efficiently protecting data and functions
play

Efficiently Protecting Data and Functions Thomas Schneider - PowerPoint PPT Presentation

Aug 23, 2023 •669 likes •1.31k views

Efficiently Protecting Data and Functions Thomas Schneider CROSSING Summer School September 13, 2019 1 Based on joint works with Daniel gnes Daniel Gnther Kiss Demmler and many more. 2 Outline 1. Secure Function Evaluation

  1. Efficiently Protecting Data and Functions Thomas Schneider CROSSING Summer School September 13, 2019 1

  2. Based on joint works with… Daniel Ágnes Daniel Günther Kiss Demmler … and many more. 2

  3. Outline 1. Secure Function Evaluation with Mixed Protocols 2. Private Function Evaluation of Boolean Circuits 3

  4. Outline 1. Secure Function Evaluation with Mixed Protocols 2. Private Function Evaluation of Boolean Circuits 4

  5. Secure Function Evaluation (SFE) SFE % # ! !(#, %) 5

  6. Secure Function Evaluation (SFE) Public function !(⋅,⋅) Is S • compute arbitrary function ! richer? x < y • on private data ', ( Client , Server - • without trusted third party • reveal nothing but result ) = !(', () Private data ' Private data ( x = $1 Mio y = $2 Mio SFE Example: Yao’s Millionaires’ Problem true ) = !(', () 6

  7. Applications of Secure Function Evaluation (Small Selection) Auctions [NPS99], ... Remote Diagnostics [BPSW07], ... DNA Searching [TKC07], ... Biometric Identification [EFGKLT09], ... Medical Diagnostics [BFKLS S 09], ... 7

  8. Implementing Secure Function Evaluation Function Idea Boolean Arithmetic Representation Circuits Circuits Protocol DGK Paillier OT Yao GMW Point-and- Fixed-Key Optimizations Free-XOR Half-Gates permute Garbling 8

  9. Example for Mixed-Protocol SFE: Minimum Euclidean Distance Minimum Euclidean Distance: min(∑ d i= 1 ( S i ,1 – C i ) 2 , …, ∑ d i=1 ( S i,n – C i ) 2 ) l Server holds database S , client holds query C l Used in biometric matching (face-recognition, fingerprint, …) Function Arithmetic Boolean Circuits Circuits DGK Paillier OT Yao GMW 9

  10. Example for Mixed-Protocol SFE: Minimum Euclidean Distance Minimum Euclidean Distance: min(∑ d i= 1 ( S i ,1 – C i ) 2 , …, ∑ d i=1 ( S i,n – C i ) 2 ) l Server holds database S , client holds query C l Used in biometric matching (face-recognition, fingerprint, …) Function Arithmetic Boolean Circuits Circuits DGK Paillier OT Yao GMW 10

  11. Example for Mixed-Protocol SFE: Minimum Euclidean Distance Minimum Euclidean Distance: min(∑ d i= 1 ( S i ,1 – C i ) 2 , …, ∑ d i=1 ( S i,n – C i ) 2 ) l Server holds database S , client holds query C l Used in biometric matching (face-recognition, fingerprint, …) Function Arithmetic Boolean Circuits Circuits DGK Paillier OT Yao GMW 11

  12. The ABY Framework [DSZ15] c=a*b A A rithmetic sharing: v = a + b mod 2 ℓ c a ● Free addition / cheap multiplication , b ● Good for multiplication B Y B oolean sharing: v = a ⊕ b [GMW87] Free XOR / one message per AND c=a*b ● Good for multiplexing ● Multiplication (32-bit) Y ao's garbled circuits: S: k 0 ,k 1 ; C: k v [Yao86] Protocol Yao Mixed Free XOR / no interaction per AND ● LAN [μs] 1.1 0.1 Good for comparison ● Comm. 100 5 [KB] [D S Z15] D. Demmler, T. Schneider, M. Zohner: ABY – A Framework for Efficient Mixed-Protocol Secure Two-party Computation. In NDSS’15. 12

  13. The ABY Framework [DSZ15] C++-Framework for efficient hybrid SFE • Efficient secure two-party computation protocols & conversions using symmetric crypto • Code: https://encrypto.de/code/ABY Function Circuit Protocols Program automated manual manual A >_ Idea B Y [D S Z15] D. Demmler, T. Schneider, M. Zohner: ABY – A Framework for Efficient Mixed-Protocol Secure Two-party Computation. In NDSS’15. 13

