Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers

Many implementations of secure computation use fixed-key AES (modeled as a random permutation); this results in substantial performance benefits due to existing hardware support for AES and the ability to avoid recomputing the AES key schedule. Surveying these implementations, however, we find that most utilize AES in a heuristic fashion; in the best case this leaves a gap in the security proof, but in many cases we show it allows for explicit attacks.Motivated by this unsatisfactory state of affairs, we initiate a comprehensive study of how to use fixed-key block ciphers for secure computation—in particular for OT extension and circuit garbling—efficiently and securely. Specifically:•We consider several notions of pseudorandomness for hash functions (e.g., correlation robustness), and show provably secure schemes for OT extension, garbling, and other applications based on hash functions satisfying these notions.•We provide provably secure constructions, in the (non-programmable) random-permutation model, of hash functions satisfying the different notions of pseudorandomness we consider.Taken together, our results provide end-to-end security proofs for implementations of secure-computation protocols based on fixed-key block ciphers (modeled as random permutations). Perhaps surprisingly, at the same time our work also results in noticeable performance improvements over the state-of-the-art.

[1]  Julio César López-Hernández,et al.  SoK: A Performance Evaluation of Cryptographic Instruction Sets on Modern Architectures , 2018, APKC@AsiaCCS.

[2]  Rafail Ostrovsky,et al.  High-Precision Secure Computation of Satellite Collision Probabilities , 2016, SCN.

[3]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[4]  Brett Hemenway,et al.  SoK: General Purpose Compilers for Secure Multi-Party Computation , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[5]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[6]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[7]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[8]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[9]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[10]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[11]  Yehuda Lindell,et al.  More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[12]  Jooyoung Lee,et al.  Indifferentiability of the Sum of Random Permutations Toward Optimal Security , 2017, IEEE Transactions on Information Theory.

[13]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[14]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[15]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[16]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[17]  Mridul Nandi,et al.  Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the χ2 Method , 2018, IACR Cryptol. ePrint Arch..

[18]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[19]  Azer Bestavros,et al.  Accessible Privacy-Preserving Web-Based Data Analysis for Assessing and Addressing Economic Inequalities , 2018, COMPASS.

[20]  Bart Preneel,et al.  On the XOR of Multiple Random Permutations , 2015, ACNS.

[21]  Yan Huang,et al.  JIMU: Faster LEGO-Based Secure Computation Using Additive Homomorphic Hashes , 2017, ASIACRYPT.

[22]  Jesper Buus Nielsen,et al.  TinyLEGO: An Interactive Garbling Scheme for Maliciously Secure Two-party Computation , 2015, IACR Cryptol. ePrint Arch..

[23]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[24]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[25]  Marcel Keller,et al.  Actively Secure OT Extension with Optimal Overhead , 2015, CRYPTO.

[26]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[27]  Valérie Nachef,et al.  Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations , 2010, INDOCRYPT.

[28]  Stefan Lucks,et al.  The Sum of PRPs Is a Secure PRF , 2000, EUROCRYPT.

[29]  Stefano Tessaro,et al.  Information-Theoretic Indistinguishability via the Chi-Squared Method , 2017, CRYPTO.

[30]  Dan Bogdanov,et al.  Students and Taxes: a Privacy-Preserving Study Using Secure Computation , 2016, Proc. Priv. Enhancing Technol..

[31]  John Black,et al.  On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions , 2008, Journal of Cryptology.

[32]  Frank Wang,et al.  Splinter: Practical Private Queries on Public Data , 2017, NSDI.

[33]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[34]  Yehuda Lindell,et al.  Fast Garbling of Circuits Under Standard Assumptions , 2015, Journal of Cryptology.

[35]  Ronald L. Rivest,et al.  Indifferentiability of Permutation-Based Compression Functions and Tree-Based Modes of Operation, with Applications to MD6 , 2009, FSE.

[36]  Abhi Shelat,et al.  Scaling ORAM for Secure Computation , 2017, IACR Cryptol. ePrint Arch..

[37]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[38]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[39]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[40]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[41]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[42]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[43]  Vladimir Kolesnikov,et al.  Hashing Garbled Circuits for Free , 2017, EUROCRYPT.

[44]  Bart Preneel,et al.  Two-permutation-based hashing with binary mixing , 2015, J. Math. Cryptol..

[45]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[46]  Thomas Schneider,et al.  Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO , 2017, NDSS.

[47]  John P. Steinberger,et al.  Minimizing the Two-Round Even–Mansour Cipher , 2014, Journal of Cryptology.