On compiling Boolean circuits optimized for secure multi-party computation

Secure multi-party computation (MPC) allows two or more distrusting parties to jointly evaluate a function over private inputs. For a long time considered to be a purely theoretical concept, MPC transitioned into a practical and powerful tool to build privacy-enhancing technologies. However, the practicality of MPC is hindered by the difficulty to implement applications on top of the underlying cryptographic protocols. This is because the manual construction of efficient applications, which need to be represented as Boolean or arithmetic circuits, is a complex, error-prone, and time-consuming task. To facilitate the development of further privacy-enhancing technology, multiple compilers have been proposed that create circuits for MPC. Yet, almost all presented compilers only support domain specific languages or provide very limited optimization methods. In this work (this is an extended and revised version of the paper ‘Secure Two-party Computations in ANSI C’ (Holzer et al., in: ACM CCS, 2012) that reflects the progress in secure computation and describes the current optimization tool chain of CBMC-GC) we describe our compiler CBMC-GC that implements a complete tool chain from ANSI C to circuit. Moreover, we give a comprehensive overview of circuit minimization techniques, which we have identified and adapted for the creation of efficient circuits for MPC. With the help of these techniques, our compilation approach allows for a high level of abstraction from the cryptographic primitives used in MPC protocols, as well as the complex design of digital circuits. By using the model checker CBMC as a compiler frontend, we illustrate the link between MPC, formal methods, and digital logic design. Our experimental results illustrate the effectiveness of the implemented optimizations techniques for various example applications. In particular, compared with other state-of-the-art compilers, we show that CBMC-GC compiles circuits from the same source code that are up to four times smaller.

[1]  James E. Robertson,et al.  A New Class of Digital Division Methods , 1958, IRE Trans. Electron. Comput..

[2]  Louise Trevillyan,et al.  Logic Synthesis Through Local Transformations , 1981, IBM J. Res. Dev..

[3]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[4]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[5]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[6]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[7]  Daniel Kroening,et al.  Behavioral consistency of C and Verilog programs using bounded model checking , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[8]  P. Bjesse,et al.  DAG-aware circuit compression for formal verification , 2004, ICCAD 2004.

[9]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[10]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[11]  A. Kuehlmann Dynamic transition relation simplification for bounded property checking , 2004, ICCAD 2004.

[12]  Claus-Peter Schnorr Zwei lineare untere Schranken für die Komplexität Boolescher Funktionen , 2005, Computing.

[13]  R. Brayton,et al.  Improvements to Combinational Equivalence Checking , 2006, 2006 IEEE/ACM International Conference on Computer Aided Design.

[14]  Robert K. Brayton,et al.  DAG-aware AIG rewriting: a fresh look at combinational logic synthesis , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[15]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[16]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[17]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[18]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[19]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[20]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[21]  Florian Kerschbaum,et al.  L1 - An Intermediate Language for Mixed-Protocol Secure Computation , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[22]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[23]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[24]  Valtteri Niemi,et al.  Privacy-preserving activity scheduling on mobile devices , 2011, CODASPY '11.

[25]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[26]  David Buchfuhrer,et al.  The complexity of Boolean formula minimization , 2008, J. Comput. Syst. Sci..

[27]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[28]  Kevin R. B. Butler,et al.  Memory-Efficient Garbled Circuit Generation for Mobile Devices , 2012, Financial Cryptography.

[29]  Helmut Veith,et al.  Secure two-party computations in ANSI C , 2012, CCS.

[30]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[31]  Michael Zohner,et al.  GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits , 2013, Financial Cryptography.

[32]  Abhi Shelat,et al.  PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation , 2013, USENIX Security Symposium.

[33]  Stefan Katzenbeisser,et al.  CBMC-GC: An ANSI C Compiler for Secure Two-Party Computations , 2014, CC.

[34]  Elaine Shi,et al.  Automating Efficient RAM-Model Secure Computation , 2014, 2014 IEEE Symposium on Security and Privacy.

[35]  René Peralta,et al.  The Multiplicative Complexity of Boolean Functions on Four and Five Variables , 2014, LightSec.

[36]  Emmanuela Orsini,et al.  Dishonest Majority Multi-Party Computation for Binary Circuits , 2014, IACR Cryptol. ePrint Arch..

[37]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[38]  David Evans,et al.  Obliv-C: A Language for Extensible Data-Oblivious Computation , 2015, IACR Cryptol. ePrint Arch..

[39]  Stefan Katzenbeisser,et al.  Faster Secure Computation through Automatic Parallelization , 2015, USENIX Security Symposium.

[40]  Ahmad-Reza Sadeghi,et al.  TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits , 2015, 2015 IEEE Symposium on Security and Privacy.

[41]  Ahmad-Reza Sadeghi,et al.  Automated Synthesis of Optimized Circuits for Secure Computation , 2015, CCS.

[42]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[43]  Stefan Katzenbeisser,et al.  Compiling Low Depth Circuits for Practical Secure Computation , 2016, ESORICS.

[44]  Stefan Katzenbeisser,et al.  Scalable secure computation from ANSI-C , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[45]  Patrick Traynor,et al.  Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[46]  Matthieu Rivain,et al.  On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking , 2016, CHES.

[47]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.