Accelerating Multi-Party Computation with Vectorized AES Instructions

Master Thesis


Secure Multi-Party Computation (SMPC) allows multiple parties to jointly compute a publicly known function on their private inputs without revealing anything but the function’s output. A highly important tool in the design of secure computation is Yao’s garbled circuit construction for two parties [3] and the constant-round efficient multi-party BMR garbling which was optimized in [5] which can be seen as a multi-party variant of Yao’s protocol [5]. Garbled circuits were mostly considered for Boolean circuits due to efficiency reasons. However, recently there are a few attempts to extend the scope of garbled circuits to arithmetic circuits in the two-party setting [2] and in the multi-party setting [4].

The implementation of garbling scheme makes extensive use of pseudo-random functions and it is still multiple orders of magnitude slower, compared to plaintext computation. To improve the efficiency of secure computation based on Yao’s protocols, one can use modern CPUs specific instruction sets such as AES-NI which accelerates AES computations on the Intel architecture. The introduction of AES-NI has significantly improved the performance of encryption and secure computation protocols. Recently, Intel has announced [1] that its future microarchitecture, named Ice Lake, will introduce new capabilities able to vectorize the existing AES-NI and VPCLMULQDQ instructions on wide registers available on the AVX512 architectures. This thesis will investigate how to use these new instructions for accelerating SMPC.


The goal of this thesis is to explore how these Intel’s new vectorized AES instructions, can be used efficiently, and how properly using them can lead to faster and more efficient SMPC. An essential part is to efficiently implement secure garbling utilizing these CPU instruction sets and pipelining.

This work instantiates pseudorandom functions for at least Yao garbling with fixed-key AES [3] and half-gates [7], and Yao garbling under standard assumptions [6], and BMR garbling [5] using these vectorized instructions. Additionally, two-party arithmetic garbling [2] and M-party arithmetic garbling [4] should be considered. All these implementations must be benchmarked on a CPU with the corresponding instruction sets. These benchmarks must clearly demonstrate performance improvements over an implementation using AES-NI only (without vectorization) on the same code base and also the original papers.


  • Good programming skills in C/C++
  • At least basic knowledge of cryptography
  • High motivation + ability to work independently
  • Knowledge of the English language, Git, LaTeX, etc. goes without saying