Formal Methods in System Design

, Volume 51, Issue 2, pp 308–331 | Cite as

On compiling Boolean circuits optimized for secure multi-party computation

  • Niklas BüscherEmail author
  • Martin Franz
  • Andreas Holzer
  • Helmut Veith
  • Stefan KatzenbeisserEmail author


Secure multi-party computation (MPC) allows two or more distrusting parties to jointly evaluate a function over private inputs. For a long time considered to be a purely theoretical concept, MPC transitioned into a practical and powerful tool to build privacy-enhancing technologies. However, the practicality of MPC is hindered by the difficulty to implement applications on top of the underlying cryptographic protocols. This is because the manual construction of efficient applications, which need to be represented as Boolean or arithmetic circuits, is a complex, error-prone, and time-consuming task. To facilitate the development of further privacy-enhancing technology, multiple compilers have been proposed that create circuits for MPC. Yet, almost all presented compilers only support domain specific languages or provide very limited optimization methods. In this work (this is an extended and revised version of the paper ‘Secure Two-party Computations in ANSI C’ (Holzer et al., in: ACM CCS, 2012) that reflects the progress in secure computation and describes the current optimization tool chain of CBMC-GC) we describe our compiler CBMC-GC that implements a complete tool chain from ANSI C to circuit. Moreover, we give a comprehensive overview of circuit minimization techniques, which we have identified and adapted for the creation of efficient circuits for MPC. With the help of these techniques, our compilation approach allows for a high level of abstraction from the cryptographic primitives used in MPC protocols, as well as the complex design of digital circuits. By using the model checker CBMC as a compiler frontend, we illustrate the link between MPC, formal methods, and digital logic design. Our experimental results illustrate the effectiveness of the implemented optimizations techniques for various example applications. In particular, compared with other state-of-the-art compilers, we show that CBMC-GC compiles circuits from the same source code that are up to four times smaller.


Secure multi-party computation Compiler Logic synthesis 



We thank all anonymous reviewers for their helpful and constructive comments. This work has been co-funded by the DFG as part of project S5 within the CRC 1119 CROSSING, by the DFG as part of project A.1 within the RTG 2050 “Privacy and Trust for Mobile User”. The initial idea behind CBMC-GC, i.e., using a bounded model checker for high-level synthesis in the context of MPC, was coined in a very fruitful discussion with Helmut Veith over a cup of coffee in a Wiener Kaffeehaus (typical Viennese coffee house).

