A survey on trust management for Internet of Things

from details of underlying secure computation protocol Use only fast symmetric key crypto Code is available on GitHub: http://encrypto.de/code/ABY

/pdf/aby-a-framework-for-efficient-mixed-protocol-secure-two-hozs81ospf.pdf

ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation

Ridge regression is an algorithm that takes as input a large number of data points and finds the best-fit linear curve through these points. The algorithm is a building block for many machine-learning operations. We present a system for privacy-preserving ridge regression. The system outputs the best-fit curve in the clear, but exposes no other information about the input data. Our approach combines both homomorphic encryption and Yao garbled circuits, where each is used in a different part of the algorithm to obtain the best performance. We implement the complete system and experiment with it on real data-sets, and show that it significantly outperforms pure implementations based only on homomorphic encryption or Yao circuits.

/pdf/privacy-preserving-ridge-regression-on-hundreds-of-millions-2tvdbrmkux.pdf

Privacy-Preserving Ridge Regression on Hundreds of Millions of Records

Secure two-party computation allows two untrusting parties to jointly compute an arbitrary function on their respective private inputs while revealing no information beyond the outcome. Existing cryptographic compilers can automatically generate secure computation protocols from high-level specifications, but are often limited in their use and efficiency of generated protocols as they are based on either garbled circuits or (additively) homomorphic encryption only.In this paper we present TASTY, a novel tool for automating, i.e., describing, generating, executing, benchmarking, and comparing, efficient secure two-party computation protocols. TASTY is a new compiler that can generate protocols based on homomorphic encryption and efficient garbled circuits as well as combinations of both, which often yields the most efficient protocols available today. The user provides a high-level description of the computations to be performed on encrypted data in a domain-specific language. This is automatically transformed into a protocol. TASTY provides most recent techniques and optimizations for practical secure two-party computation with low online latency. Moreover, it allows to efficiently evaluate circuits generated by the well-known Fairplay compiler.We use TASTY to compare protocols for secure multiplication based on homomorphic encryption with those based on garbled circuits and highly efficient Karatsuba multiplication. Further, we show how TASTY improves the online latency for securely evaluating the AES functionality by an order of magnitude compared to previous software implementations. TASTY allows to automatically generate efficient secure protocols for many privacy-preserving applications where we consider the use cases for private set intersection and face recognition protocols.

/pdf/tasty-tool-for-automating-secure-two-party-computations-4own82h6zz.pdf

TASTY: tool for automating secure two-party computations

We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbbZ _2^l $ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 133x and 4.2x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively.

https://dl.acm.org/doi/pdf/10.1145/3196494.3196522

Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications

Secure collaborative supply chain planning and inverse optimization ― The JELS model

Secure Computation (SC) enables secure distributed computation of arbitrary functions of private inputs. It has many useful applications, e.g. benchmarking or auctions. Several general protocols for SC have been proposed and recently been implemented in a number of compilers and frameworks. These compilers or frameworks implement one general SC protocol and then require the programmer to implement the function he wants the protocol to compute. Performance remains a challenge for this approach and it has been realized early on that special protocols for important problems can deliver superior performance. In this paper we propose a new intermediate language (L1) for optimizing SC compilers which enables efficient implementation of special protocols potentially mixing several general SC protocols. We show by three case studies -- one for computation of the median, one for weighted average, one for division -- that special protocols and mixed-protocol implementations in our language L1 can lead to superior performance. Moreover, we show that only a combined view on algorithm \emph{and} cryptographic protocol can discover SCs with best run-time performance.

/pdf/l1-an-intermediate-language-for-mixed-protocol-secure-132r81ir8r.pdf

L1 - An Intermediate Language for Mixed-Protocol Secure Computation

Performance of secure computation is still often an obstacle to its practical adaption There are different protocols for secure computation that compete for the best performance In this paper we propose automatic protocol selection which selects a protocol for each operation resulting in a mix with the best performance so far Based on an elaborate performance model, we propose an optimization algorithm and an efficient heuristic for this selection problem We show that our mixed protocols achieve the best performance on a set of use cases Furthermore, our results underpin that the selection problem is so complicated and large in size, that a programmer is unlikely to manually make the optimal selection Our proposed algorithms nevertheless can be integrated into a compiler in order to yield the best (or near-optimal) performance

/pdf/automatic-protocol-selection-in-secure-two-party-1pm6hvx410.pdf

Automatic Protocol Selection in Secure Two-Party Computations

Many advancements in the area of Secure Multi-Party Computation (SMC) protocols use improvements in communication complexity as a justification. We conducted an experimental study of a specific protocol for a real-world sized problem under realistic conditions and it suggests that the practical performance of the protocol is almost independent of the network performance. We argue that our result can be generalized to a whole class of SMC protocols.

/pdf/on-the-practical-importance-of-communication-complexity-for-14h7qcco8n.pdf

On the practical importance of communication complexity for secure multi-party computation protocols

In order to perform a join in a deterministically, adjustably encrypted database one has to re-encrypt at least one column. The problem is to select that column that will result in the minimum number of re-encryptions even under an unknown schedule of joins. Naive strategies may perform too many or even infinitely many re-encryptions. We provide two strategies that allow for a much better performance. In particular the asymptotic behavior is O(n3/2) resp. O(n logn) re-encryptions for n columns. We show that there can be no algorithm better than O(n logn). We further extend our result to element-wise re-encryptions and show experimentally that our algorithm results in the optimal cost in 41% of the cases.

/pdf/optimal-re-encryption-strategy-for-joins-in-encrypted-3s1o8d195z.pdf

Axel Schröpfer

Papers

Secure collaborative supply chain planning and inverse optimization ― The JELS model

L1 - An Intermediate Language for Mixed-Protocol Secure Computation

Automatic Protocol Selection in Secure Two-Party Computations

On the practical importance of communication complexity for secure multi-party computation protocols

Optimal re-encryption strategy for joins in encrypted databases