SoK: General Purpose Frameworks for Secure Multi-party Computation - - PowerPoint PPT Presentation

sok general purpose frameworks for secure multi party
SMART_READER_LITE
LIVE PREVIEW

SoK: General Purpose Frameworks for Secure Multi-party Computation - - PowerPoint PPT Presentation

Sep 16, 2022 758 likes •1.14k views

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

slide-1
SLIDE 1

SoK: General Purpose Frameworks for Secure Multi-party Computation

Marcella Hastings Brett Hemenway Daniel Noble Steve Zdancewic University of Pennsylvania

1 / 20

slide-2
SLIDE 2

Secure Multi-party Computation (MPC)

Compute an arbitrary function among mutually distrustful parties

2 / 20

slide-3
SLIDE 3

Secure Multi-party Computation (MPC)

Compute an arbitrary function among mutually distrustful parties ◮ Set beet prices at auction [BCD+09] ◮ Input: Beet quantities and prices ◮ Output: Market clearing price

2 / 20

slide-4
SLIDE 4

Secure Multi-party Computation (MPC)

Compute an arbitrary function among mutually distrustful parties ◮ Set beet prices at auction [BCD+09] ◮ Input: Beet quantities and prices ◮ Output: Market clearing price ◮ Compute statistics on sensitive data [LVB+16,BLV17] ◮ Input: Salary and payroll data from 150 companies ◮ Output: Financial statistics and analytics

2 / 20

slide-5
SLIDE 5

Motivating end-to-end frameworks for MPC

◮ Custom one-off solutions are unsustainable

3 / 20

slide-6
SLIDE 6

Motivating end-to-end frameworks for MPC

◮ Custom one-off solutions are unsustainable ◮ Protocols assumed impractical until Fairplay [MNPS04]

3 / 20

slide-7
SLIDE 7

Motivating end-to-end frameworks for MPC

◮ Custom one-off solutions are unsustainable ◮ Protocols assumed impractical until Fairplay [MNPS04] ◮ Performance improvements rapidly advanced state-of-the-art

◮ OT extension [YKNP03] ◮ Free XOR gates [KS08] ◮ Half-gates [ZRE15] ◮ AES-NI

3 / 20

slide-8
SLIDE 8

Modern General-Purpose Frameworks

function description compiler runtime Framework function input function

  • utput

4 / 20

slide-9
SLIDE 9

Modern General-Purpose Frameworks

function description compiler runtime Framework function input function

  • utput

◮ Who are frameworks designed for? ◮ Can the languages express complex, interesting functions? ◮ Are the protocols appropriate for practical settings? ◮ Has software development moved beyond “research code”?

4 / 20

slide-10
SLIDE 10

Contributions

Survey

◮ Surveyed 9 frameworks and 2 circuit compilers ◮ Recorded protocol, feature, implementation details ◮ Evaluated usability criteria

5 / 20

slide-11
SLIDE 11

Contributions

Survey

◮ Surveyed 9 frameworks and 2 circuit compilers ◮ Recorded protocol, feature, implementation details ◮ Evaluated usability criteria

Open-source framework repository

◮ Three sample programs in every framework ◮ Docker instances with complete build environments ◮ Documentation on compilation and execution

github.com/mpc-sok/frameworks

5 / 20

slide-12
SLIDE 12

Findings

Most frameworks are in good shape!

◮ Diverse set of threat models and protocols ◮ Expressive high-level languages ◮ Accessible, open-source, and compilable

6 / 20

slide-13
SLIDE 13

Findings

Most frameworks are in good shape!

◮ Diverse set of threat models and protocols ◮ Expressive high-level languages ◮ Accessible, open-source, and compilable

Room for improvement

◮ Engineering limitations ◮ Barriers to usability

6 / 20

slide-14
SLIDE 14

Frameworks: A brief overview

Protocol family Parties Semi-honest Malicious EMP-toolkit [WMK17] GC 2

  • Obliv-C

[ZH15] GC 2

  • ObliVM

[LWNHS15] GC 2

  • TinyGarble

[SHSSK15] GC 2

  • Wysteria

[RHH14] MC 2+

  • ABY

[DSZ15] GC,MC 2

  • SCALE-MAMBA
  • Hybrid

2+

  • Sharemind

[BLW08] Hybrid 3

  • PICCO

[ZSB13] Hybrid 3+

  • Frigate

[MGCKT16]

  • 2+
  • CBMC-GC

[HFKV12]

