Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation

Recent developments in secure computation have led to significant improvementsin efficiency and functionality. These efforts created compilers that form thebackbone of practical secure computation research. Unfortunately, many of theartifacts that are being used to demonstrate new research for secure computationare incomplete, incorrect, or unstable, leading to demonstrably erroneousresults and inefficiencies - extending even to the most recently developedcompiler systems. This is a problem because it hampers research and underminesfeasibility tests when other researchers attempt to use these tools. We addressthese problems and present Frigate, a principled compiler and fast circuitinterpreter for secure computation. To ensure correctness we apply bestpractices for compiler design and development, including the use of standarddata structures, helpful negative results, and structured validation testing. Our systematic validation tests include checks on the internal compiler state, combinations of operators, and edge cases based on widely used techniques anderrors we have observed in other work. This produces a compiler that buildscorrect circuits, is efficient and extensible. Frigate creates circuits withgate counts comparable to previous work, but does so with compile time speedupsas high as 447x compared with the best results from previous work in circuit compilers. By creating avalidated tool, our compiler will allow future secure computationimplementations to be developed quickly and correctly.

[1]  Joan Feigenbaum,et al.  A new approach to interdomain routing based on secure multi-party computation , 2012, HotNets-XI.

[2]  Joan Feigenbaum,et al.  Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values , 2014, CCS.

[3]  Temesghen Kahsai,et al.  Testing-Based Compiler Validation for Synchronous Languages , 2014, NASA Formal Methods.

[4]  Michael Zohner,et al.  GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits , 2013, Financial Cryptography.

[5]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[6]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[7]  Ben Riva,et al.  Salus: a system for server-aided secure function evaluation , 2012, CCS.

[8]  J. Boyar,et al.  On the multiplicative complexity of Boolean functions over the basis ∧,⊕,1 , 1998 .

[9]  Helmut Veith,et al.  Secure two-party computations in ANSI C , 2012, CCS.

[10]  Dan Bogdanov,et al.  Deploying Secure Multi-Party Computation for Financial Data Analysis - (Short Paper) , 2012, Financial Cryptography.

[11]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[12]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[13]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[14]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[15]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[16]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[17]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[18]  Patrick Traynor,et al.  Whitewash: outsourcing garbled circuit generation for mobile devices , 2014, ACSAC.

[19]  Patrick Traynor,et al.  For your phone only: custom protocols for efficient secure function evaluation on mobile devices , 2014, Secur. Commun. Networks.

[20]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[21]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[22]  Adam D. Smith,et al.  Efficient Two Party and Multi Party Computation Against Covert Adversaries , 2008, EUROCRYPT.

[23]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[24]  Abhi Shelat,et al.  Fast two-party secure computation with minimal assumptions , 2013, CCS.

[25]  Cheng Wang,et al.  A Validation Testsuite for OpenACC 1.0 , 2014, 2014 IEEE International Parallel & Distributed Processing Symposium Workshops.

[26]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[27]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[28]  Michael Hicks,et al.  Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations , 2014, 2014 IEEE Symposium on Security and Privacy.

[29]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[30]  Patrick Traynor,et al.  Secure outsourced garbled circuit evaluation for mobile devices , 2013, J. Comput. Secur..

[31]  José C. Monteiro,et al.  Weakest Precondition Synthesis for Compiler Optimizations , 2014, VMCAI.

[32]  Abhi Shelat,et al.  PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation , 2013, USENIX Security Symposium.

[33]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[34]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[35]  Joan Feigenbaum,et al.  Practical and Privacy-Preserving Policy Compliance for Outsourced Data , 2014, Financial Cryptography Workshops.

[36]  Patrick Traynor,et al.  Outsourcing secure two-party computation as a black box , 2015, Secur. Commun. Networks.

[37]  Kevin R. B. Butler,et al.  Memory-Efficient Garbled Circuit Generation for Mobile Devices , 2012, Financial Cryptography.

[38]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[39]  H.C.A. van Tilborg,et al.  Secure and fair two-party computation , 2007 .

[40]  C. A. R. Hoare,et al.  The verifying compiler: A grand challenge for computing research , 2003, JACM.

[41]  J. Gregory Morrisett,et al.  Evaluating value-graph translation validation for LLVM , 2011, PLDI '11.

[42]  Kedar S. Namjoshi,et al.  A Witnessing Compiler: A Proof of Concept , 2013, RV.

[43]  Cheng Wang,et al.  An OpenMP 3.1 Validation Testsuite , 2012, IWOMP.

[44]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[45]  Ahmad-Reza Sadeghi,et al.  TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits , 2015, 2015 IEEE Symposium on Security and Privacy.

[46]  Jonathan Katz,et al.  Quid-Pro-Quo-tocols: Strengthening Semi-honest Protocols with Dual Execution , 2012, 2012 IEEE Symposium on Security and Privacy.

[47]  David Evans,et al.  Obliv-C: A Language for Extensible Data-Oblivious Computation , 2015, IACR Cryptol. ePrint Arch..

[48]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[49]  C NeculaGeorge Translation validation for an optimizing compiler , 2000 .

[50]  Vladimir Kolesnikov,et al.  FleXOR: Flexible garbling for XOR gates that beats free-XOR , 2014, IACR Cryptol. ePrint Arch..

[51]  Joan Feigenbaum,et al.  Systematizing Secure Computation for Research and Decision Support , 2014, SCN.