SoK: General Purpose Compilers for Secure Multi-Party Computation

Secure multi-party computation (MPC) allows a group of mutually distrustful parties to compute a joint function on their inputs without revealing any information beyond the result of the computation. This type of computation is extremely powerful and has wide-ranging applications in academia, industry, and government. Protocols for secure computation have existed for decades, but only recently have general-purpose compilers for executing MPC on arbitrary functions been developed. These projects rapidly improved the state of the art, and began to make MPC accessible to non-expert users. However, the field is changing so rapidly that it is difficult even for experts to keep track of the varied capabilities of modern frameworks. In this work, we survey general-purpose compilers for secure multi-party computation. These tools provide high-level abstractions to describe arbitrary functions and execute secure computation protocols. We consider eleven systems: EMP-toolkit, Obliv-C, ObliVM, TinyGarble, SCALE-MAMBA (formerly SPDZ), Wysteria, Sharemind, PICCO, ABY, Frigate and CBMC-GC. We evaluate these systems on a range of criteria, including language expressibility, capabilities of the cryptographic back-end, and accessibility to developers. We advocate for improved documentation of MPC frameworks, standardization within the community, and make recommendations for future directions in compiler development. Installing and running these systems can be challenging, and for each system, we also provide a complete virtual environment (Docker container) with all the necessary dependencies to run the compiler and our example programs.

[1]  Jerome P. Reiter,et al.  Privacy-Preserving Analysis of Vertically Partitioned Data Using Secure Matrix Products , 2009 .

[2]  Geoffroy Couteau,et al.  New Protocols for Secure Equality Test and Comparison , 2018, ACNS.

[3]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[4]  Yehuda Lindell,et al.  From Keys to Databases - Real-World Applications of Secure Multi-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[5]  Marco Chiesa,et al.  Towards Securing Internet eXchange Points Against Curious onlooKers , 2016, ANRW '16.

[6]  Rafail Ostrovsky,et al.  Extracting Correlations , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[7]  David Evans,et al.  Obliv-C: A Language for Extensible Data-Oblivious Computation , 2015, IACR Cryptol. ePrint Arch..

[8]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[9]  Yuval Ishai,et al.  How to Garble Arithmetic Circuits , 2011, FOCS.

[10]  Stefan Katzenbeisser,et al.  CBMC-GC: An ANSI C Compiler for Secure Two-Party Computations , 2014, CC.

[11]  Quanquan Gu,et al.  Aggregating Private Sparse Learning Models Using Multi-Party Computation , 2016 .

[12]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[13]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[14]  Dan Bogdanov,et al.  A new way to protect privacy in large-scale genome-wide association studies , 2013, Bioinform..

[15]  Ahmad-Reza Sadeghi,et al.  Automated Synthesis of Optimized Circuits for Secure Computation , 2015, CCS.

[16]  Dan Bogdanov,et al.  The Design and Implementation of a Two-Party Protocol Suite for SHAREMIND 3 , 2012 .

[17]  Benny Pinkas,et al.  Private Set Intersection for Unequal Set Sizes with Mobile Applications , 2017, Proc. Priv. Enhancing Technol..

[18]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[19]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[20]  Wenliang Du,et al.  Privacy-preserving cooperative scientific computations , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[21]  Rafail Ostrovsky,et al.  High-Precision Secure Computation of Satellite Collision Probabilities , 2016, SCN.

[22]  Yihua Zhang,et al.  Implementing Support for Pointers to Private Data in a General-Purpose Secure Multi-Party Compiler , 2018, ACM Trans. Priv. Secur..

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Alex J. Malozemoff,et al.  Faster Secure Two-Party Computation in the Single-Execution Setting , 2017, EUROCRYPT.

[25]  Ignacio Cascudo,et al.  Asymptotically Good Ideal Linear Secret Sharing with Strong Multiplication over Any Fixed Finite Field , 2009, CRYPTO.

[26]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[27]  Michael Hicks,et al.  Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations , 2014, 2014 IEEE Symposium on Security and Privacy.

[28]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[29]  Claude Cripeaut Equivalence Between Two Flavours of Oblivious Transfers , 1988 .