Supplementary material


  1. 1.
    Berkeley logic synthesis and verification group, abc: a system for sequential synthesis and verification, release 30916.
  2. 2.
    Bellare M, Hoang VT, Keelveedhi S, Rogaway P (2013) Efficient garbling from a fixed-key blockcipher. In: IEEE S&PGoogle Scholar
  3. 3.
    Bilogrevic I, Jadliwala M, Hubaux J, Aad I, Niemi V (2011) Privacy-preserving activity scheduling on mobile devices. In: ACM CODASPYGoogle Scholar
  4. 4.
    Bjesse P, Borälv A (2004) Dag-aware circuit compression for formal verification. In: ICCADGoogle Scholar
  5. 5.
    Bogdanov D, Laur S, Willemson J (2008) Sharemind: a framework for fast privacy-preserving computations. In: ESORICSGoogle Scholar
  6. 6.
    Bogetoft P, Christensen DL, Damgård I, Geisler M, Jakobsen T, Krøigaard M, Nielsen JD, Nielsen JB, Nielsen K, Pagter J et al (2009) Secure multiparty computation goes live. In: FCGoogle Scholar
  7. 7.
    Buchfuhrer D, Umans C (2011) The complexity of Boolean formula minimization. J. Comput. Syst. Sci. 77(1):142–153CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Buescher N, Holzer A, Weber A, Katzenbeisser S (2016) Compiling low depth circuits for practical secure computation. In: ESORICSGoogle Scholar
  9. 9.
    Buescher N, Kretzmer D, Jindal A, Stefan K (2016) Scalable secure computation from ansi-c. In: IEEE WIFSGoogle Scholar
  10. 10.
    Büscher N, Katzenbeisser S (2015) Faster secure computation through automatic parallelization. In: USENIX SecurityGoogle Scholar
  11. 11.
    Clarke EM, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In: TACASGoogle Scholar
  12. 12.
    Clarke EM, Kroening D, Yorav K (2003) Behavioral consistency of C and verilog programs using bounded model checking. In: DACGoogle Scholar
  13. 13.
    Courtois N, Hulme D, Mourouzis T (2011) Solving circuit optimisation problems in cryptography and cryptanalysi. IACR cryptology ePrint archiveGoogle Scholar
  14. 14.
    Damgård I, Pastro V, Smart NP, Zakarias S (2012) Multiparty computation from somewhat homomorphic encryption. In: CRYPTOGoogle Scholar
  15. 15.
    Darringer JA, Joyner WH, Berman CL, Trevillyan L (1981) Logic synthesis through local transformations. IBM J Res Dev 25:272–280CrossRefGoogle Scholar
  16. 16.
    Demmler D, Dessouky G, Koushanfar F, Sadeghi AR, Schneider T, Zeitouni S (2015) Automated synthesis of optimized circuits for secure computation. In: ACM CCSGoogle Scholar
  17. 17.
    Demmler D, Schneider T, Zohner M (2015) ABY—a framework for efficient mixed-protocol secure two-party computation. In: NDSSGoogle Scholar
  18. 18.
    Erkin Z, Franz M, Guajardo J, Katzenbeisser S, Lagendijk I, Toft T (2009) Privacy-preserving face recognition. In: PETSGoogle Scholar
  19. 19.
    Franz M, Holzer A, Katzenbeisser S, Schallhart C, Veith H (2014) CBMC-GC: an ANSI C compiler for secure two-party computations. In: Compiler construction CCGoogle Scholar
  20. 20.
    Goldreich O, Micali S, Wigderson A (1987) How to play any mental game or a completeness theorem for protocols with honest majority. In: ACM STOCGoogle Scholar
  21. 21.
    Goldreich O, Ostrovsky R (1996) Software protection and simulation on oblivious rams. J ACM 43(3):431–473CrossRefzbMATHMathSciNetGoogle Scholar
  22. 22.
    Goudarzi D, Rivain M (2016) On the multiplicative complexity of boolean functions and bitsliced higher-order masking. In: CHESGoogle Scholar
  23. 23.
    Henecka W, Kögl S, Sadeghi AR, Schneider T, Wehrenberg I (2010) TASTY: tool for automating secure two-party computations. In: ACM CCSGoogle Scholar
  24. 24.
    Holzer A, Franz M, Katzenbeisser S, Veith H (2012) Secure two-party computations in ANSI C. In: ACM CCSGoogle Scholar
  25. 25.
    Kolesnikov V, Sadeghi AR, Schneider T (2009) Improved garbled circuit building blocks and applications to auctions and computing minima. In: CANSGoogle Scholar
  26. 26.
    Kolesnikov V, Schneider T (2008) Improved garbled circuit: free XOR gates and applications. In: ICALPGoogle Scholar
  27. 27.
    Kreuter B, Shelat A, Mood B, Butler K (2013) PCF: a portable circuit format for scalable two-party secure computation. In: USENIX securityGoogle Scholar
  28. 28.
    Kreuter B, Shelat A, Shen C (2012) Billion-gate secure computation with malicious adversaries. In: USENIX securityGoogle Scholar
  29. 29.
    Kuehlmann A (2004) Dynamic transition relation simplification for bounded property checking. In: IEEE ICCADGoogle Scholar
  30. 30.
    Larraia E, Orsini E, Smart NP (2014) Dishonest majority multi-party computation for binary circuits. In: CRYPTOGoogle Scholar
  31. 31.
    Liu C, Huang Y, Shi E, Katz J, Hicks MW (2014) Automating efficient RAM-model secure computation. In: IEEE S&PGoogle Scholar
  32. 32.
    Liu C, Wang XS, Nayak K, Huang Y, Shi E (2015) ObliVM: a programming framework for secure computation. In: IEEE S&PGoogle Scholar
  33. 33.
    Malkhi D, Nisan N, Pinkas B, Sella Y (2004) Fairplay - secure two-party computation system. In: USENIX SecurityGoogle Scholar
  34. 34.
    Mishchenko A, Chatterjee S, Brayton R, Een N (2006) Improvements to combinational equivalence checking. In: IEEE ICCADGoogle Scholar
  35. 35.
    Mishchenko A, Chatterjee S, Brayton RK (2006) Dag-aware AIG rewriting a fresh look at combinational logic synthesis. In: DACGoogle Scholar
  36. 36.
    Mood B, Gupta D, Carter H, Butler K, Traynor P (2016) Frigate: a validated, extensible, and efficient compiler and interpreter for secure computation. In: IEEE Euro S&PGoogle Scholar
  37. 37.
    Mood B, Letaw L, Butler K (2012) Memory-efficient garbled circuit generation for mobile devices. In: FCGoogle Scholar
  38. 38.
    Nielsen JB, Nordholt PS, Orlandi C, Burra SS (2012) A new approach to practical active-secure two-party computation. In: CRYPTOGoogle Scholar
  39. 39.
    Robertson JE (1958) A new class of digital division methods. IRE Trans Electron Comput 3:218–222CrossRefGoogle Scholar
  40. 40.
    Schneider T, Zohner M (2013) GMW vs. Yao? Efficient secure two-party computation with low depth circuits. In: FCGoogle Scholar
  41. 41.
    Schnorr CP (1974) Zwei lineare untere Schranken für die Komplexität Boolescher Funktionen. Computing 13:155–171CrossRefzbMATHMathSciNetGoogle Scholar
  42. 42.
    Schröpfer A, Kerschbaum F, Müller G (2011) L1—an intermediate language for mixed-protocol secure computation. In: COMPSACGoogle Scholar
  43. 43.
    Songhori EM, Hussain SU, Sadeghi A, Schneider T, Koushanfar F (2015) Tinygarble: Highly compressed and scalable sequential garbled circuits. In: IEEE S&PGoogle Scholar
  44. 44.
    Turan MS, Peralta R (2014) The multiplicative complexity of boolean functions on four and five variables. In: LightSecGoogle Scholar
  45. 45.
    Yao ACC (1982) Protocols for secure computations (extended abstract). In: IEEE FOCSGoogle Scholar
  46. 46.
    Yao ACC (1986) How to generate and exchange secrets (extended abstract). In: IEEE FOCSGoogle Scholar
  47. 47.
    Zahur S, Evans D (2015) Obliv-c: a language for extensible data-oblivious computation. IACR cryptology ePrint archiveGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.Technische Universität DarmstadtDarmstadtGermany
  2. 2.Technische Universität WienViennaAustria

Personalised recommendations