research-article

More efficient oblivious transfer and extensions for faster secure computation

Authors:
Gilad Asharov

Bar-Ilan University, Ramat-Gan, Israel

Bar-Ilan University, Ramat-Gan, Israel
View Profile

,
Yehuda Lindell

Bar-Ilan University, Ramat-Gan, Israel

Bar-Ilan University, Ramat-Gan, Israel
View Profile

,
Thomas Schneider

TU Darmstadt, Darmstadt, Germany

TU Darmstadt, Darmstadt, Germany
View Profile

,
Michael Zohner

TU Darmstadt, Darmstadt, Germany

TU Darmstadt, Darmstadt, Germany
View Profile

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityNovember 2013Pages 535–548https://doi.org/10.1145/2508859.2516738

Published:04 November 2013Publication History

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 535–548

ABSTRACT

Protocols for secure computation enable parties to compute a joint function on their private inputs without revealing anything but the result. A foundation for secure computation is oblivious transfer (OT), which traditionally requires expensive public key cryptography. A more efficient way to perform many OTs is to extend a small number of base OTs using OT extensions based on symmetric cryptography.

In this work we present optimizations and efficient implementations of OT and OT extensions in the semi-honest model. We propose a novel OT protocol with security in the standard model and improve OT extensions with respect to communication complexity, computation complexity, and scalability. We also provide specific optimizations of OT extensions that are tailored to the secure computation protocols of Yao and Goldreich-Micali-Wigderson and reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations. By applying our implementation to current secure computation frameworks, we can securely compute a Levenshtein distance circuit with 1.29 billion AND gates at a rate of 1.2 million AND gates per second. Moreover, we demonstrate the importance of correctly implementing OT within secure computation protocols by presenting an attack on the FastGC framework.

