Accelerating Multi-Party Computation with Vectorized AES Instructions
Master Thesis
Motivation
Secure Multi-Party Computation (SMPC) allows multiple parties to jointly compute a publicly known function on their private inputs without revealing anything but the function’s output. A highly important tool in the design of secure computation is Yao’s garbled circuit construction for two parties [3] and the constant-round efficient multi-party BMR garbling which was optimized in [5] which can be seen as a multi-party variant of Yao’s protocol [5]. Garbled circuits were mostly considered for Boolean circuits due to efficiency reasons. However, recently there are a few attempts to extend the scope of garbled circuits to arithmetic circuits in the two-party setting [2] and in the multi-party setting [4].
The implementation of garbling scheme makes extensive use of pseudo-random functions and it is still multiple orders of magnitude slower, compared to plaintext computation. To improve the efficiency of secure computation based on Yao’s protocols, one can use modern CPUs specific instruction sets such as AES-NI which accelerates AES computations on the Intel architecture. The introduction of AES-NI has significantly improved the performance of encryption and secure computation protocols. Recently, Intel has announced [1] that its future microarchitecture, named Ice Lake, will introduce new capabilities able to vectorize the existing AES-NI and VPCLMULQDQ instructions on wide registers available on the AVX512 architectures. This thesis will investigate how to use these new instructions for accelerating SMPC.
Goal
The goal of this thesis is to explore how these Intel’s new vectorized AES instructions, can be used efficiently, and how properly using them can lead to faster and more efficient SMPC. An essential part is to efficiently implement secure garbling utilizing these CPU instruction sets and pipelining.
This work instantiates pseudorandom functions for at least Yao garbling with fixed-key AES [3] and half-gates [7], and Yao garbling under standard assumptions [6], and BMR garbling [5] using these vectorized instructions. Additionally, two-party arithmetic garbling [2] and M-party arithmetic garbling [4] should be considered. All these implementations must be benchmarked on a CPU with the corresponding instruction sets. These benchmarks must clearly demonstrate performance improvements over an implementation using AES-NI only (without vectorization) on the same code base and also the original papers.
Requirements
- Good programming skills in C/C++
- At least basic knowledge of cryptography
- High motivation + ability to work independently
- Knowledge of the English language, Git, LaTeX, etc. goes without saying
References
- [1] Intel architecture instruction set extensions programming reference. https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set-extensions-programming-reference.pdf (opens in new tab), 2020.
- [2] Marshall Ball, Tal Malkin, and Mike Rosulek. Garbling gadgets for boolean and arithmetic circuits (opens in new tab). In CCS, 2016.
- [3] Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. Efficient garbling from a fixed-key blockcipher (opens in new tab). In IEEE S&P, 2013.
- [4] Aner Ben-Efraim. On multiparty garbling of arithmetic circuits (opens in new tab). In Asiacrypt, 2018.
- [5] Aner Ben-Efraim, Yehuda Lindell, and Eran Omri. Optimizing semi-honest secure multiparty computation for the internet (opens in new tab). In CCS, 2016.
- [6] Shay Gueron, Yehuda Lindell, Ariel Nof, and Benny Pinkas. Fast garbling of circuits under standard assumptions (opens in new tab). Journal of Cryptology, 2018.
- [7] Samee Zahur, Mike Rosulek, and David Evans. Two halves make a whole (opens in new tab). In Eurocrypt, 2015.
Supervisor
- Hossein Yalame, M.Sc.
- Prof. Dr.-Ing. Thomas Schneider ( schneider@encrypto.cs.tu-…)
Publications
- Jean-Pierre Münch, Thomas Schneider, and Hossein Yalame. VASA: Vector AES instructions for Security Applications. In ACSAC, 2021.
