Secure Two-Party Computation (2PC) protocols allow two parties to compute a function of their private inputs without revealing any information besides the output of the computation. There exist low cost general-purpose protocols for semi-honest parties that can be efficiently executed even on smartphones. However, for the case of malicious parties, current 2PC protocols are significantly less efficient, limiting their use to more resourceful devices. In this work we present an efficient 2PC protocol that is secure against malicious parties and is light enough to be used on mobile phones. The protocol is an adaptation of the protocol of Nielsen et al. (Crypto, 2012) to the Server-Aided setting, a natural relaxation of the plain model for secure computation that allows the parties to interact with a server (e.g., a cloud) who is assumed not to collude with any of the parties. Our protocol has two stages: In an offline stage - where no party knows which function is to be computed, nor who else is participating - each party interacts with the server and downloads a file. Later, in the online stage, when two parties decide to execute a 2PC together, they can use the files they have downloaded earlier to execute the computation with cost that is lower than the currently best semi-honest 2PC protocols. We show an implementation of our protocol for Android mobile phones, discuss several optimizations and report on its evaluation for various circuits. For example, the online stage for evaluating a single AES circuit requires only 2.5 seconds and can be further reduced to 1 second (amortized time) with multiple executions.
[AJLA+12] Gilad Asharov, Abhishek Jain, Adriana Lopez-Alt, Eran Tromer, Vinod Vaikuntanathan, and Daniel Wichs. Multiparty computation with low communication, computation and interaction via threshold fhe. In Advances in Cryptology-EUROCRYPT 2012, pages 483-501. Springer, 2012.
[AL10] Yonatan Aumann and Yehuda Lindell. Security against covert adversaries: Efficient protocols for realistic adversaries. J. Cryptol., 23(2):281-343, April 2010.
[BCD+09] Peter Bogetoft, Dan Lund Christensen, Ivan Damgard, Martin Geisler, Thomas Jakobsen, Mikkel Kroigaard, Janus Dam Nielsen, Jesper Buus Nielsen, Kurt Nielsen, Jakob Pagter, et al. Secure multiparty computation goes live. In Financial Cryptography and Data Security, pages 325-343. Springer, 2009.
[Bea92] Donald Beaver. Efficient multiparty protocols using circuit randomization. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’91, pages 420-432, London, UK, UK, 1992. Springer-Verlag.
[BG02] Boaz Barak and Oded Goldreich. Universal arguments and their applications. In Computational Complexity, 2002. Proceedings. 17th IEEE Annual Conference on, pages 162-171. IEEE, 2002.
[BHKR13] Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. Efficient garbling from a fixedkey blockcipher. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 478-492. IEEE, 2013.
[CADT14] Henry Carter, Chaitrali Amrutkar, Italo Dacosta, and Patrick Traynor. For your phone only: custom protocols for efficient secure function evaluation on mobile devices. Security and Communication Networks, 7(7):1165-1176, 2014.
[CHK+12] Seung Geol Choi, Kyung-Wook Hwang, Jonathan Katz, Tal Malkin, and Dan Rubenstein. Secure multiparty computation of boolean circuits with applications to privacy in on-line marketplaces. In Topics in Cryptology-CT-RSA 2012, pages 416-432. Springer, 2012.
[CLT14] Henry Carter, Charles Lever, and Patrick Traynor. Whitewash: Outsourcing garbled circuit generation for mobile devices. In Proceedings of the 30th Annual Computer Security Applications Conference, pages 266-275. ACM, 2014.
[CMTB13] Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. Secure outsourced garbled circuit evaluation for mobile devices. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pages 289-304, Washington, D.C., 2013. USENIX.
[DCFGT12] Emiliano De Cristofaro, Sky Faber, Paolo Gasti, and Gene Tsudik. Genodroid: are privacy-preserving genomic tests ready for prime time? In Proceedings of the 2012 ACM workshop on Privacy in the electronic society, pages 97-108. ACM, 2012.
