Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution

We describe a highly optimized protocol for generalpurpose secure two-party computation (2PC) in the presence of malicious adversaries. Our starting point is a protocol of Kolesnikov et al. (TCC 2015). We adapt that protocol to the online/offline setting, where two parties repeatedly evaluate the same function (on possibly different inputs each time) and perform as much of the computation as possible in an offline preprocessing phase before their inputs are known. Along the way we develop several significant simplifications and optimizations to the protocol. We have implemented a prototype of our protocol and report on its performance. When two parties on Amazon servers in the same region use our implementation to securely evaluate the AES circuit 1024 times, the amortized cost per evaluation is 5.1ms offline + 1.3ms online. The total offline+online cost of our protocol is in fact less than the online cost of any reported protocol with malicious security. For comparison, our protocol’s closest competitor (Lindell & Riva, CCS 2015) uses 74ms offline + 7ms online in an identical setup. Our protocol can be further tuned to trade performance for leakage. As an example, the performance in the above scenario improves to 2.4ms offline + 1.0ms online if we allow an adversary to learn a single bit about the honest party’s input with probability 2−20 (but not violate any other security property, e.g. correctness).

[1]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[2]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[3]  Benny Pinkas,et al.  Faster Private Set Intersection Based on OT Extension , 2014, USENIX Security Symposium.

[4]  Benny Pinkas,et al.  Non-Interactive Secure Computation Based on Cut-and-Choose , 2014, IACR Cryptol. ePrint Arch..

[5]  Yehuda Lindell Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries , 2015, Journal of Cryptology.

[6]  Abhi Shelat,et al.  Fast two-party secure computation with minimal assumptions , 2013, CCS.

[7]  Ben Riva,et al.  Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[8]  Ivan Damgård,et al.  An Empirical Study and Some Improvements of the MiniMac Protocol for Secure Computation , 2014, SCN.

[9]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[10]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[11]  Jonathan Katz,et al.  Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose , 2013, CRYPTO.

[12]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[13]  Jesper Buus Nielsen,et al.  Faster Maliciously Secure Two-Party Computation Using the GPU , 2014, SCN.

[14]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[15]  Yehuda Lindell,et al.  Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings , 2014, CRYPTO.

[16]  Alex J. Malozemoff,et al.  Amortizing Garbled Circuits , 2015, IACR Cryptol. ePrint Arch..

[17]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[18]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[19]  Ben Riva,et al.  Richer Efficiency/Security Trade-offs in 2PC , 2015, TCC.

[20]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[21]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[22]  Marcel Keller,et al.  Actively Secure OT Extension with Optimal Overhead , 2015, CRYPTO.

[23]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[24]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[25]  Yehuda Lindell,et al.  Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[26]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[27]  Ivan Damgård,et al.  Fast Oblivious AES A Dedicated Application of the MiniMac Protocol , 2016, AFRICACRYPT.

[28]  Matthew K. Franklin,et al.  Efficiency Tradeoffs for Malicious Two-Party Computation , 2006, Public Key Cryptography.

[29]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[30]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[31]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[32]  Ivan Damgård,et al.  Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing , 2013, TCC.

[33]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[34]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.