OT and OT extensions in the semi-honest model. We propose a novel OT protocol with security in the standard model and improve OT extensions with respect to communication complexity, computation complexity, and scalability. We also provide specific optimizations of OT extensions that are tailored to the secure computation protocols of Yao and GoldreichMicali-Wigderson and reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations. By applying our implementation to current secure computation frameworks, we can securely compute a Levenshtein distance circuit with 1.29 billion AND gates at a rate of 1.2 million AND gates per second. Moreover, we demonstrate the importance of correctly implementing OT within secure computation protocols by presenting an attack on the FastGC framework.

show abstract

Faster secure two-party computation with less memory

Cited by 29 publications

References 30 publications

Private Set Intersection for Unequal Set Sizes with Mobile Applications

Private Set Intersection for Unequal Set Sizes with Mobile Applications

Oblivious outsourcing of garbled circuit generation

More efficient oblivious transfer and extensions for faster secure computation

Contact Info

Product

Resources

About