References

D. Beaver. Efficient multiparty protocols using circuit randomization. In Advances in Cryptology -- CRYPTO'91, volume 576 of LNCS, pages 420--432. Springer, 1991. Google ScholarDigital Library
D. Beaver. Correlated pseudorandomness and the complexity of private computations. In Symposium on Theory of Computing (STOC'96), pages 479--488. ACM, 1996. Google ScholarDigital Library
M. Bellare, S. Goldwasser, and D. Micciancio. "pseudo-random" number generation within cryptographic algorithms: The DDS case. In Advances in Cryptology -- CRYPTO'97, volume 1294 of LNCS, pages 277--291. Springer, 1997. Google ScholarDigital Library
M. Bellare, V. Hoang, S. Keelveedhi, and P. Rogaway. Efficient garbling from a fixed-key blockcipher. In Symposium on Security and Privacy, pages 478--492. IEEE, 2013. Google ScholarDigital Library
A. Ben-David, N. Nisan, and B. Pinkas. FairplayMP: a system for secure multi-party computation. In Computer and Communications Security (CCS'08), pages 257--266. ACM, 2008. Google ScholarDigital Library
J. Boyar and R. Peralta. The exact multiplicative complexity of the Hamming weight function. Electronic Colloquium on Computational Complexity (ECCC'05), (049), 2005.Google Scholar
R. Canetti. Security and composition of multiparty cryptographic protocols. J. Cryptology, 13(1):143--202, 2000.Google ScholarDigital Library
S. G. Choi, K.-W. Hwang, J. Katz, T. Malkin, and D. Rubenstein. Secure multi-party computation of Boolean circuits with applications to privacy in on-line marketplaces. In Cryptographers' Track at the RSA Conference (CT-RSA'12), volume 7178 of LNCS, pages 416--432. Springer, 2012. Google ScholarDigital Library
E. De Cristofaro and G. Tsudik. Practical private set intersection protocols with linear complexity. In Financial Cryptography and Data Security (FC'10), volume 6052 of LNCS, pages 143--159. Springer, 2010. Google ScholarDigital Library
J. O. Eklundh. A fast computer method for matrix transposing. IEEE Transactions on Computers, C-21(7):801--803, 1972. Google ScholarDigital Library
Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, I. Lagendijk, and T. Toft. Privacy-preserving face recognition. In Privacy Enhancing Technologies Symposium (PETS'09), volume 5672 of LNCS, pages 235--253. Springer, 2009. Google ScholarDigital Library
S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Communmunications of the ACM, 28(6):637--647, 1985. Google ScholarDigital Library
K. Frikken, M. Atallah, and C. Zhang. Privacy-preserving credit checking. In Electronic Commerce (EC'05), pages 147--154. ACM, 2005. Google ScholarDigital Library
O. Goldreich. Foundations of Cryptography, volume 2: Basic Applications. Cambridge University Press, 2004. Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Symposium on Theory of Computing (STOC'87), pages 218--229. ACM, 1987. Google ScholarDigital Library
S. D. Gordon, J. Katz, V. Kolesnikov, F. Krell, T. Malkin, M. Raykova, and Y. Vahlis. Secure two-party computation in sublinear (amortized) time. In Computer and Communications Security (CCS'12), pages 513--524. ACM, 2012. Google ScholarDigital Library
D. Harnik, Y. Ishai, E. Kushilevitz, and J. B. Nielsen. OT-combiners via secure computation. In Theory of Cryptography (TCC'08), volume 4948 of LNCS, pages 393--411. Springer, 2008. Google ScholarDigital Library
J. Håstad and A. Shamir. The cryptographic security of truncated linearly related variables. In Symposium on Theory of Computing (STOC'85), pages 356--362. ACM, 1985. Google ScholarDigital Library
W. Henecka, S. Kögl, A.-R. Sadeghi, T. Schneider, and I. Wehrenberg. TASTY: Tool for Automating Secure Two-partY computations. In Computer and Communications Security (CCS'10), pages 451--462. ACM, 2010. Google ScholarDigital Library
W. Henecka and T. Schneider. Faster secure two-party computation with less memory. In ACM Symposium on Information, Computer and Communications Security (ASIACCS'13), pages 437--446. ACM, 2013. Google ScholarDigital Library
A. Holzer, M. Franz, S. Katzenbeisser, and H. Veith. Secure two-party computations in ANSI C. In Computer and Communications Security (CCS'12), pages 772--783. ACM, 2012. Google ScholarDigital Library
Y. Huang, P. Chapman, and D. Evans. Privacy-preserving applications on smartphones. In Hot topics in security (HotSec'11). USENIX, 2011. Google ScholarDigital Library
Y. Huang, D. Evans, and J. Katz. Private set intersection: Are garbled circuits better than custom protocols? In Network and Distributed Security Symposium (NDSS'12). The Internet Society, 2012.Google Scholar
Y. Huang, D. Evans, J. Katz, and L. Malka. Faster secure two-party computation using garbled circuits. In Security Symposium. USENIX, 2011. Google ScholarDigital Library
Y. Huang, J. Katz, and D. Evans. Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In Symposium on Security and Privacy, pages 272--284. IEEE, 2012. Google ScholarDigital Library
Y. Huang, L. Malka, D. Evans, and J. Katz. Efficient privacy-preserving biometric identification. In Network and Distributed Security Symposium (NDSS'11). The Internet Society, 2011.Google Scholar
Intelligence Advanced Research Projects Activity (IARPA). Security and Privacy Assurance Research (SPAR) Program, 2010.Google Scholar
Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending oblivious transfers efficiently. In Advances in Cryptology -- CRYPTO'03, volume 2729 of LNCS, pages 145--161. Springer, 2003.Google Scholar
A. Jarrous and B. Pinkas. Secure hamming distance based computation and its applications. In Applied Cryptography and Network Security (ACNS'09), volume 5536 of LNCS, pages 107--124. Springer, 2009. Google ScholarDigital Library