[DI05] Ivan Damgard and Yuval Ishai. Constant-round multiparty computation using a black-box pseudorandom generator. In Advances in Cryptology-CRYPTO 2005, pages 378-394. Springer, 2005.
[DIK+08] I. Damgard, Y. Ishai, M. Krøigaard, J.-B. Nielsen, and A. Smith. Scalable multiparty computation with nearly optimal work and resilience. In Advances in Cryptology - CRYPTO 2008, pages 241-261, 2008.
[DSZ14] Daniel Demmler, Thomas Schneider, and Michael Zohner. Ad-hoc secure two-party computation on mobile devices using hardware tokens. In 23rd USENIX Security Symposium (USENIX Security 14), pages 893-908, San Diego, CA, August 2014. USENIX Association.
[FKN94] Uri Feige, Joe Killian, and Moni Naor. A minimal model for secure computation. In Proceedings of the twenty-sixth annual ACM symposium on Theory of computing, pages 554-563. ACM, 1994.
[G+09] Craig Gentry et al. Fully homomorphic encryption using ideal lattices. In STOC, volume 9, pages 169-178, 2009.
[GMW87] O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the nineteenth annual ACM symposium on Theory of computing, STOC ’87, pages 218-229, New York, NY, USA, 1987. ACM.
[HCE11] Yan Huang, Peter Chapman, and David Evans. Privacy-preserving applications on smartphones. In USENIX Workshop on Hot Topics in Security, 2011.
[HEKM11] Yan Huang, David Evans, Jonathan Katz, and Lior Malka. Faster secure two-party computation using garbled circuits. In Proceedings of the 20th USENIX conference on Security, SEC’11, pages 35-35, Berkeley, CA, USA, 2011. USENIX Association.
[HKK+14] Yan Huang, Jonathan Katz, Vladimir Kolesnikov, Ranjit Kumaresan, and Alex J Malozemoff. Amortizing garbled circuits. In Advances in Cryptology-CRYPTO 2014, pages 458-475. Springer, 2014.
[HSS+10] Wilko Henecka, Ahmad-Reza Sadeghi, Thomas Schneider, Immo Wehrenberg, et al. Tasty: tool for automating secure two-party computations. In Proceedings of the 17th ACM conference on Computer and communications security, pages 451-462. ACM, 2010.
[Hua12] Yan Huang. Practical Secure Two-Party Computation. PhD thesis, University of Virginia, 2012.
[IKO+11] Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, Manoj Prabhakaran, and Amit Sahai. Efficient noninteractive secure computation. In Kenneth G. Paterson, editor, EUROCRYPT, volume 6632 of Lecture Notes in Computer Science, pages 406-425. Springer, 2011.
[IPS08] Yuval Ishai, Manoj Prabhakaran, and Amit Sahai. Founding cryptography on oblivious transfer - efficiently. In Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology, CRYPTO 2008, pages 572-591, Berlin, Heidelberg, 2008. Springer-Verlag.
[JS07] Stanislaw Jarecki and Vitaly Shmatikov. Efficient twoparty secure computation on committed inputs. In Proceedings of the 26th annual international conference on Advances in Cryptology, EUROCRYPT ’07, pages 97-114, Berlin, Heidelberg, 2007. Springer- Verlag.
[KMR11] S. Kamara, P. Mohassel, and M. Raykova. Outsourcing multi-party comptuation. Technical Report 2011/272, IACR ePrint Cryptography Archive, 2011. http://eprint.iacr.org/2011/272.
[KMR12] Seny Kamara, Payman Mohassel, and Ben Riva. Salus: a system for server-aided secure function evaluation. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 797-808. ACM, 2012.
[KMSB13] Ben Kreuter, Benjamin Mood, Abhi Shelat, and Kevin Butler. Pcf: A portable circuit format for scalable two-party secure computation. In Proceedings of the 22Nd USENIX Conference on Security, SEC’13, pages 321-336, Berkeley, CA, USA, 2013. USENIX Association.
