Circuit Structures for Improving Efficiency of Security and Privacy Tools

Several techniques in computer security, including generic protocols for secure computation and symbolic execution, depend on implementing algorithms in static circuits. Despite substantial improvements in recent years, tools built using these techniques remain too slow for most practical uses. They require transforming arbitrary programs into either Boolean logic circuits, constraint sets on Boolean variables, or other equivalent representations, and the costs of using these tools scale directly with the size of the input circuit. Hence, techniques for more efficient circuit constructions have benefits across these tools. We show efficient circuit constructions for various simple but commonly used data structures including stacks, queues, and associative maps. While current practice requires effectively copying the entire structure for each operation, our techniques take advantage of locality and batching to provide amortized costs that scale polylogarithmically in the size of the structure. We demonstrate how many common array usage patterns can be significantly improved with the help of these circuit structures. We report on experiments using our circuit structures for both generic secure computation using garbled circuits and automated test input generation using symbolic execution, and demonstrate order of magnitude improvements for both applications.

[1]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[2]  Ravi B. Boppana,et al.  Amplification of probabilistic boolean formulas , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[3]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[4]  Peter Schachte,et al.  State Joining and Splitting for the Symbolic Execution of Binaries , 2009, RV.

[5]  George Candea,et al.  Efficient state merging in symbolic execution , 2012, Software Engineering.

[6]  Florian Kerschbaum,et al.  L1 - An Intermediate Language for Mixed-Protocol Secure Computation , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[7]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[8]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[9]  V. M. Khrapchenko The complexity of the realization of symmetrical functions by formulae , 1972 .

[10]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[11]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[12]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[13]  Carlo Ghezzi,et al.  Using symbolic execution for verifying safety-critical systems , 2001, ESEC/FSE-9.

[14]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[15]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[16]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[17]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[18]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[19]  Armin Biere Lingeling and Friends at the SAT Competition 2011 , 2011 .

[20]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.

[21]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[22]  Michael T. Goodrich,et al.  Randomized Shellsort: A Simple Data-Oblivious Sorting Algorithm , 2011, JACM.

[23]  GodefroidPatrice,et al.  Compositional may-must program analysis , 2010 .

[24]  Helmut Veith,et al.  Secure two-party computations in ANSI C , 2012, CCS.

[25]  Dan Bogdanov,et al.  Deploying Secure Multi-Party Computation for Financial Data Analysis - (Short Paper) , 2012, Financial Cryptography.

[26]  GodefroidPatrice Compositional dynamic test generation , 2007 .

[27]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[28]  Sriram K. Rajamani,et al.  Compositional may-must program analysis: unleashing the power of alternation , 2010, POPL '10.

[29]  Thomas Sauerwald,et al.  Proceedings of the twenty-fifth annual ACM-SIAM symposium on Discrete algorithms , 2010, SODA 2010.

[30]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[31]  Michael T. Goodrich,et al.  Randomized Shellsort: a simple oblivious sorting algorithm , 2009, SODA '10.

[32]  Benny Pinkas,et al.  Cryptographic techniques for privacy-preserving data mining , 2002, SKDD.

[33]  Jan Obdrzálek,et al.  Efficient Loop Navigation for Symbolic Execution , 2011, ATVA.

[34]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[35]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[36]  Stephen McCamant,et al.  Loop-extended symbolic execution on binary programs , 2009, ISSTA.

[37]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[38]  David L. Dill,et al.  A Decision Procedure for Bit-Vectors and Arrays , 2007, CAV.

[39]  Michael J. Fischer,et al.  Relations Among Complexity Measures , 1979, JACM.

[40]  Jonathan Katz,et al.  Quid-Pro-Quo-tocols: Strengthening Semi-honest Protocols with Dual Execution , 2012, 2012 IEEE Symposium on Security and Privacy.

[41]  Nikolai Tillmann,et al.  Demand-Driven Compositional Symbolic Execution , 2008, TACAS.

[42]  Dawson R. Engler,et al.  EXE: Automatically Generating Inputs of Death , 2008, TSEC.

[43]  Jonathan Katz,et al.  Efficient Privacy-Preserving Biometric Identification , 2011, NDSS.

[44]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[45]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[46]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[47]  Gerhard Goos,et al.  Automated Technology for Verification and Analysis , 2004, Lecture Notes in Computer Science.

[48]  Coen-PorisiniAlberto,et al.  Using symbolic execution for verifying safety-critical systems , 2001 .

[49]  Alan J. Hu,et al.  Calysto: scalable and precise extended static checking , 2008, ICSE.

[50]  G. S. Tseitin On the Complexity of Derivation in Propositional Calculus , 1983 .

[51]  Matthew K. Franklin,et al.  Efficiency Tradeoffs for Malicious Two-Party Computation , 2006, Public Key Cryptography.

[52]  Claude E. Shannon,et al.  A symbolic analysis of relay and switching circuits , 1938, Transactions of the American Institute of Electrical Engineers.

[53]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[54]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[55]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[56]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[57]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[58]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..