MAGE: Nearly Zero-Cost Virtual Memory for Secure Computation

Secure Computation (SC) is a family of cryptographic primitives for computing on encrypted data in single-party and multi-party settings. SC is being increasingly adopted by industry for a variety of applications. A significant obstacle to using SC for practical applications is the memory overhead of the underlying cryptography. We develop MAGE, an execution engine for SC that efficiently runs SC computations that do not fit in memory. We observe that, due to their intended security guarantees, SC schemes are inherently oblivious— their memory access patterns are independent of the input data. Using this property, MAGE calculates the memory access pattern ahead of time and uses it to produce a memory management plan. This formulation of memory management, which we call memory programming, is a generalization of paging that allows MAGE to provide a highly efficient virtual memory abstraction for SC. MAGE outperforms the OS virtual memory system by up to an order of magnitude, and in many cases, runs SC computations that do not fit in memory at nearly the same speed as if the underlying machines had unbounded physical memory to fit the entire computation.

[1]  Patrick Traynor,et al.  Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[2]  Boris Grot,et al.  Benchmarking, analysis, and optimization of serverless function snapshots , 2021, ASPLOS.

[3]  James W. Layland,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[4]  Peter J. Denning,et al.  Virtual memory , 1970, CSUR.

[5]  Michael D. Smith,et al.  Quality and speed in linear-scan register allocation , 1998, PLDI.

[6]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[7]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[8]  Azer Bestavros,et al.  Conclave: secure multi-party computation on big data , 2019, EuroSys.

[9]  Calvin Lin,et al.  Rethinking Belady's Algorithm to Accommodate Prefetching , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[10]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  Wei Dai,et al.  EVA: an encrypted vector arithmetic language and compiler for efficient homomorphic computation , 2019, PLDI.

[12]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[13]  Keith D. Cooper,et al.  Live Range Splitting in a Graph Coloring Register Allocator , 1998, International Conference on Compiler Construction.

[14]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[15]  Carlos Maltzahn,et al.  I/O acceleration with pattern detection , 2013, HPDC.

[16]  Joseph M. Hellerstein,et al.  Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics , 2020, IACR Cryptol. ePrint Arch..

[17]  Nicolas Gama,et al.  Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds , 2016, ASIACRYPT.

[18]  Dragos Rotaru,et al.  Maliciously Secure Matrix Multiplication with Applications to Private Deep Learning , 2020, IACR Cryptol. ePrint Arch..

[19]  Helmut Veith,et al.  Secure two-party computations in ANSI C , 2012, CCS.

[20]  Stratis Ioannidis,et al.  Privacy-Preserving Ridge Regression on Hundreds of Millions of Records , 2013, 2013 IEEE Symposium on Security and Privacy.

[21]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[22]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[23]  Ahmad-Reza Sadeghi,et al.  TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits , 2015, 2015 IEEE Symposium on Security and Privacy.

[24]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[25]  Abel N. Kho,et al.  SMCQL: Secure Query Processing for Private Data Networks , 2016, Proc. VLDB Endow..

[26]  Kai Li,et al.  Learning Relaxed Belady for Content Distribution Network Caching , 2020, NSDI.

[27]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[28]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[30]  Mosharaf Chowdhury,et al.  Effectively Prefetching Remote Memory with Leap , 2019, USENIX ATC.

[31]  Farinaz Koushanfar,et al.  XONN: XNOR-based Oblivious Deep Neural Network Inference , 2019, IACR Cryptol. ePrint Arch..

[32]  David Evans,et al.  Obliv-C: A Language for Extensible Data-Oblivious Computation , 2015, IACR Cryptol. ePrint Arch..

[33]  Christoforos E. Kozyrakis,et al.  Learning Memory Access Patterns , 2018, ICML.

[34]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[35]  Ion Stoica,et al.  Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning , 2021, IACR Cryptol. ePrint Arch..

[36]  Abhi Shelat,et al.  PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation , 2013, USENIX Security Symposium.

[37]  Jens Gustedt,et al.  Linear-time register allocation for a fixed number of registers , 1998, SODA '98.

[38]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[39]  Yao Lu,et al.  Oblivious Neural Network Predictions via MiniONN Transformations , 2017, IACR Cryptol. ePrint Arch..

