Abstract:An important characteristic of recent MPC protocols is an input-independent setup phase in which most computations are offloaded, which greatly reduces the execution overhead of the online phase where parties provide their inputs. For a very efficient evaluation of arithmetic circuits in an information-theoretic online phase, the MPC protocols consume Beaver multiplication triples generated in the setup phase. Triple generation is generally the most expensive part of the protocol, and improving its efficiency … Show more
“…Different from the state-of-the-art solutions proposed in [15,20], where a party (say, Alice) first splits her private input x A to a share vector x A = (x A,1 , • • • , x A,l ) and then invokes an AHE to compute shares s A with Bob whose input is x B and x B = (x B,1 , • • • , x B,l ) and output is s B such that x A • x B =s A + s B , we formalize Beaver triple generators in the context of 2-party shared scalar product protocol to get s A + s B = x A • x B and then Alice (Bob resp.,) dispenses her shares…”
Section: This Workmentioning
confidence: 97%
“…The Beaver triples deployed in the SPDZ framework are originally constructed from somewhat homomorphic encryptions [9]. Since the computation cost of ciphertext multiplications is high if one leverages somewhat homomorphic encryptions, more and more researchers are considering alternative constructions such as oblivious-transfers [14], additively homomorphic encryptions [15,20], multiplicatively homomorphic encryption [27] and multiplicatively homomorphic key management system [28], where a proof of equivalence between constructions leveraging multiplicatively homomorphic encryption and multiplicatively homomorphic key management system has been proposed. In this work, an efficient solution for generating Beaver triples starting from asymmetric oblivious scalar product protocol is proposed and analyzed.…”
In a convolution neural network, a composition of linear scalar product, non-linear activation function and maximum pooling computations are intensively invoked. As such, to design and implement privacy-preserving, high efficiency machine learning mechanisms, one highly demands a practical crypto tool for secure arithmetic computations. SPDZ, an interesting framework of secure multi-party computations is a promising technique deployed for industry-scale machine learning development if one is able to generate Beaver (multiplication) triple offline efficiently. This paper studies secure yet efficient Beaver triple generators leveraging privacy-preserving scalar product protocols which in turn can be constructed from additive-only homomorphic encryptions(AHEs). Different from the state-of-the-art solutions, where a party first splits her private input into a shared vector and then invokes an AHE to compute scalar product of the shared vectors managed by individual MPC server, we formalize Beaver triple generators in the context of 2-party shared scalar product protocol and then dispense the generated shares to MPC servers. As such, the protocol presented in this paper can be viewed as a dual construction of the state-of-the-art AHE based solutions. Furthermore, instead of applying the Paillier encryption as a basis of our previous constructions or inheriting from somewhat homomorphic encryptions, we propose an alternative construction of AHE from polynomial ring learning with error (RLWE) which results in an efficient implementation of Beaver triple generators.
“…Different from the state-of-the-art solutions proposed in [15,20], where a party (say, Alice) first splits her private input x A to a share vector x A = (x A,1 , • • • , x A,l ) and then invokes an AHE to compute shares s A with Bob whose input is x B and x B = (x B,1 , • • • , x B,l ) and output is s B such that x A • x B =s A + s B , we formalize Beaver triple generators in the context of 2-party shared scalar product protocol to get s A + s B = x A • x B and then Alice (Bob resp.,) dispenses her shares…”
Section: This Workmentioning
confidence: 97%
“…The Beaver triples deployed in the SPDZ framework are originally constructed from somewhat homomorphic encryptions [9]. Since the computation cost of ciphertext multiplications is high if one leverages somewhat homomorphic encryptions, more and more researchers are considering alternative constructions such as oblivious-transfers [14], additively homomorphic encryptions [15,20], multiplicatively homomorphic encryption [27] and multiplicatively homomorphic key management system [28], where a proof of equivalence between constructions leveraging multiplicatively homomorphic encryption and multiplicatively homomorphic key management system has been proposed. In this work, an efficient solution for generating Beaver triples starting from asymmetric oblivious scalar product protocol is proposed and analyzed.…”
In a convolution neural network, a composition of linear scalar product, non-linear activation function and maximum pooling computations are intensively invoked. As such, to design and implement privacy-preserving, high efficiency machine learning mechanisms, one highly demands a practical crypto tool for secure arithmetic computations. SPDZ, an interesting framework of secure multi-party computations is a promising technique deployed for industry-scale machine learning development if one is able to generate Beaver (multiplication) triple offline efficiently. This paper studies secure yet efficient Beaver triple generators leveraging privacy-preserving scalar product protocols which in turn can be constructed from additive-only homomorphic encryptions(AHEs). Different from the state-of-the-art solutions, where a party first splits her private input into a shared vector and then invokes an AHE to compute scalar product of the shared vectors managed by individual MPC server, we formalize Beaver triple generators in the context of 2-party shared scalar product protocol and then dispense the generated shares to MPC servers. As such, the protocol presented in this paper can be viewed as a dual construction of the state-of-the-art AHE based solutions. Furthermore, instead of applying the Paillier encryption as a basis of our previous constructions or inheriting from somewhat homomorphic encryptions, we propose an alternative construction of AHE from polynomial ring learning with error (RLWE) which results in an efficient implementation of Beaver triple generators.