[30]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[31]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[32]  Dan Bogdanov,et al.  Rmind: A Tool for Cryptographically Secure Statistical Analysis , 2016, IEEE Transactions on Dependable and Secure Computing.

[33]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[34]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[35]  Florian Kerschbaum,et al.  Automatic Protocol Selection in Secure Two-Party Computations , 2013, NDSS.

[36]  Marcel Keller,et al.  Actively Secure OT Extension with Optimal Overhead , 2015, CRYPTO.

[37]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[38]  Rafail Ostrovsky,et al.  Black-Box Garbled RAM , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[39]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[40]  Joan Feigenbaum,et al.  Systematizing Secure Computation for Research and Decision Support , 2014, SCN.

[41]  Nicholette Zeliadt,et al.  Cryptographic methods enable analyses without privacy breaches , 2014, Nature Medicine.

[42]  Dan Bogdanov,et al.  Privacy-Preserving Statistical Data Analysis on Federated Databases , 2014, APF.

[43]  Abhi Shelat,et al.  Secure Stable Matching at Scale , 2016, CCS.

[44]  Abhi Shelat,et al.  Scaling ORAM for Secure Computation , 2017, IACR Cryptol. ePrint Arch..

[45]  R. Cramer,et al.  Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups , 2002 .

[46]  Marina Blanton,et al.  Practical Secure Computation Outsourcing , 2018, ACM Comput. Surv..

[47]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[48]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[49]  Stratis Ioannidis,et al.  Privacy-Preserving Ridge Regression on Hundreds of Millions of Records , 2013, 2013 IEEE Symposium on Security and Privacy.

[50]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[51]  Dan Bogdanov,et al.  High-performance secure multi-party computation for data mining applications , 2012, International Journal of Information Security.

[52]  Michael Hicks,et al.  WYS*: A Verified Language Extension for Secure Multi-party Computations , 2017, ArXiv.

[53]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[54]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[55]  Benny Pinkas,et al.  Maturity and Performance of Programmable Secure Computation , 2016, IEEE Security & Privacy.

[56]  Emmanuel Abbe,et al.  Privacy-Preserving Methods for Sharing Financial Risk Exposures , 2012 .

[57]  Eran Omri,et al.  Optimizing Semi-Honest Secure Multiparty Computation for the Internet , 2016, IACR Cryptol. ePrint Arch..

[58]  Yehuda Lindell,et al.  SCAPI: The Secure Computation Application Programming Interface , 2012, IACR Cryptol. ePrint Arch..

[59]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[60]  Patrick Traynor,et al.  Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[61]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[62]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[63]  Helmut Veith,et al.  Secure two-party computations in ANSI C , 2012, CCS.

[64]  Jonathan Katz,et al.  Cryptography and the Economics of Supervisory Information: Balancing Transparency and Confidentiality , 2013 .

[65]  Mariana Raykova,et al.  Privacy-Preserving Distributed Linear Regression on High-Dimensional Data , 2017, Proc. Priv. Enhancing Technol..

[66]  Kay Hamacher,et al.  Privacy-Preserving Whole-Genome Variant Queries , 2017, CANS.

[67]  Bonnie Berger,et al.  Realizing private and practical pharmacological collaboration , 2018, Science.

[68]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[69]  Alex J. Malozemoff,et al.  Efficiently Enforcing Input Validity in Secure Two-party Computation , 2016, IACR Cryptol. ePrint Arch..

[70]  Rosario Gennaro,et al.  Theory and practice of verifiable secret sharing , 1996 .

[71]  Dan Bogdanov,et al.  Deploying Secure Multi-Party Computation for Financial Data Analysis - (Short Paper) , 2012, Financial Cryptography.

[72]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[73]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[74]  David J. Wu,et al.  Secure genome-wide association analysis using multiparty computation , 2018, Nature Biotechnology.

[75]  Ivan Damgård,et al.  Homomorphic encryption and secure comparison , 2008, Int. J. Appl. Cryptogr..

[76]  Enrique Larraia,et al.  Extending Oblivious Transfer Efficiently - or - How to Get Active Security with Constant Cryptographic Overhead , 2014, LATINCRYPT.

[77]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[78]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[79]  Stefan Katzenbeisser,et al.  HyCC: Compilation of Hybrid Protocols for Practical Secure Computation , 2018, CCS.