  14. HDL Circuits [DDKSSZ15] Compilation from HDL into SFE and efficient building blocks • Function description in Verilog/VHDL (or via high-level synthesis in C) • Extends TinyGarble by hardware synthesis for depth-optimized circuits: [SHS S K15] E. Songhori, S. Hussain, A.-R. Sadeghi, T. Schneider, F. Koushanfar: TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits. In S&P’15. Function HDL Circuit Protocols Program automated automated manual manual A 1 >_ 2 Idea *.vhdl 3 4 B Y 5 [DDKS S Z15] D. Demmler, G. Dessouky, F. Koushanfar, A.-R. Sadeghi, T. Schneider, S. Zeitouni. Automated Synthesis of Optimized Circuits for Secure Computation. In CCS’15. 14

  15. HyCC [BDKKS18] Fully automated compilation from C into hybrid SFE • Extension of CBMC-GC and combination with ABY: [HFKV12] A. Holzer, M. Franz, S. Katzenbeisser, H. Veith: Secure Two-party Computations in ANSI C. In CCS‘12 . • Automated partitioning and protocol selection Function C Circuit Protocols Program automated automated automated manual A 1 >_ 2 Idea *.c 3 4 B Y 5 [BDKK S 18] N. Büscher, D. Demmler, S. Katzenbeisser, D. Kretzmer, T. Schneider. HyCC: Compilation of Hybrid Protocols for Practical Secure Computation. In CCS’18. 15

  16. HyCC – Hybrid MPC Applications Protocol online runtime: Protocol online runtime: Biometric Matching (n=1000) Textbook Gauss Solver (n=10) Runtime Runtime Runtime Runtime Total LAN WAN LAN WAN Communication Yao GC (Y) 1,177 ms 1,789 ms Y 429 ms 631 ms 31 MB GMW (B) 2,932 ms 7,974 ms A + Y 256 ms 4,235 ms 10 MB LSS and GMW 131 ms 4,249 ms (A+B) Protocol online runtime: LSS and Yao GC 70 ms 584 ms MiniONN CNN (Relu, MNIST dataset) (A+Y) Runtime Runtime LAN WAN All circuits compiled with HyCC and evaluated [LJLA17] 5,740 ms - in the ABY framework. LAN: 1Gbit / WAN: 100Mbit and 100ms RTT. A + Y 1,621 ms 5,882 ms 16

  17. Outline 1. Secure Function Evaluation with Mixed Protocols 2. Private Function Evaluation of Boolean Circuits 17

  18. Secure Function Evaluation of Boolean Circuits Boolean circuit % # !(#, %) , 18

  19. Private Function Evaluation (PFE) PFE ! # !(#) 19

  20. Private Function Evaluation of Boolean Circuits PFE C # !(#) 20

  21. Applications of PFE of Boolean Circuits Solvency verification Smart metering Insurance rate & credit Private databases risk assessment 21

  22. Challenges – Hiding the Circuit • Public: 1 = 4 Number of inputs 1 • Number of outputs 2 • ? ? Number of gates 3 • 3 = 4 ? ? • Private: • Functionality of gates ? • Topology of circuit 2 = 1 22

  23. Universal Circuit (UC) There exists a Boolean circuit 6, of size Θ 8 log 8 s.t. for any Boolean function ! of size 8 6, can be programmed to compute !. Leslie G. Valiant 1976 ! 6, 23

  24. Universal Circuit (UC) There exists a Boolean circuit 6, of size Θ 8 log 8 s.t. for any Boolean function ! of size 8 there exists a programming = such that for any input #: 6, =, # = ! # . # # = Leslie G. Valiant 1976 !(#) 6, =, # = !(#) 24

  25. PFE of Boolean Circuits PFE , ?, @, A # !(#) 25

  26. PFE of Boolean Circuits via SFE of a UC p # 6, ?,@,A ! # = 6, =, # 26

  27. Further Applications of UCs beyond PFE Obfuscation Attribute-based Encryption Adaptively Secure MPC Batch Execution MPC 27

  28. UC Generation gates inputs C (size: 8 = 1 + 2 + 3 ) outputs UC Generation Programming bits p Universal circuit UC 28

  29. Existing UC Constructions [Val76] 1976 [Val76] [Val76] 2-way 4-way 58 log 8 4.758 log 8 Size 3.758 Depth 38 Code [Val76] L. G. Valiant: Universal Circuits (Preliminary Report). In STOC’76. 29

