Efficient Secure Two-Party Computation with Untrusted Hardware Tokens (Full Version)*

  • Kimmo Järvinen
  • Vladimir Kolesnikov
  • Ahmad-Reza Sadeghi
  • Thomas Schneider
Chapter

Abstract

Secure and efficient evaluation of arbitrary functions on private inputs has been subject of cryptographic research for decades. In particular, the following scenario appears in a variety of practical applications: a service provider (server \(\mathcal{S}\)) and user (client \(\mathcal{C}\)) wish to compute a function f on their respective private data, without incurring the expense of a trusted third party. This can be solved interactively using Secure Function Evaluation (SFE) protocols, for example, using the very efficient garbled circuit (GC) approach [23, 36]. However, GC protocols potentially require a large amount of data to be transferred between \(\mathcal{S}\) and \(\mathcal{C}\). This is because f needs to be encrypted (garbled) as \(\widetilde{f}\) and transferred from \(\mathcal{S}\) to \(\mathcal{C}\).

References

  1. 1.
    W. Aiello, Y. Ishai, O. Reingold, Priced oblivious transfer: How to sell digital goods. in Advances in Cryptology – EUROCRYPT’01. Lecture Notes in Computer Science, vol. 2045 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2001), pp. 119–135Google Scholar
  2. 2.
    M. Barni, P. Failla, V. Kolesnikov, R. Lazzeretti, A.R. Sadeghi, T. Schneider, in Secure Evaluation of Private Linear Branching Programs with Medical Applications. European Symposium on Research in Computer Security (ESORICS’09). Lecture Notes in Computer Science, vol. 5789 (Springer, Saint-Malo, France, 21–23 Sept 2009), pp. 424–439Google Scholar
  3. 3.
    C.L. Berman, Circuit width, register allocation, and ordered binary decision diagrams. IEEE Trans. CAD 10(8), 1059–1066 (1991)Google Scholar
  4. 4.
    R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, in Universally Composable Two-party and Multi-party Secure Computation. ACM Symposium on Theory of Computing (STOC’02), Montréal, Québec, Canada, 19–21 May 2002, pp. 494–503Google Scholar
  5. 5.
    D. Canright, in A Very Compact S-box for AES. Cryptographic Hardware and Embedded Systems (CHES’05), Edinburgh, UK, 29 Aug–1 Sept 2005. Lecture Notes in Computer Science, vol. 3659 (Springer, 2005), pp. 441–456Google Scholar
  6. 6.
    G.J. Chaitin, M.A. Auslander, A.K. Chandra, J. Cocke, M.E. Hopkins, P.W. Markstein, Register allocation via coloring. Comput. Lang. 6(1), 47–57 (1981)CrossRefGoogle Scholar
  7. 7.
    N. Chandran, V. Goyal, A. Sahai, New constructions for UC secure computation using tamper-proof hardware. in Advances in Cryptology – EUROCRYPT’08, Istanbul, Turkey, 13–17 Apr 2008. Lecture Notes in Computer Science, vol. 4965 (Springer, 2008), pp. 545–562Google Scholar
  8. 8.
    I. Damgård, J.B. Nielsen, D. Wichs, in Universally Composable Multiparty Computation with Partially Isolated Parties. Theory of Cryptography (TCC’09), San Francisco, CA, USA, 15–17 Mar 2009. Lecture Notes in Computer Science vol. 5444 (Springer, 2009), pp. 315–331Google Scholar
  9. 9.
    M. Feldhofer, J. Wolkerstorfer, in Strong Crypto for RFID Tags — A Comparison of Low-Power Hardware Implementations. International Symposium on Circuits and Systems (ISCAS’07) (IEEE Computer Society, 2007), pp. 1839–1842Google Scholar
  10. 10.