[40]  Vincenzo Liberatore,et al.  On local register allocation , 2000, SODA '98.

[41]  Raluca Ada Popa,et al.  Delphi: A Cryptographic Inference System for Neural Networks , 2020, IACR Cryptol. ePrint Arch..

[42]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[43]  Marcel Keller,et al.  Overdrive: Making SPDZ Great Again , 2018, IACR Cryptol. ePrint Arch..

[44]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[45]  Frank Wang,et al.  Splinter: Practical Private Queries on Public Data , 2017, NSDI.

[46]  Kurt Keutzer,et al.  Checkmate: Breaking the Memory Wall with Optimal Tensor Rematerialization , 2019, MLSys.

[47]  Michael K. Reiter,et al.  How to end password reuse on the web , 2019, NDSS.

[48]  Marcos K. Aguilera,et al.  AIFM: High-Performance, Application-Integrated Far Memory , 2020, OSDI.

[49]  Anwar Hithnawi,et al.  SoK: Fully Homomorphic Encryption Compilers , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[50]  Hanspeter Mössenböck,et al.  Optimized interval splitting in a linear scan register allocator , 2005, VEE '05.

[51]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[52]  David R. Cheriton,et al.  Application-controlled physical memory using external page-cache management , 1992, ASPLOS V.

[53]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[54]  Anantha Chandrakasan,et al.  Gazelle: A Low Latency Framework for Secure Neural Network Inference , 2018, IACR Cryptol. ePrint Arch..

[55]  Chenkai Weng,et al.  Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) , 2020, IACR Cryptol. ePrint Arch..

[56]  Jeff Bonwick,et al.  The Slab Allocator: An Object-Caching Kernel , 1994 .

[57]  Peter J. Denning,et al.  Thrashing: its causes and prevention , 1968, AFIPS Fall Joint Computing Conference.

[58]  Brett Hemenway,et al.  SoK: General Purpose Compilers for Secure Multi-Party Computation , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[59]  Jung Hee Cheon,et al.  Homomorphic Encryption for Arithmetic of Approximate Numbers , 2017, ASIACRYPT.

[60]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[61]  Osman Biçer Efficiency Optimizations on Yao's Garbled Circuits and Their Practical Applications , 2017, ArXiv.

[62]  John Cocke,et al.  Register Allocation Via Coloring , 1981, Comput. Lang..

[63]  Xiaoqian Jiang,et al.  Secure Outsourced Matrix Computation and Application to Neural Networks , 2018, CCS.

[64]  Brian Randell,et al.  A note on storage fragmentation and program segmentation , 1969, CACM.

[65]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[66]  Renaud Sirdey,et al.  Armadillo: A Compilation Chain for Privacy Preserving Applications , 2015, IACR Cryptol. ePrint Arch..

[67]  Kevin R. B. Butler,et al.  Memory-Efficient Garbled Circuit Generation for Mobile Devices , 2012, Financial Cryptography.

[68]  Irene Zhang,et al.  Fast restore of checkpointed memory using working set estimation , 2011, VEE '11.

[69]  Stefan Katzenbeisser,et al.  Faster Secure Computation through Automatic Parallelization , 2015, USENIX Security Symposium.

[70]  Sophia Yakoubov,et al.  A Gentle Introduction to Yao ’ s Garbled Circuits , 2017 .

[71]  Laszlo A. Belady,et al.  A Study of Replacement Algorithms for Virtual-Storage Computer , 1966, IBM Syst. J..

[72]  Bengt Karlöf,et al.  Benchmarking , 1998, Performance.

[73]  Peter J. Denning,et al.  Working Sets Past and Present , 1980, IEEE Transactions on Software Engineering.

[74]  Ion Stoica,et al.  Helen: Maliciously Secure Coopetitive Learning for Linear Models , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[75]  Yan Huang,et al.  NANOPI: Extreme-Scale Actively-Secure Multi-Party Computation , 2018, CCS.

[76]  Laszlo A. Belady,et al.  An anomaly in space-time characteristics of certain programs running in a paging machine , 1969, CACM.

[77]  Vitaly Shmatikov,et al.  Towards Practical Privacy for Genomic Computation , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[78]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[79]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators: Silent OT Extension and More , 2019, IACR Cryptol. ePrint Arch..