  30. Valiant’s UC Construction C size ≤ 8 8 Graph G C C G C 30

  31. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Universal circuit UC G C UG 31

  32. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Universal circuit UC G C UG 32

  33. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Universal circuit UC G C UG 33

  34. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Programming bits p Universal circuit UC 34

  35. 2-way Recursive UG Construction 6H I K L 6H ⁄ 6H ⁄ I K I K LL 6H ⁄ LK KL KK 6H ⁄ 6H ⁄ 6H ⁄ I M I M I M I M ... ... ... ... ... 35

  36. 2-way Recursive UG Construction 6H I K L 6H ⁄ 6H ⁄ I K I K LL 6H ⁄ LK KL KK 6H ⁄ 6H ⁄ 6H ⁄ I M I M I M I M KKL 6H ⁄ LLL 6H ⁄ KLL 6H ⁄ LKL 6H ⁄ LLK KKK KLK LKK 6H ⁄ 6H ⁄ 6H ⁄ 6H ⁄ I N I N I N I N I N I N I N I N 36

  37. A „Small„ Example 1 = 25 Q RS 835 nodes / 3 = 56 869 AND gates 2 = 1 37

  38. Existing UC Constructions [Val76] [K S 08] 1976 2008 [Val76] [Val76] [KS08] 2-way 4-way 1.58 log 2 8 58 log 8 4.758 log 8 Size + 28 log 8 Depth 38 3.758 8 log 8 Code [K S 08] V. Kolesnikov, T. Schneider: A Practical Universal Circuit Construction and Secure Evaluation of Private Functions. In FC’08 . 38

  39. Existing UC Constructions [K S 16] [Val76] [K S 08] [LMS16] 1976 2008 2016 [Val76] [Val76] [KS08] 2-way 4-way 1.58 log 2 8 58 log 8 4.758 log 8 Size + 28 log 8 Depth 38 3.758 8 log 8 Code [K S 16] Á. Kiss, T. Schneider: Valiant's Universal Circuit is Practical. In EUROCRYPT’16. [LMS16] H. Lipmaa, P. Mohassel, S. Sadeghian: Valiant's Universal Circuit: Improvements, Implementation, and Applications. In ePrint 2016/017. 39

  40. Comparison [K S 08] UC Size of the UC [Val76] 2-way UC n=1070 Input circuit size 8 40

Recommend

Citadel: Efficiently Protecting Stacked Memory From Large Granularity Failures Dec 15 th 2014

Citadel: Efficiently Protecting Stacked Memory From Large Granularity Failures Dec 15 th 2014

Citadel: Efficiently Protecting Stacked Memory From Large Granularity Failures Dec 15 th 2014 MICRO-47 Cambridge UK Prashant Nair - Georgia Tech David Roberts - AMD Research Moinuddin Qureshi - Georgia Tech INTRODUCTION TO 3D DRAM DRAM

533 views • 40 slides
A method for efficiently calculating head-related transfer functions (HRTFs) directly from head

A method for efficiently calculating head-related transfer functions (HRTFs) directly from head

Paper Number 9892 A method for efficiently calculating head-related transfer functions (HRTFs) directly from head scan point clouds Presented at the 143rd AES Convention October 21, 2017, New York, NY, USA Rahulram Sridhar (presenter) Edgar

600 views • 29 slides
Iterators and Generators Sequences: tuple, list return functions Dictionaries

Iterators and Generators Sequences: tuple, list return functions Dictionaries

4/20/20 Computational Structures in Data Computational Concepts Toolbox Science Data type: values, literals, Higher Order Functions operations, Functions as Values Expressions, Call Functions with functions as argument

55 views • 4 slides
Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig Network Security Group ETH Zrich 1 Why worry about Big Data Security? Security is well understood and well handled! Really? 2 Problem

360 views • 16 slides
16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types

16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types

Data Structures A data structure is a particular way of organizing data in a computer 16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types stack, queue 446 447 Motivation: Stack Examples using a

258 views • 7 slides
Properties of (functions may return functions) Functions may be passed as parameter

Properties of (functions may return functions) Functions may be passed as parameter

Functions as first class citizens Function may be a value of an expression Properties of (functions may return functions) Functions may be passed as parameter functional Functions may be stored in data structures languages

306 views • 11 slides
Efficiently Backing up Terabytes of Data with pgBackRest David Steele LISA 2015 November 11,

Efficiently Backing up Terabytes of Data with pgBackRest David Steele LISA 2015 November 11,

