Results 1 -
7 of
7
Automating efficient ram-model secure computation
- in IEEE Symposium on Security and Privacy
, 2014
"... Abstract—RAM-model secure computation addresses the in-herent limitations of circuit-model secure computation considered in almost all previous work. Here, we describe the first automated approach for RAM-model secure computation in the semi-honest model. We define an intermediate representation cal ..."
Abstract
-
Cited by 19 (8 self)
- Add to MetaCart
(Show Context)
Abstract—RAM-model secure computation addresses the in-herent limitations of circuit-model secure computation considered in almost all previous work. Here, we describe the first automated approach for RAM-model secure computation in the semi-honest model. We define an intermediate representation called SCVM and a corresponding type system suited for RAM-model secure computation. Leveraging compile-time optimizations, our approach achieves order-of-magnitude speedups compared to both circuit-model secure computation and the state-of-art RAM-model secure computation. I.
Scoram: Oblivious ram for secure computation
- In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14
, 2014
"... Oblivious RAMs (ORAMs) have traditionally been mea-sured by their bandwidth overhead and client storage. We observe that when using ORAMs to build secure computa-tion protocols for RAM programs, the size of the ORAM circuits is more relevant to the performance. We therefore embark on a study of the ..."
Abstract
-
Cited by 8 (0 self)
- Add to MetaCart
(Show Context)
Oblivious RAMs (ORAMs) have traditionally been mea-sured by their bandwidth overhead and client storage. We observe that when using ORAMs to build secure computa-tion protocols for RAM programs, the size of the ORAM circuits is more relevant to the performance. We therefore embark on a study of the circuit-complexity of several recently proposed ORAM constructions. Our care-ful implementation and experiments show that asymptotic analysis is not indicative of the true performance of ORAM in secure computation protocols with practical data sizes. We then present scoram, a heuristic compact ORAM de-sign optimized for secure computation protocols. Our new design is almost 10x smaller in circuit size and also faster than all other designs we have tested for realistic settings (i.e., memory sizes between 4MB and 2GB, constrained by 2−80 failure probability). scoram makes it feasible to per-form secure computations on gigabyte-sized data sets.
GraphSC: Parallel secure computation made easy
- IEEE Symposium on Security and Privacy
, 2015
"... Abstract-We propose introducing modern parallel programming paradigms to secure computation, enabling their secure execution on large datasets. To address this challenge, we present GraphSC, a framework that (i) provides a programming paradigm that allows non-cryptography experts to write secure co ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
Abstract-We propose introducing modern parallel programming paradigms to secure computation, enabling their secure execution on large datasets. To address this challenge, we present GraphSC, a framework that (i) provides a programming paradigm that allows non-cryptography experts to write secure code; (ii) brings parallelism to such secure implementations; and (iii) meets the needs for obliviousness, thereby not leaking any private information. Using GraphSC, developers can efficiently implement an oblivious version of graph-based algorithms (including sophisticated data mining and machine learning algorithms) that execute in parallel with minimal communication overhead. Importantly, our secure version of graph-based algorithms incurs a small logarithmic overhead in comparison with the non-secure parallel version. We build GraphSC and demonstrate, using several algorithms as examples, that secure computation can be brought into the realm of practicality for big data analysis. Our secure matrix factorization implementation can process 1 million ratings in 13 hours, which is a multiple order-of-magnitude improvement over the only other existing attempt, which requires 3 hours to process 16K ratings.
Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. IACR: 2015/675
"... Emerging smart contract systems over decentralized cryp-tocurrencies allow mutually distrustful parties to transact safely with each other without trusting a third-party inter-mediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obta ..."
Abstract
-
Cited by 4 (2 self)
- Add to MetaCart
(Show Context)
Emerging smart contract systems over decentralized cryp-tocurrencies allow mutually distrustful parties to transact safely with each other without trusting a third-party inter-mediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obtain commesurate remuneration. Existing systems, how-ever, lack transactional privacy. All transactions, including flow of money between pseudonyms and amount trasacted, are exposed in the clear on the blockchain. We present Hawk, a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public’s view. A Hawk programmer can write a private smart contract in an intuitive manner without having to implement cryptography, and our compiler automatically generates an efficient cryptographic protocol where contractual parties in-teract with the blockchain, using cryptographic primitives such as succint zero-knowledge proofs. To formally define and reason about the security of our protocols, we are the first to formalize the blockchain model of secure computation. The formal modeling is of indepen-dent interest. We advocate the community to adopt such a formal model when designing interesting applications atop decentralized blockchains. 1.
Modeling, Quantifying, and Limiting Adversary Knowledge
, 2015
"... Users participating in online services are required to relinquish control over potentially sensitive personal information, exposing them to intentional or unintentional miss-use of said information by the service providers. Users wishing to avoid this must either abstain from often extremely useful ..."
Abstract
- Add to MetaCart
Users participating in online services are required to relinquish control over potentially sensitive personal information, exposing them to intentional or unintentional miss-use of said information by the service providers. Users wishing to avoid this must either abstain from often extremely useful services, or provide false information which is usually contrary to the terms of service they must abide by. An attractive middle-ground alternative is to maintain control in the hands of the users and provide a mechanism with which information that is necessary for useful services can be queried. Users need not trust any external party in the management of their information but are now faced with the problem of judging when queries by service providers should be answered or when they should be refused due to revealing too much sensitive information. Judging query safety is difficult. Two queries may be benign in isolation but might reveal more than a user is comfortable with in combination. Additionally malicious adversaries who wish to learn more than allowed might query in a manner that attempts to hide the flows of sensitive information. Finally, users cannot rely on
Secure Computation of MIPS Machine Code
"... Existing systems for secure computation require programmers to express the program to be securely computed as a circuit, or in some domain-specific language that can be compiled to a form suitable for applying known protocols. We propose a new system that can securely execute native MIPS code with n ..."
Abstract
- Add to MetaCart
(Show Context)
Existing systems for secure computation require programmers to express the program to be securely computed as a circuit, or in some domain-specific language that can be compiled to a form suitable for applying known protocols. We propose a new system that can securely execute native MIPS code with no special annotations. Our system has the advantage of allowing programmers to use a language of their choice to express their programs, together with any off-the-shelf compiler to MIPS; it can be used for secure computation of existing “legacy ” MIPS code as well. Our system uses oblivious RAM for fetching instructions and performing load/store operations in memory, and garbled universal circuits for the execution of a MIPS ALU in each instruction step. We also explore various optimizations based on an offline analysis of the MIPS code to be executed, in order to minimize the overhead of executing each instruction while still maintaining security. 1
Obliv-C: A Language for Extensible Data-Oblivious Computation
"... Many techniques for secure or private execution de-pend on executing programs in a data-oblivious way, where the same instructions execute independent of the private inputs which are kept in encrypted form throughout the computation. Designers of such com-putations today must either put substantial ..."
Abstract
- Add to MetaCart
(Show Context)
Many techniques for secure or private execution de-pend on executing programs in a data-oblivious way, where the same instructions execute independent of the private inputs which are kept in encrypted form throughout the computation. Designers of such com-putations today must either put substantial effort into constructing a circuit representation of their algorithm, or use a high-level language and lose the opportunity to make important optimizations or experiment with protocol variations. We show how extensibility can be improved by judiciously exposing the nature of data-oblivious computation. We introduce a new language that allows application developers to program secure computations without being experts in cryptography, while enabling programmers to create abstractions such as oblivious RAM and width-limited integers, or even new protocols without needing to modify the compiler. This paper explains the key language features that safely enable such extensibility and describes the simple implementation approach we use to ensure security properties are preserved. 1.
