MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is...
Transcript of MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is...
![Page 1: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/1.jpg)
MPC Compiler
Chunxu Tang
Haoyi Shi
1
![Page 2: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/2.jpg)
PICCO: A General-Purpose Compiler for Private Distributed Computation
2
Chunxu Tang
![Page 3: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/3.jpg)
PICCO (Private Distributed Computation Compiler)• A source-to-source compiler that translates a program written in an
extension of the C programming language with provisions for annotating private data to its secure distributed implementation in C.
3
![Page 4: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/4.jpg)
Framework
Input party Computational party Output party
4
![Page 5: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/5.jpg)
Framework (Cont.)
• (n, t) – secret sharing scheme• Any private value is secret-shared among n parties such that any t+1 shares
can be used to reconstruct the secret
• Shamir secret sharing scheme• A secret value s is represented by a random polynomial of degree t with the
free coefficient set to s.
• Participants are semi-honest
5
![Page 6: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/6.jpg)
Overview
6
![Page 7: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/7.jpg)
Specifications of user programs
• Private and public variable qualifiers
• private int x;• int x;
7
![Page 8: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/8.jpg)
Private data types
• A programmer can specify the length of the numeric data types in bits.
8
![Page 9: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/9.jpg)
Built-in I/O functions
• smcinput(name, id)• name: name of the variable to read
• id: id of the input party
• smcinput(x, 1);
• smcoutput(name, id)• name: name of the output variable
• id: id of the output party
9
![Page 10: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/10.jpg)
Array operations
• A @ B• element-wise multiplication
• smcinput (A, 1, 100)• read 100 values into array A from
• the data of party 1
10
![Page 11: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/11.jpg)
Enforcement of secure data flow
• Statements that assign an expression that contains private values to a public variable are not allowed.
• For conditional statements with a private condition, assignments to public variables within the scope of such statements are not allowed.
x = a;
x: publica: private
if (x > 0)a = 1;
x: privatea: public
11
![Page 12: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/12.jpg)
Support for concurrent execution
• for (statement; condition; statement)
• [statement; …]
• [statement1;]
• [statement2;]
12
![Page 13: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/13.jpg)
Processing of user programs
Receive user program
Parse and build an abstract syntax
tree
Produce a modified program
Build and maintain a symbol table
13
![Page 14: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/14.jpg)
Program transformations
• GMP library• GNU Multiple Precision Arithmetic library
• Private variables -> GMP large-precision type mpz_t
• Changing arguments of functions with private return values
14
![Page 15: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/15.jpg)
Handling of program input and output
• Take smcinput(var, i) as an example:• The compiler looks up the type of variable var in the symbol table that stores
all declared variables.
• Replace with instructions to read data from party i.
• Type of variable var determines how many fields are used to represent the variable and length.
15
![Page 16: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/16.jpg)
Handling of private data types in assignments
• Produce a terminal error if a private expression is being assigned to a public variable.
• A function call is used, but its return type is not known, the compiler displays a warning of a potential violation of secure data flow.
16
![Page 17: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/17.jpg)
Handling of conditional statements
• if-statements with private conditions are not allowed to contain observable public actions in their body.
• Produce a terminal error when a violation is found.
17
![Page 18: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/18.jpg)
Handling of conditional statements (Cont.)
• Determine all variables whose values are modified, and preserve their values in temporary variables.
• Update each affected variable v by setting its value to• c : private bit corresponding to the result of evaluating the condition
• : original value of v prior to executing the body of if-statement.
18
![Page 19: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/19.jpg)
Handling of conditional statements (Cont.)
19
![Page 20: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/20.jpg)
Modulus computation
• Compute the maximum bit length of all declared variables and maximum bit length necessary for carrying out the specified operations.
20
![Page 21: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/21.jpg)
Evaluation
21
![Page 22: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/22.jpg)
Thank you!
22
![Page 23: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/23.jpg)
A Framework for Efficient Mixed-Protocol Secure Two-
Party computation
Haoyi Shi
23
![Page 24: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/24.jpg)
ABY Framework
• Two-party framework
• Mixed protocols• Overcome the dependence on an efficient function representation
• Arithmetic Sharing
• Boolean Sharing
• Yao’s garbled circuit
24
![Page 25: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/25.jpg)
overview
25
![Page 26: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/26.jpg)
Arithmetic Sharing
• Shared value:
• Sharing:
• Reconstruction:
• Addition:
26
![Page 27: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/27.jpg)
Arithmetic Sharing
• Multiplicaton:
• Pre-computed triple:
• Use OT to generate multiplication triple.
27
![Page 28: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/28.jpg)
Sharing Conversion
• Yao to Boolean Sharing(Y2B)
• The
• For
• Boolean to Yao Sharing (B2Y)
• Let
• P0
28
![Page 29: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/29.jpg)
Sharing Conversion
• Arithmetic to Yao Sharing (A2Y)
• Let
• Arithmetic to Boolean Sharing (A2B)
• Yao to Arithmetic Sharing (Y2A)
29
![Page 30: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/30.jpg)
• Boolean to Arithmetic Sharing
• Perform an OT for each bit.
• Finally, P0 compute
• P1 compute
30
![Page 31: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/31.jpg)
Benchmark the primitive operations
• In local settings, conversion cost is small.• E.g, converting from Yao to Arithmetic shares, multiplying, and converting
back to Yao, is more efficient than performing muiltiplication in Yao sharing.
31
![Page 32: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/32.jpg)
Benchmark the primitive operations
• Latency(seq)
• The best performance for sequential functions depends on the latency.
• E.g, multiplication in Yao is more efficient in the cloud settings.
• Throughput(par)
• Arithmetic and Boolean sharing benefit more than Yao sharing.
32
![Page 33: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/33.jpg)
33
![Page 34: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/34.jpg)
34
![Page 35: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/35.jpg)
Biometric Matching
• One party provides a biometric sample.
• The other party (DB) provides several biometric samples.
• Matching: Euclidean distance.
• 4 instantiations
• B-only
• Y-only
• A+Y
• A+B
35
![Page 36: MPC Compiler - GitHub Pages · •(n, t) –secret sharing scheme •Any private value is secret-shared among n parties such that any t+1 shares can be used to reconstruct the secret](https://reader036.fdocuments.net/reader036/viewer/2022081614/5fc13927ee62714bd37936a3/html5/thumbnails/36.jpg)
Biometric Matching
• Mixed protocols perform better
• Communication improves by at least a factor of 20
• Arithmetic sharing(OT-based) is better than homomorphic encryption
36