    M. Fort, F.C. Freiling, L.D. Penso, Z. Benenson, D. Kesdogan, in Trustedpals: Secure Multiparty Computation Implemented with Smart Cards. European Symposium on Research in Computer Security (ESORICS’06), Hamburg, Germany, 18–20 Sept 2006. Lecture Notes in Computer Science, vol. 4189 (Springer, 2006), pp. 34–48Google Scholar
  11. 11.
    Google Health (2009). https://www.google.com/health
  12. 12.
    V. Goyal, P. Mohassel, A. Smith, Efficient two party and multi party computation against covert adversaries. in Advances in Cryptology – EUROCRYPT’08, Istanbul, Turkey, 13–17 Apr 2008. Lecture Notes in Computer Science, vol. 4965 (Springer, 2008), pp. 289–306Google Scholar
  13. 13.
    V. Gunupudi, S. Tate, in Generalized Non-interactive Oblivious Transfer Using Count-Limited Objects with Applications to Secure Mobile Agents. Financial Cryptography and Data Security (FC’08), Cozumel, Mexico, 28–31 Jan 2008. Lecture Notes in Computer Science, vol. 5143 (Springer, 2008), pp. 98–112Google Scholar
  14. 14.
    C. Hazay, Y. Lindell, in Constructions of Truly Practical Secure Protocols Using Standard Smartcards. ACM Conference on Computer and Communications Security (CCS’08) (ACM, New York, NY, USA 2008), pp. 491–500Google Scholar
  15. 15.
    D. Hofheinz, J. Müller-Quade, D. Unruh, in Universally Composable Zero-Knowledge Arguments and Commitments from Signature Cards. Central European Conference on Cryptology (MoraviaCrypt’05), Brno, The Czech Republic, 15–17 June 2005Google Scholar
  16. 16.
    A. Iliev, S. Smith, More Efficient Secure Function Evaluation Using Tiny Trusted Third Parties. Technical Report TR2005-551, Dartmouth College, Computer Science, Hanover, NH (2005). http://www.cs.dartmouth.edu/reports/TR2005-551.pdf
  17. 17.
    Y. Ishai, J. Kilian, K. Nissim, E. Petrank, Extending oblivious transfers efficiently. in Advances in Cryptology – CRYPTO’03. Lecture Notes in Computer Science, vol. 2729 (Springer-Verlag, Berlin, Heidelberg, New York, NY 2003) pp. 145–161Google Scholar
  18. 18.
    K. Järvinen, V. Kolesnikov, A.-R. Sadeghi, T. Schneider, in Embedded SFE: Offloading Server and Network Using Hardware Tokens. In 14th International Conference on Financial Cryptography and Data Security (FC’10). Lecture Notes in Computer Science vol. 6052 (Springer, Jan 2010) pp. 207–221Google Scholar
  19. 19.
    J. Katz, Universally composable multi-party computation using tamper-proof hardware. in Advances in Cryptology – EUROCRYPT’07, Barcelona, Spain, 20–24 May 2007. Lecture Notes in Computer Science, vol. 4515 (Springer, 2007), pp. 115–128Google Scholar
  20. 20.
    V. Kolesnikov, T. Schneider, in Improved Garbled Circuit: Free XOR Gates and Applications. International Colloquium on Automata, Languages and Programming (ICALP’08), Reykjavik, Iceland, 6–13 July 2008. Lecture Notes in Computer Science, vol. 5126 (Springer, 2008), pp. 486–498Google Scholar
  21. 21.
    H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-hashing for message authentication. RFC 2104 (Informational), (1997). http://tools.ietf.org/html/rfc2104
  22. 22.
    Y. Lindell, B. Pinkas, An efficient protocol for secure two-party computation in the presence of malicious adversaries. in Advances in Cryptology – EUROCRYPT’07 Barcelona, Spain, 20–24 May 2007. Lecture Notes in Computer Science, vol. 4515 (Springer, 2007), pp. 52–78Google Scholar
  23. 23.
