Abstract
We present actively secure multi-party computation of the Advanced Encryption Standard (AES). To the best of our knowledge it is the fastest of its kind to date. We start from an efficient actively secure evaluation of general binary circuits that was implemented by the authors of [DLT14]. They presented an optimized implementation of the so-called MiniMac protocol [DZ13] that runs in the pre-processing model, and applied this to a binary AES circuit. In this paper we describe how to dedicate the pre-processing to the structure of AES, which improves significantly the throughput and latency of previous actively secure implementations. We get a latency of about 6 ms and amortised time about 0.4 ms per AES block, which seems completely adequate for practical applications such as verification of 1-time passwords.
R. Zakarias—The authors acknowledge support from the Danish National Research Foundation and The National Science Foundation of China (under the grant 61061130540) for the Sino-Danish Center for the Theory of Interactive Computation, within part of this work was performed; and from the CFEM research center, supported by the Danish Strategic Research Council.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The concrete specifications of our experimental setup can be found in Appendix A.
- 2.
Available at http://tinyurl.com/q2dmcuw.
- 3.
Actually, the players in MiniMac have additive shares of the vectors and a special type of MACs are used to prevent cheating, but these details are not important here.
- 4.
Note that when we say an entry in the table is a MiniMac representation of some vector this actually means that players have additive shares of that vector as well as some MACs and corresponding keys, however, the details of this are not important here.
References
Boyar, J., Peralta, R.: A depth-16 circuit for the AES S-box. Cryptology ePrint Archive, Report 2011/332 (2011). http://eprint.iacr.org/
Damgård, I., Keller, M.: Secure multiparty AES. In: Financial Cryptography and Data Security, 14th International Conference, FC , Tenerife, Canary Islands, 25–28 January 2010, Revised Selected Papers, pp. 367–374 (2010)
Damgård, I., Keller, M., Larraia, E., Miles, C., Smart, N.P.: Implementing AES via an actively/covertly secure dishonest-majority MPC protocol. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 241–263. Springer, Heidelberg (2012)
Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013)
Damgård, I., Lauritsen, R., Toft, T.: An empirical study and some improvements of the minimac protocol for secure computation. IACR Cryptology ePrint Archive 2014:289 (2014)
Damgård, I.B., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003)
Daemen, J., Rijmen, V.: Rijndael for AES. In: AES Candidate Conference, pp. 343–348 (2000)
Damgård, I., Zakarias, S.: Constant-overhead secure computation of boolean circuits using preprocessing. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 621–641. Springer, Heidelberg (2013)
Frederiksen, T.K., Jakobsen, T.P., Nielsen, J.B.: Faster maliciously secure two-party computation using the GPU. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 358–379. Springer, Heidelberg (2014)
Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. IACR Cryptology ePrint Archive 2012:99 (2012)
Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: 20th USENIX Security Symposium, San Francisco, CA, USA, 8–12 August 2011
Henecka, W., Kögl, S., Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS, Chicago, Illinois, USA, 4–8 October 2010, pp. 451–462 (2010)
Ishai, Y., Kushilevitz, E., Meldgaard, S., Orlandi, C., Paskin-Cherniavsky, A.: On the power of correlated randomness in secure computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 600–620. Springer, Heidelberg (2013)
Keller, M., Scholl, P., Smart, N.P.: An architecture for practical actively secure MPC with dishonest majority. In: ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 549–560 (2013)
Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012)
Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)
Andrew Chi-Chih Yao: Protocols for secure computations (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, vol. 1982, pp. 160–164 (1986)
Yao, A.C.-C.: How to generate and exchange secrets. In: Foundations of Computer Science, vol. 1986, pp. 162–167. IEEE (1986)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Reproducing our results with the implementation
A Reproducing our results with the implementation
Getting the code
The implementation of our work can be found on GitHub at http://tinyurl.com/qbx99jv
Requirements
-
AutoMake 1.15
-
Bash 3.2 or later
-
Reasonable GCC compiler supporting C99 (or Windows SDK Visual Studio 2013 or later).
Building on Windows IA64
Install Visual Studio 2013 and open the solution file in miniapps/ dedicatedaes/winx64/daestest.sln. Press F7 in the x64-release build configuration to build the code. We have experienced problems with many small allocations on Windows making the malloc and free implementation on this system degenerate in performance.
Building on Linux and OSX
To build the code type ./build.sh release or ./build.sh debug depending on which configuration you want. To reproduce the performance numbers reported in the paper please build in the release configuration.
Generating pre-processing material for testing
Running the program with command line arguments -prep will generate the default set of preprocessing material needed to compute one block of ciphertext. ./miniapps/dedicatedaes/linux/src/cheetah -prep or on windows setting the command-line arguments and pressing F5. Alternatively the windows .exe file can be located in miniapps/dedicatedaes/winx64/daestest/Debug/ daestest.exe.
Running the protocol
Running the program with -mpc -prepfile <filename> will make the process given aes preprocessing material file for player zero listen and wait for the other players to connect.
E.g. for two players
cheetah -mpc -prepfile ./aes_prep_4_player_0.rep will start the listening peer listening on all interfaces port 2020. While cheetah -mpc -prepfile ./aes_prep_4_player_1.rep -ip xxx.yyy.zzz.www -port 2020 will connect to a peer at ip-address xxx.yyy.zzz.www on port 2020.
Our experimental setup
The lab computers used for our experiments are interconnected by a 1 Gigabit LAN with the specifications below.
We emphasize that our implementation carries out the computational steps of the protocol single threaded.
The implementation does use additional threads for receiving and sending network messages. In this way the computational thread is as independent of network delays as the protocol allows. More precisely, the concrete interleaving of sending and receiving messages does not effect computational progress unless data from other parties are strictly required for the protocol to continue.
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Damgård, I., Zakarias, R. (2016). Fast Oblivious AES A Dedicated Application of the MiniMac Protocol. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds) Progress in Cryptology – AFRICACRYPT 2016. AFRICACRYPT 2016. Lecture Notes in Computer Science(), vol 9646. Springer, Cham. https://doi.org/10.1007/978-3-319-31517-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-31517-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31516-4
Online ISBN: 978-3-319-31517-1
eBook Packages: Computer ScienceComputer Science (R0)