ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan...
-
Upload
rosemary-harmon -
Category
Documents
-
view
223 -
download
1
Transcript of ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan...
![Page 1: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/1.jpg)
ObliVM: A Programming Framework for Secure
Computation
Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi
http://www.oblivm.com
![Page 2: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/2.jpg)
Dating: Genetically
2
Good match?
Not leaking their sensitive
data!
![Page 3: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/3.jpg)
Secure Computation
BobAlice
𝑦
z = f(x, y)
Reveal zbut nothing more!
3
![Page 4: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/4.jpg)
What is ObliVM?
Source Programs ObliVM SC
Protocols
![Page 5: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/5.jpg)
AND XOR
OR
… … …
Cryptographers’ favorite model
Programmers’ favorite model
def binSearch(a, x): lo, hi = 0, len(a) res = -1 while lo <= hi: mid = (lo+hi)//2 midval = a[mid] if midval < x: lo = mid+1 elif midval > x: hi = mid else: res = mid return res
How non-specialist programmers can securely compute?
![Page 6: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/6.jpg)
Dynamic memory accesses cannot be easily encoded in
circuits
int binSearch( alice int a[], bob int key, public int n) {int left=0, right=n;while(n>0) {
int mid = (left+right)/2;if(a[mid]<key) left = mid + 1;else right = mid;n = (n+1)/2;
}return left;
}
![Page 7: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/7.jpg)
Programs in a high level language (e.g. C)
Oblivious Program Circuits
Relatively easyChallenging
This talk
Obliviousness: memory accesses do not depend on secret input
![Page 8: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/8.jpg)
Generic ORAM Simulation [Liu et al. 2014]
[GO1996] Software protection and simulation on oblivious RAMs, J. ACM[SCSL2011] Oblivious RAM with Worst-Case Cost, ASIACRYPT 2011[Liu et al. 2014] Automating Efficient RAM-Model Secure Computation, Oakland 2014
Oblivious RAM (ORAM) compiles an arbitrary program into an oblivious counterpart[GO96, SCSL11]
![Page 9: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/9.jpg)
Generic ORAM Simulation [Liu et al. 2014]
Customized protocols
General,low design
cost
Efficient, requires expertise
Nina TaftDistinguished
Scientist
5 researchers, 4 months to develop an (efficient) oblivious matrix factorization algorithm over secure computation [Nikolaenko et al. 2013]
[Liu et al. 2014] Automating Efficient RAM-Model Secure Computation, Oakland 2014[Nikolaenko et al. 2013] Privacy-preserving matrix factorization, CCS 2013
![Page 10: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/10.jpg)
ObliVM: Achieve the Best of Both Worlds
http://www.oblivm.com
Programs by non-specialists achieve the performance of customized designs.
![Page 11: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/11.jpg)
Key idea: Programming Abstractions
Oblivious Data Structures (ODS)
MapReduce
Loop Coalescing
more (GraphSC, etc.)
![Page 12: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/12.jpg)
Analogy to Distributed Computation
Successful story in the distributed computing community: MapReduce is a parallel programming abstraction.
A program written in
MapReduceCompile
![Page 13: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/13.jpg)
Oblivious representationusing ORAM (generic)
and oblivious algorithms(problem specific, but efficient)
A program written in ObliVM
abstractions
Programming Abstractions for Oblivious Computation
Compile
ObliVM approach: we provide oblivious programming abstractions.
![Page 14: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/14.jpg)
Goal and Solutionlanguage support• Goal: serving two users
• Cryptographers: implement abstractions• Non-specialists: use abstractions to build applications
• Solution: new language features enables abstractions• Random type, phantom functions (ORAM, ODS)• Bounded loop (loop coalescing)• Higher order functions (MapReduce)• and more
• The compiler will be open sourced soon• https://github.com/oblivm/ObliVMLang
![Page 15: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/15.jpg)
ODS
MapReduce
Loop Coalescing
Sparse Graph
Algorithms
Depth-First SearchDijkstra’s Shortest Distance
Minimum Spanning Tree
Better asymptotic complexity than the state-of-the-art!