“…Secure addition (respectively, XORing in B) can be executed locally, that is without communication between the parties. Secure multiplication (respectively, AND in B) is done in an interactive protocol among the two parties using so-called multiplication triples [53][54][55]. Using only addition and multiplication (similarly, AND and XOR) arbitrary functions can be calculated.…”
Background:The kidney exchange problem (KEP) addresses the matching of patients in need for a replacement organ with compatible living donors. Ideally many medical institutions should participate in a matching program to increase the chance for successful matches. However, to fulfill legal requirements current systems use complicated policy-based data protection mechanisms that effectively exclude smaller medical facilities to participate. Employing secure multi-party computation (MPC) techniques provides a technical way to satisfy data protection requirements for highly sensitive personal health information while simultaneously reducing the regulatory burdens.
Results:We have designed, implemented, and benchmarked SPIKE, a secure MPC-based privacy-preserving KEP which computes a solution by finding matching donor-recipient pairs in a graph structure. SPIKE matches 40 pairs in cycles of length 2 in less than 4 minutes and outperforms the previous state-of-the-art protocol by a factor of 400× in runtime while providing medically more robust solutions.
Conclusions:We show how to solve the KEP in a robust and privacy-preserving manner achieving practical performance. The usage of MPC techniques fulfills many data protection requirements on a technical level, allowing smaller health care providers to directly participate in a kidney exchange with reduced legal processes.
“…Secure addition (respectively, XORing in B ) can be executed locally, that is without communication between the parties. Secure multiplication (respectively, AND in B ) is done in an interactive protocol among the two parties using so-called multiplication triples [61,69,70]. Using only addition and multiplication (similarly, AND and XOR ) arbitrary functions can be calculated.…”
Section: Boolean and Arithmetic Secret Sharingmentioning
Background
The kidney exchange problem (KEP) addresses the matching of patients in need for a replacement organ with compatible living donors. Ideally many medical institutions should participate in a matching program to increase the chance for successful matches. However, to fulfill legal requirements current systems use complicated policy-based data protection mechanisms that effectively exclude smaller medical facilities to participate. Employing secure multi-party computation (MPC) techniques provides a technical way to satisfy data protection requirements for highly sensitive personal health information while simultaneously reducing the regulatory burdens.
Results
We have designed, implemented, and benchmarked SPIKE, a secure MPC-based privacy-preserving KEP protocol which computes a locally optimal solution by finding matching donor–recipient pairs in a graph structure. SPIKE matches 40 pairs in cycles of length 2 in less than 4 min and outperforms the previous state-of-the-art protocol by a factor of $$400\times$$
400
×
in runtime while providing medically more robust solutions.
Conclusions
We show how to solve the KEP in a robust and privacy-preserving manner achieving significantly more practical performance than the current state-of-the-art (Breuer et al., WPES’20 and CODASPY’22). The usage of MPC techniques fulfills many data protection requirements on a technical level, allowing smaller health care providers to directly participate in a kidney exchange with reduced legal processes. As sensitive data are not leaving the institutions’ network boundaries, the patient data underlie a higher level of protection than in the currently employed (centralized) systems. Furthermore, due to reduced legal barriers, the proposed decentralized system might be simpler to implement in a transnational, intereuropean setting with mixed (national) data protecion laws.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.