  • 2+
  • GC = Garbled Circuit

MC = Multi-party circuit-based

7 / 20

slide-15
SLIDE 15

Frameworks: A brief overview

Protocol family Parties Semi-honest Malicious EMP-toolkit [WMK17] GC 2

  • Obliv-C

[ZH15] GC 2

  • ObliVM

[LWNHS15] GC 2

  • TinyGarble

[SHSSK15] GC 2

  • Wysteria

[RHH14] MC 2+

  • ABY

[DSZ15] GC,MC 2

  • SCALE-MAMBA
  • Hybrid

2+

  • Sharemind

[BLW08] Hybrid 3

  • PICCO

[ZSB13] Hybrid 3+

  • Frigate

[MGCKT16]

  • 2+
  • CBMC-GC

[HFKV12]

  • 2+
  • GC = Garbled Circuit

MC = Multi-party circuit-based

8 / 20

slide-16
SLIDE 16

Garbled circuit protcols

Introduced by [Yao82, Yao86]

garble evaluate function

  • utput

runtime ◮ Function represented as Boolean circuits ◮ Typically semi-honest, 2-party

9 / 20

slide-17
SLIDE 17

Frameworks: A brief overview

Protocol family Parties Semi-honest Malicious EMP-toolkit [WMK17] GC 2

  • Obliv-C

[ZH15] GC 2

  • ObliVM

[LWNHS15] GC 2

  • TinyGarble

[SHSSK15] GC 2

  • Wysteria

[RHH14] MC 2+

  • ABY

[DSZ15] GC,MC 2

  • SCALE-MAMBA
  • Hybrid

2+

  • Sharemind

[BLW08] Hybrid 3

  • PICCO

[ZSB13] Hybrid 3+

  • Frigate

[MGCKT16]

  • 2+
  • CBMC-GC

[HFKV12]

  • 2+
  • GC = Garbled Circuit

MC = Multi-party circuit-based

10 / 20

slide-18
SLIDE 18

Multi-party circuit-based protcols

Introduced by [GMW87, BGW88, CCD88]

. . . . . . . . . ◮ Functions represented as Boolean or arithmetic circuits ◮ Data represented as linear secret shares ◮ Various threat models and protocol types (information-theoretic or cryptographic)

11 / 20

slide-19
SLIDE 19

Frameworks: A brief overview

Protocol family Parties Semi-honest Malicious EMP-toolkit [WMK17] GC 2

  • Obliv-C

[ZH15] GC 2

  • ObliVM

[LWNHS15] GC 2

  • TinyGarble

[SHSSK15] GC 2

  • Wysteria

[RHH14] MC 2+

  • ABY

[DSZ15] GC,MC 2

  • SCALE-MAMBA
  • Hybrid

2+

  • Sharemind

[BLW08] Hybrid 3

  • PICCO

[ZSB13] Hybrid 3+

  • Frigate

[MGCKT16]

  • 2+
  • CBMC-GC

[HFKV12]

  • 2+
  • GC = Garbled Circuit

MC = Multi-party circuit-based

12 / 20

slide-20
SLIDE 20

Inner product: Illustrating language abstractions

Frigate: standard (C-style) abstraction

int r e s u l t = 0; for ( int i =0; i <LEN ; i++) { r e s u l t = r e s u l t + (A. data [ i ] ∗ B. data [ i ] ) ; }

13 / 20

slide-21
SLIDE 21

Inner product: Illustrating language abstractions

Frigate: standard (C-style) abstraction

int r e s u l t = 0; for ( int i =0; i <LEN ; i++) { r e s u l t = r e s u l t + (A. data [ i ] ∗ B. data [ i ] ) ; }

PICCO: custom primitive, high level abstraction

int r e s u l t = A @ B;

13 / 20

slide-22
SLIDE 22

Inner product: Illustrating language abstractions

ABY: Low-level access

share ∗A, ∗B; A = c i r c − >PutMULGate(A, B) ; A = c i r c − >P u t S p l i t t e r G a t e (A) ; for ( u i n t 3 2 t i = 1; i < LEN ; i++) { A− >s e t w i r e i d ( 0 , c i r c − >PutADDGate(A− >g e t w i r e i d (0) , A− >g e t w i r e i d ( i ) ) ) ; } A− >s e t b i t l e n g t h ( 1 ) ; share ∗ r e s u l t = c i r c − >PutOUTGate(A, ALL ) ;

14 / 20

slide-23
SLIDE 23

Software engineering

Complicated, non-trivial build systems

◮ Set up certificate authority or PKI ◮ Compile specific OpenSSL version from source ◮ No dependency lists, manual search for compile errors ◮ Estimated time: 1-2 weeks per framework

15 / 20

slide-24
SLIDE 24

Software engineering

Complicated, non-trivial build systems

◮ Set up certificate authority or PKI ◮ Compile specific OpenSSL version from source ◮ No dependency lists, manual search for compile errors ◮ Estimated time: 1-2 weeks per framework