    Y. Lindell, B. Pinkas, A proof of Yao’s protocol for secure two-party computation. J. Cryptol. 22(2), 161–188 (2009). Cryptology ePrint Archive, Report 2004/175, http://eprint.iacr.org MathSciNetMATHCrossRefGoogle Scholar
  24. 24.
    Y. Lindell, B. Pinkas, N. Smart, in Implementing Two-party Computation Efficiently with Security Against Malicious Adversaries. Security and Cryptography for Networks (SCN’08), Amalfi, Italy, 10–12 Sept 2008. Lecture Notes in Computer Science, vol. 5229 (Springer, 2008), pp. 2–20Google Scholar
  25. 25.
    D. Malkhi, N. Nisan, B. Pinkas, Y. Sella, in Fairplay — A Secure Two-party Computation System. USENIX Security Symposium (Security’04), San Diego, CA, USA, 9–13 Aug 2004 (USENIX Association, 2004)Google Scholar
  26. 26.
    T. Moran, G. Segev, David and goliath commitments: UC computation for asymmetric parties using tamper-proof hardware. in Advances in Cryptology – EUROCRYPT’08, Istanbul, Turkey, 13–17 Apr 2008. Lecture Notes in Computer Science, vol. 4965 (Springer, 2008), pp. 527–544Google Scholar
  27. 27.
    M. Naor, B. Pinkas, in Efficient Oblivious Transfer Protocols. ACM-SIAM Symposium On Discrete Algorithms (SODA’01), Washington, DC, USA, 7–9 Jan 2001. (Society for Industrial and Applied Mathematics, 2001), pp. 448–457Google Scholar
  28. 28.
    NIST, U.S. National Institute of Standards and Technology: Federal information processing standards (FIPS 197). Advanced Encryption Standard (AES) (2001). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  29. 29.
    NIST, U.S. National Institute of Standards and Technology: Federal information processing standards (FIPS 180-2). Announcing the Secure Hash Standard (2002). http://csrc.nist.gov/publications/fips/fips180-2/fips-180-2.pdf
  30. 30.
    B. Pinkas, T. Schneider, N.P. Smart, S.C. Williams, Secure two-party computation is practical. in Advances in Cryptology – ASIACRYPT 2009, Tokyo, Japan, 6–10 Dec 2009. Lecture Notes in Computer Science, vol. 5912 (Springer, 2009), pp. 250–267Google Scholar
  31. 31.
    C.E. Shannon, The synthesis of two-terminal switching circuits. Bell Syst. Tech. J. 28(1), 59–98 (1949)MathSciNetGoogle Scholar
  32. 32.
    J. Song, R. Poovendran, J. Lee, T. Iwata, The AES-CMAC Algorithm. RFC 4493 (Informational) (2006). http://tools.ietf.org/html/rfc4493
  33. 33.
    Y.N. Srikant, P. Shankar (eds.), The Compiler Design Handbook: Optimizations and Machine Code Generation (CRC Press, Boca Raton, FL, 2002)Google Scholar
  34. 34.
    S. Tate, R. Vishwanathan, in Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology. Data and Applications Security (DBSec’09), Concordia University, Montreal, Canada, 12–15 July 2009. Lecture Notes in Computer Science, vol. 5645 (Springer, 2009), pp. 252–267Google Scholar
  35. 35.
    B.C.H. Turton, Extending Quine-McCluskey for exclusive-or logic synthesis. IEEE Trans. Educ. 39, 81–85 (1996)CrossRefGoogle Scholar
  36. 36.
    A.C. Yao, in How to Generate and Exchange Secrets. IEEE Symposium on Foundations of Computer Science (FOCS’86), Toronto, Canada, 27–29 Oct 1986 (IEEE, 1986), pp. 162–167Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Kimmo Järvinen
    • 1
  • Vladimir Kolesnikov
    • 2
  • Ahmad-Reza Sadeghi
    • 3
  • Thomas Schneider
    • 3
  1. 1.Department of Information and Computer ScienceAalto UniversityAaltoFinland
  2. 2.Alcatel-Lucent Bell LaboratoriesMurray HillUSA
  3. 3.Horst Görtz Institute for IT SecurityRuhr-University BochumBochumGermany

Personalised recommendations