F. Kerschbaum. Automatically optimizing secure computation. In Computer and Communications Security (CCS'11), pages 703--714. ACM, 2011. Google ScholarDigital Library
V. Kolesnikov, A.-R. Sadeghi, and T. Schneider. Improved garbled circuit building blocks and applications to auctions and computing minima. In Cryptology And Network Security (CANS'09), volume 5888 of LNCS, pages 1--20. Springer, 2009. Google ScholarDigital Library
V. Kolesnikov and T. Schneider. Improved garbled circuit: Free XOR gates and applications. In International Colloquium on Automata, Languages and Programming (ICALP'08), volume 5126 of LNCS, pages 486--498. Springer, 2008. Google ScholarDigital Library
H. Krawczyk. Cryptographic extraction and key derivation: The HKDF scheme. In Advances in Cryptology -- CRYPTO'10, volume 6223 of LNCS, pages 631--648. Springer, 2010. Google ScholarDigital Library
B. Kreuter, A. Shelat, and C.-H. Shen. Billion-gate secure computation with malicious adversaries. In Security Symposium. USENIX, 2012. Google ScholarDigital Library
P. MacKenzie, A. Oprea, and M. K. Reiter. Automatic generation of two-party computations. In Computer and Communications Security (CCS'03), pages 210--219. ACM, 2003. Google ScholarDigital Library
L. Malka. VMCrypt - modular software architecture for scalable secure computation. In Computer and Communications Security (CCS'11), pages 715--724. ACM, 2011. Google ScholarDigital Library
D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay -- a secure two-party computation system. In Security Symposium, pages 287--302. USENIX, 2004. Google ScholarDigital Library
A. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. Google ScholarDigital Library
S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. Botgrep: Finding P2P bots with structured graph analysis. In Security Symposium, pages 95--110. USENIX, 2010. Google ScholarDigital Library
M. Naor and B. Pinkas. Efficient oblivious transfer protocols. In ACM-SIAM Symposium On Discrete Algorithms, SODA'01, pages 448--457. Society for Industrial and Applied Mathematics, 2001. Google ScholarDigital Library
A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh. Location privacy via private proximity testing. In Network and Distributed Security Symposium (NDSS'11). The Internet Society, 2011.Google Scholar
J. B. Nielsen. Extending oblivious transfers efficiently - how to get robustness almost for free. Cryptology ePrint Archive, Report 2007/215, 2007.Google Scholar
J. B. Nielsen, P. S. Nordholt, C. Orlandi, and S. S. Burra. A new approach to practical active-secure two-party computation. In Advances in Cryptology -- CRYPTO'12, volume 7417 of LNCS, pages 681--700. Springer, 2012.Google Scholar
V. Nikolaenko, U. Weinsberg, S. Ioannidis, M. Joye, D. Boneh, and N. Taft. Privacy-preserving ridge regression on hundreds of millions of records. In Symposium on Security and Privacy, pages 334--348. IEEE, 2013. Google ScholarDigital Library
NIST. NIST Special Publication 800--57, Recommendation for Key Management Part 1: General (Rev. 3). Technical report, 2012.Google Scholar
M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich. SCiFI - a system for secure face identification. In Symposium on Security and Privacy, pages 239--254. IEEE, 2010. Google ScholarDigital Library
B. Pinkas, T. Schneider, N. P. Smart, and S. C. Williams. Secure two-party computation is practical. In Advances in Cryptology -- ASIACRYPT'09, volume 5912 of LNCS, pages 250--267. Springer, 2009. Google ScholarDigital Library
M. O. Rabin. How to exchange secrets with oblivious transfer, TR-81 edition, 1981. Aiken Computation Lab, Harvard University.Google Scholar
T. Schneider and M. Zohner. GMW vs. Yao -- Efficient secure two-party computation with low depth circuits. In Financial Cryptography and Data Security (FC'13), LNCS. Springer, 2013.Google Scholar
A. Schröpfer and F. Kerschbaum. Demo: secure computation in JavaScript. In Computer and Communications Security (CCS'11), pages 849--852. ACM, 2011. Google ScholarDigital Library
A. C. Yao. How to generate and exchange secrets. In Foundations of Computer Science (FOCS'86), pages 162--167. IEEE, 1986. Google ScholarDigital Library

Index Terms

More efficient oblivious transfer and extensions for faster secure computation
1. Theory of computation
  1. Models of computation

Recommendations

More Efficient Oblivious Transfer Extensions

Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT ...
Read More
Improvements to Secure Computation with Penalties
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty ...
Read More
Complete fairness in secure two-party computation
STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing

In the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
November 2013
1530 pages
ISBN:9781450324779
DOI:10.1145/2508859
General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 November 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
oblivious transfer extensions
secure computation
semi-honest adversaries
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '13 Paper Acceptance Rate105of530submissions,20%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 251
  Total Citations
  View Citations
- 1,520
  Total Downloads
- Downloads (Last 12 months)159
- Downloads (Last 6 weeks)27
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

More efficient oblivious transfer and extensions for faster secure computation

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

More Efficient Oblivious Transfer Extensions

Improvements to Secure Computation with Penalties

Complete fairness in secure two-party computation