Significant software projects

◮ Cryptographic protocols ◮ Distributed communication ◮ Interfacing with other systems

15 / 20

slide-25
SLIDE 25

Software engineering

Complicated, non-trivial build systems

◮ Set up certificate authority or PKI ◮ Compile specific OpenSSL version from source ◮ No dependency lists, manual search for compile errors ◮ Estimated time: 1-2 weeks per framework

Significant software projects

◮ Cryptographic protocols ◮ Distributed communication ◮ Interfacing with other systems

◮ ObliVM: We couldn’t return more than 32 bits

15 / 20

slide-26
SLIDE 26

Documentation

◮ Language documentation: How do I write secure code? ◮ Code samples: What does a working example look like? ◮ Code documentation: How does this example work? ◮ Online support: Where can I ask questions? ◮ Open-source: Can I run this without buying something?

Half the frameworks have no more than 3 of these

16 / 20

slide-27
SLIDE 27

Limited language documentation is frustrating

◮ CBMC-GC: int mpc main ( int a l i c e , int bob ) { return a l i c e ∗ bob ; } $ make [...] Uncaught exception: Unknown literal: 33. Did you forget to return a value or assign a value to a OUTPUT variable?

17 / 20

slide-28
SLIDE 28

Limited language documentation is frustrating

◮ CBMC-GC: Arguments must be called INPUT <var> int mpc main ( int INPUT alice , int INPUT bob ) { return INPUT alice ∗ INPUT bob ; } $ make [. . . ] Gates: 5648 with 1986 Non-XOR and 0 LUTs Depth: 151 with 32 Non-XOR

17 / 20

slide-29
SLIDE 29

Limited language documentation is frustrating

◮ CBMC-GC: Arguments must be called INPUT <var> ◮ ObliVM: int main ( int a l i c e , int bob ){ secure int r e s u l t = a l i c e ∗ bob ; return r e s u l t ; } $ ./run-compiler 12345 multiply.lcc [ERROR] Error: Parsing Error Encountered ” ”alice” ”alice ”” at line 3, column 21. Was expecting one of: IDENTIFIER ... ”[” ... ”@” ... ”¡” ...

17 / 20

slide-30
SLIDE 30

Limited language documentation is frustrating

◮ CBMC-GC: Arguments must be called INPUT <var> ◮ ObliVM: alice and bob are reserved keywords int main ( int aaaaa , int bbb ){ secure int r e s u l t = aaaaa ∗ bbb ; return r e s u l t ; } $ ./run-compiler 12345 multiply.lcc [INFO] The program type checks [INFO] Compiling mult3.lcc succeeds [INFO] Compilation finishes successfully.

17 / 20

slide-31
SLIDE 31

Limited language documentation is frustrating

◮ CBMC-GC: Arguments must be called INPUT <var> ◮ ObliVM: alice and bob are reserved keywords ◮ Wysteria: Language docs don’t account for parser limitations

17 / 20

slide-32
SLIDE 32

Limited language documentation is frustrating

◮ CBMC-GC: Arguments must be called INPUT <var> ◮ ObliVM: alice and bob are reserved keywords ◮ Wysteria: Language docs don’t account for parser limitations ◮ EMP-toolkit: ≈1 comment per 600 lines of code

17 / 20

slide-33
SLIDE 33

Documentation appreciation and recommendations

Frameworks with excellent documentation

◮ ABY: 35-page language guide; only slightly out-of-date ◮ SCALE-MAMBA: 100+ pages of documentation ◮ Sharemind: Auto-generated language guide online

18 / 20

slide-34
SLIDE 34

Documentation appreciation and recommendations

Frameworks with excellent documentation

◮ ABY: 35-page language guide; only slightly out-of-date ◮ SCALE-MAMBA: 100+ pages of documentation ◮ Sharemind: Auto-generated language guide online

Two recommendations for maintainers

◮ Multiple types of documentation drastically increase usability ◮ Online resources are sustainable and reduce workload

◮ Produces a living FAQ ◮ Allows users to interact

18 / 20

slide-35
SLIDE 35

What’s next for MPC?

Engineering and usability challenges aside, MPC is in good shape! Usability challenges have been acknowledged (IARPA HECTOR) Consider working with programming languages researchers Our repository is actively maintained!

19 / 20

slide-36
SLIDE 36

SoK: General Purpose Frameworks for Secure Multi-party Computation

Marcella Hastings Brett Hemenway Daniel Noble Steve Zdancewic University of Pennsylvania

github.com/mpc-sok/frameworks

20 / 20