[KSS12] Benjamin Kreuter, Abhi Shelat, and Chih-Hao Shen. Billion-gate secure computation with malicious adversaries. In Proceedings of the 21st USENIX conference on Security symposium, Security’12, pages 14-14, Berkeley, CA, USA, 2012. USENIX Association.
[Lin13] Yehuda Lindell. Fast cut-and-choose based protocols for malicious and covert adversaries. In CRYPTO, pages 1-17, 2013.
[LP07] Yehuda Lindell and Benny Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In Moni Naor, editor, EUROCRYPT, volume 4515 of Lecture Notes in Computer Science, pages 52-78. Springer, 2007.
[LP11] Yehuda Lindell and Benny Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. In Yuval Ishai, editor, TCC, volume 6597 of Lecture Notes in Computer Science, pages 329-346. Springer, 2011.
[LR14] Yehuda Lindell and Ben Riva. Cut-and-choose yaobased secure computation in the online/offline and batch settings. In Advances in Cryptology-CRYPTO 2014, pages 476-494. Springer, 2014.
[MF06] Payman Mohassel and Matthew K. Franklin. Efficiency tradeoffs for malicious two-party computation. In Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin, editors, Public Key Cryptography, volume 3958 of Lecture Notes in Computer Science, pages 458-473. Springer, 2006.
[MGBF14] Benjamin Mood, Debayan Gupta, Kevin Butler, and Joan Feigenbaum. Reuse it or lose it: More efficient secure computation through reuse of encrypted values. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 582-596. ACM, 2014.
[MLB12] Benjamin Mood, Lara Letaw, and Kevin Butler. Memory-efficient garbled circuit generation for mobile devices. In Financial Cryptography and Data Security, pages 254-268. Springer, 2012.
[MNP+04] Dahlia Malkhi, Noam Nisan, Benny Pinkas, Yaron Sella, et al. Fairplay-secure two-party computation system. In USENIX Security Symposium, volume 4. San Diego, CA, USA, 2004.
[MR13] Payman Mohassel and Ben Riva. Garbled circuits checking garbled circuits: More efficient and secure two-party computation. In CRYPTO, pages 36-53, 2013.
[NNOB12] Jesper Buus Nielsen, Peter Sebastian Nordholt, Claudio Orlandi, and Sai Sheshank Burra. A new approach to practical active-secure two-party computation. In Advances in Cryptology - Crypto 2012, volume 7417 of Lecture Notes in Computer Science, pages 681-700. Springer, 2012.
[NO09] Jesper Buus Nielsen and Claudio Orlandi. Lego for two-party secure computation. In Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography, TCC ’09, pages 368-386, Berlin, Heidelberg, 2009. Springer-Verlag.
[PSSW09] Benny Pinkas, Thomas Schneider, Nigel P. Smart, and Stephen C. Williams. Secure two-party computation is practical. In Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09, pages 250-267, Berlin, Heidelberg, 2009. Springer-Verlag.
[SS11] Abhi Shelat and Chih-Hao Shen. Two-output secure computation with malicious adversaries. In Kenneth G. Paterson, editor, EUROCRYPT, volume 6632 of Lecture Notes in Computer Science, pages 386-405. Springer, 2011.
[SS13] Abhi Shelat and Chih-hao Shen. Fast two-party secure computation with minimal assumptions. In CCS, pages 523-534. ACM, 2013.
[ST15] Nigel Smart and Stefan Tillich. Circuits of basic functions suitable for MPC and FHE. http://www.cs.bris.ac.uk/Research/CryptographySecurity/MPC/,2015.
[Yao86] Andrew Chi-Chih Yao. How to generate and exchange secrets. In Proceedings of the 27th Annual Symposium on Foundations of Computer Science, SFCS ’86, pages 162-167, Washington, DC, USA, 1986. IEEE Computer Society.