Efficiently Backing up Terabytes of Data with pgBackRest David Steele LISA 2015 November 11, 2015 About the Speaker Senior Data Architect at Crunchy Data Solutions, the PostgreSQL company for secure enterprises. Actively developing

288 views • 15 slides
Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice Nov. 16, 2017 Agenda Why sharing and protecting student data matters Sharing data deep dive Protecting data deep dive Tips

313 views • 30 slides
Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia

Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia

Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia 2017 July 6, 2017 Agenda 1 Why Backup? 2 Living Backups 3 Design 4 Features Performance 5 Changes to Core 6 In The Pipeline 7 8

376 views • 25 slides
Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6 million 63% Identity fraud is a serious issue. people experienced of confirmed data Fraudsters have identity theft in 2014 breaches involved stolen

605 views • 29 slides
Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W.

Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W.

Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W. Embley DEG Lab BYU Computer Science Dept. Supported by National Science Foundation Grant #0083127 Introduction Integrating data from multiple

268 views • 15 slides
Typical Applications Map functions on data structures Scheduling functions PolyTest

Typical Applications Map functions on data structures Scheduling functions PolyTest

Typical Applications Map functions on data structures Scheduling functions PolyTest polymorphic testing monomorphic testing over functions Many, many more...? Today: quantification over functions is avoided No Show

329 views • 16 slides
An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel Abdalla, Fabrice Benhamouda, Alain Passelgue Pseudorandom functions [GGM86] - efficiently computable function : -

1.01k views • 56 slides
Functions http://xkcd.com/221/ Fundamentals of Computer Science Outline Functions

Functions http://xkcd.com/221/ Fundamentals of Computer Science Outline Functions

Functions http://xkcd.com/221/ Fundamentals of Computer Science Outline Functions Library Functions Helper functions Perform calculations Output data Consolidate similar code to one location Functions Flow of

1.01k views • 23 slides
Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed Presidents Executive Council on 13 Jan: recommended to proceed with deploying a Sensitive Data Manager tool on all UND owned computers to

321 views • 6 slides
Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent

Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent

Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent induction nduction of labour of labour Janet Lyons Henry Woo MD FRCSC MD MPH CCFP FRCSC Medical Lead, High Risk Obstetrics

913 views • 54 slides
How Data is DNC Transforming Politics Effective campaigns use limited resources to efficiently

How Data is DNC Transforming Politics Effective campaigns use limited resources to efficiently

How Data is DNC Transforming Politics Effective campaigns use limited resources to efficiently net enough votes for their candidate to win. Spend money in the right places GOALS OF POLITICAL CAMPAIGNS Run cost-effective programs Focus on

408 views • 28 slides
P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g Capsules Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash Problem: Malicious S oftware Computing becomes pervasive, so is malware

524 views • 29 slides
Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data

Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data

Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data Protecting Personal Data Privacy &amp; Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Computational Concepts Toolbox Data type: values, literals, Higher Order Functions

Computational Concepts Toolbox Data type: values, literals, Higher Order Functions

Computational Concepts Toolbox Data type: values, literals, Higher Order Functions operations, Functions as Values Expressions, Call Functions with functions as Abstract Data Types argument expression Assignment of

261 views • 9 slides
What are we protecting? Student Data (SSN, Grades, DOBs, Credit card) Employee Data

What are we protecting? Student Data (SSN, Grades, DOBs, Credit card) Employee Data

Freeze your credit will stop someone from opening a new line of credit in your name FREE! You can unfreeze your credit at any time Get an annual copy of your credit report and review it ALSO FREE! What are we protecting? Student

885 views • 31 slides
Where we are going Where we have been Where we are now PUSD Running ning Ef Efficiently

Where we are going Where we have been Where we are now PUSD Running ning Ef Efficiently

Where we are going Where we have been Where we are now PUSD Running ning Ef Efficiently iently Running efficiently despite our obstacles Desp spit ite e our Obsta tacles cles Miller Valley Elementary School Washington Elementary

341 views • 18 slides
Higher order functions Functions that take other functions as parameters Easily supported

Higher order functions Functions that take other functions as parameters Easily supported

Higher order functions Functions that take other functions as parameters Easily supported in languages that are dynamically typed and where functions treated as a type of data More complex in statically typed languages where functions

239 views • 4 slides
Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA, projet CODES Outline 1 Introduction 2 A first algorithm 3 A more efficient version 4 Benchmarks Part 1 Introduction Boolean functions and

579 views • 24 slides

More recommend