![Page 16: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/16.jpg)
Block 1 ×n
Block 2 ×m
Block 3 ×n
Loop Coalescing
Gives oblivious Dijkstra and MST for sparse graphs
![Page 17: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/17.jpg)
Loop Coalescing
Gives oblivious Dijkstra and MST for sparse graphs
![Page 18: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/18.jpg)
Hand-crafting vs. Automated Compilation
Matrix Factorization
5 researchers 4 months
2013 ObliVM Today
5 researchers 3 weeks
[NIWJTB-CCS’13]
[NWIJBT-IEEE S&P ’13]
1 graduate student-day
10x-20x better performanceRidge Regression
Same Tasks
[LWNHS-IEEE S&P ’15] (This work)
Nina TaftDistinguished
Scientist
![Page 19: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/19.jpg)
51x
2500x
7x
CircuitORAM
Language and compiler
Backend optimizations
spee
dup
Dijkstra’s algorithm 768K data
Baseline: state-of-the-art [HFKV-CCS12] in 2012, no ORAM
ObliVM vs. Prior Best Automated Solution
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 20: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/20.jpg)
51x
2500x
7x
CircuitORAM
Language and compiler
Backend optimizations
spee
dup
Baseline: state-of-the-art [HFKV-CCS12] in 2012, no ORAM
ObliVM vs. Prior Best Automated SolutionDijkstra’s algorithm 768K data
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 21: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/21.jpg)
51x
2500x
7x
CircuitORAM
Language and compiler
Backend optimizations
spee
dup
Baseline: state-of-the-art [HFKV-CCS12] in 2012, no ORAM
ObliVM vs. Prior Best Automated SolutionDijkstra’s algorithm 768K data
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 22: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/22.jpg)
51x
2500x
7x
Dijkstra’s algorithm: Sources of speedup
CircuitORAM
Language and compiler
Backend optimizations
spee
dup
Total speedup: ~106x
Baseline: state-of-the-art [HFKV-CCS12] in 2012, no ORAM [HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 23: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/23.jpg)
ObliVM: Binary Search on 1GB Database
ObliVM Today:
7.3 secs/query
2 EC2 virtual cores, 60GB memory, 10MBps bandwidth
Reference point: ~24 hours in 2012
[HFKV-CCS’12]
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 24: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/24.jpg)
Overhead w.r.t. Insecure Baseline
130× slowdown
1.7×104× slowdown
9.3×106× slowdown
DistributedGWAS
K-Means
HammingDistance
![Page 25: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/25.jpg)
ObliVM AdoptionPrivacy-preserving data mining andrecommendation system
Computational biology, privacy-preserving microbiome analysis
Privacy-preserving Software-Defined Networking
Cryptographic MIPS processor
www.oblivm.com
iDash secure genome analysis competition(Won an “HLI Award for Secure Multiparty Computing”)
![Page 26: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/26.jpg)
Backup
![Page 27: ObliVM: A Programming Framework for Secure Computation Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi .](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649e5d5503460f94b56132/html5/thumbnails/27.jpg)
Backend
PL
Circuit ORAM
[HKFV12]
Dijkstra MST K-Means Heap Map/Set BSearch AMS CountMin
106
105
104
103
100
10
1
Sp
eed
up
9x105x
7x
2500x
51x
9x105x
7x
2500x
51x
5900x
7x
13x
65x
1.6x104x
7x
5.5x
407x
8200x
7x
5.5x
212x
2.6x104x
7x
10x
366x
1.7x106x
7x2x
1.2x105x
7400x
7x2x
530x
Data size: 768KB 768KB 2MB 8GB 8GB 1GB 10GB 0.31GB
Speedup for More Applications
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12