Secure Multi-Party Computation (SMPC) allows multiple parties to jointly compute a publicly known function on their private inputs without revealing anything but the function’s output. A highly important tool in the design of secure computation is Yao’s garbled circuit construction for two parties  and the constant-round efficient multi-party BMR garbling which was optimized in  which can be seen as a multi-party variant of Yao’s protocol . Garbled circuits were mostly considered for Boolean circuits due to efficiency reasons. However, recently there are a few attempts to extend the scope of garbled circuits to arithmetic circuits in the two-party setting  and in the multi-party setting .
The implementation of garbling scheme makes extensive use of pseudo-random functions and it is still multiple orders of magnitude slower, compared to plaintext computation. To improve the efficiency of secure computation based on Yao’s protocols, one can use modern CPUs specific instruction sets such as AES-NI which accelerates AES computations on the Intel architecture. The introduction of AES-NI has significantly improved the performance of encryption and secure computation protocols. Recently, Intel has announced  that its future microarchitecture, named Ice Lake, will introduce new capabilities able to vectorize the existing AES-NI and VPCLMULQDQ instructions on wide registers available on the AVX512 architectures. This thesis will investigate how to use these new instructions for accelerating SMPC.
The goal of this thesis is to explore how these Intel’s new vectorized AES instructions, can be used efficiently, and how properly using them can lead to faster and more efficient SMPC. An essential part is to efficiently implement secure garbling utilizing these CPU instruction sets and pipelining.
This work instantiates pseudorandom functions for at least Yao garbling with fixed-key AES  and half-gates , and Yao garbling under standard assumptions , and BMR garbling  using these vectorized instructions. Additionally, two-party arithmetic garbling  and M-party arithmetic garbling  should be considered. All these implementations must be benchmarked on a CPU with the corresponding instruction sets. These benchmarks must clearly demonstrate performance improvements over an implementation using AES-NI only (without vectorization) on the same code base and also the original papers.
- Good programming skills in C/C++
- At least basic knowledge of cryptography
- High motivation + ability to work independently
- Knowledge of the English language, Git, LaTeX, etc. goes without saying
-  Intel architecture instruction set extensions programming reference. (opens in new tab), 2020. https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set-extensions-programming-reference.pdf
-  Marshall Ball, Tal Malkin, and Mike Rosulek. (opens in new tab). In CCS, 2016. Garbling gadgets for boolean and arithmetic circuits
-  Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. (opens in new tab). In IEEE S&P, 2013. Efficient garbling from a fixed-key blockcipher
-  Aner Ben-Efraim. (opens in new tab). In Asiacrypt, 2018. On multiparty garbling of arithmetic circuits
-  Aner Ben-Efraim, Yehuda Lindell, and Eran Omri. (opens in new tab). In CCS, 2016. Optimizing semi-honest secure multiparty computation for the internet
-  Shay Gueron, Yehuda Lindell, Ariel Nof, and Benny Pinkas. (opens in new tab). Journal of Cryptology, 2018. Fast garbling of circuits under standard assumptions
-  Samee Zahur, Mike Rosulek, and David Evans. (opens in new tab). In Eurocrypt, 2015. Two halves make a whole
- ( Hossein Yalame, M.Sc.firstname.lastname@example.org-…)
- ( Prof. Dr.-Ing. Thomas Schneiderschneider@encrypto.cs.tu-…)