[80]  Rafail Ostrovsky,et al.  Garbled RAM Revisited , 2014, EUROCRYPT.

[81]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[82]  Vitaly Shmatikov,et al.  Towards Practical Privacy for Genomic Computation , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[83]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[84]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[85]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[86]  Martine De Cock,et al.  Fast, Privacy Preserving Linear Regression over Distributed Datasets based on Pre-Distributed Data , 2015, AISec@CCS.

[87]  Brett Hemenway,et al.  Achieving Higher-Fidelity Conjunction Analyses Using Cryptography to Improve Information Sharing , 2014 .

[88]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[89]  Rafail Ostrovsky,et al.  How to Garble RAM Programs , 2013, EUROCRYPT.

[90]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[91]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[92]  Aseem Rastogi,et al.  EzPC: Programmable, Efficient, and Scalable Secure Two-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[93]  Ahmad-Reza Sadeghi,et al.  TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits , 2015, 2015 IEEE Symposium on Security and Privacy.

[94]  Dan Bogdanov,et al.  Students and Taxes: a Privacy-Preserving Study Using Secure Computation , 2016, Proc. Priv. Enhancing Technol..

[95]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[96]  Yehuda Lindell,et al.  An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants , 2018, IACR Cryptol. ePrint Arch..

[97]  Jonathan Katz,et al.  Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[98]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[99]  Dan Boneh,et al.  Deriving genomic diagnoses without revealing patient genomes , 2017, Science.

[100]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[101]  Wenliang Du,et al.  Secure multi-party computation problems and their applications: a review and open problems , 2001, NSPW '01.

[102]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[103]  Ivan Damgård,et al.  Asynchronous Multiparty Computation: Theory and Implementation , 2008, IACR Cryptol. ePrint Arch..

[104]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[105]  David Evans,et al.  Decentralized Certificate Authorities , 2017, ArXiv.

[106]  Jan Willemson,et al.  Secure floating point arithmetic and private satellite collision analysis , 2015, International Journal of Information Security.

[107]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[108]  ME Marten Secret key sharing and secret key generation , 1997 .

[109]  Rachel Player,et al.  Simple Encrypted Arithmetic Library-SEAL , 2017 .

[110]  Peter Rindal,et al.  ABY3: A Mixed Protocol Framework for Machine Learning , 2018, IACR Cryptol. ePrint Arch..

[111]  Mikhail J. Atallah,et al.  Private collaborative forecasting and benchmarking , 2004, WPES '04.

[112]  Michael Walfish,et al.  Pretzel: Email encryption and provider-supplied functions are compatible , 2017, SIGCOMM.

[113]  Erika Check Hayden Extreme cryptography paves way to personalized medicine , 2015, Nature.

[114]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[115]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[116]  Wenliang Du,et al.  Privacy-preserving cooperative statistical analysis , 2001, Seventeenth Annual Computer Security Applications Conference.

[117]  Marco Chiesa,et al.  SIXPACK: Securing Internet eXchange Points Against Curious onlooKers , 2017, CoNEXT.

[118]  Yehuda Lindell,et al.  Secure Multiparty Computation for Privacy-Preserving Data Mining , 2009, IACR Cryptol. ePrint Arch..

[119]  Benny Pinkas,et al.  Efficient Circuit-based PSI via Cuckoo Hashing , 2018, IACR Cryptol. ePrint Arch..

[120]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[121]  Jonathan Katz,et al.  Secure Multi-Party Computation of Boolean Circuits with Applications to Privacy in On-Line Marketplaces , 2012, CT-RSA.

[122]  Yunghsiang Sam Han,et al.  Privacy-Preserving Multivariate Statistical Analysis: Linear Regression and Classification , 2004, SDM.

[123]  Andreas Podelski,et al.  Tools and algorithms for the construction and analysis of systems , 2006, International Journal on Software Tools for Technology Transfer.

[124]  Eike Kiltz,et al.  Unconditionally Secure Constant Round Multi-Party Computation for Equality, Comparison, Bits and Exponentiation , 2006, IACR Cryptol. ePrint Arch..

[125]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[126]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[127]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[128]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[129]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[130]  Nico Döttling,et al.  TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation , 2017, IACR Cryptol. ePrint Arch..