ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
-
Upload
russell-holland -
Category
Documents
-
view
214 -
download
0
Transcript of ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.
![Page 1: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/1.jpg)
1
ORAM – Used for Secure Computation
byVenkatasatheesh Piduri
![Page 2: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/2.jpg)
2
Basics
• What is secure Computation• Why it is important• Different Methods
![Page 3: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/3.jpg)
3
Secure ComputationMy age is
16I do not
wantBob to know
My age is 12
I do not want
Alice to know
Who is the oldest?
![Page 4: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/4.jpg)
4
Secure Computation
Traditional solutions use circuit abstraction
>=16? 12
No, I am older than Bob
OT
[Yao, 1982] Garbled Circuit
![Page 5: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/5.jpg)
5
Papers for discussion
1. * Automating Efficient RAM-Model Secure Computation, SP14
2. Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns, SEC14
![Page 6: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/6.jpg)
6
Terms
• Third party computation• Semi honest model• Adversarial behavior• Oblivious transfer• Memory access pattern• Garbled circuit
![Page 7: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/7.jpg)
7
Introduction
• Traditional circuit approach• RAM- SC model• Automating efficient RAM- Model
![Page 8: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/8.jpg)
8
Key building blocks of RAM model SC
• Oblivious RAM – a cryptographic primitive that hides memory access patterns by randomly shuffling data in memory.
• Each memory read/ write incurs poly log n actual memory accesses
![Page 9: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/9.jpg)
9
Automating Efficient RAM – About
• Define Intermediate representation • Type system• Automated compiler – transfers high level
program into secure computation protocol.
![Page 10: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/10.jpg)
10
Continue
• Intermediate representation and Type system – Helps in avoiding expensive circuit
![Page 11: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/11.jpg)
11
Automating RAM-model Secure Computation
SCVM Intermediat
e Representat
ion
Program in
source langua
ge
Securecomputationprotocol
ProgrammerCrypto Non-Expert
Front-endcompiler
Back-endcompiler
Type Checker
Usability
Formal Security
Efficiency
![Page 12: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/12.jpg)
12
Automating RAM-model Secure Computation
SCVM Intermediat
e Representat
ion
Program in
source langua
ge
Securecomputationprotocol
Programmer
Front-endcompiler
Back-endcompiler
Type Checker
Usability
Formal Security
Efficiency
![Page 13: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/13.jpg)
13
Automating RAM-model Secure Computation
SCVM Intermediat
e Representat
ion
Program in
source langua
ge
Securecomputationprotocol
Programmer
Front-endcompiler
Back-endcompiler
Type Checker
Usability
Formal Security
Efficiency
![Page 14: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/14.jpg)
14
Toward generating efficient protocol
Instruction-trace
obliviousness
Memory-trace obliviousness
Mixed-mode execution
![Page 15: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/15.jpg)
15
Toward generating efficient protocol
Instruction-trace
obliviousness
![Page 16: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/16.jpg)
16
Program counter leaks information
• The instructions being executed leak information
if(a[mid] <key) l = mid + 1;else r = mid;
![Page 17: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/17.jpg)
17
Program counter leaks information
• The instructions being executed leak information
if(a[mid] <key) l = mid + 1;else r = mid;
![Page 18: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/18.jpg)
18
Program counter leaks information
• The instructions being executed leak information
if(a[mid] <key) l = mid + 1;else r = mid;
![Page 19: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/19.jpg)
19
Program counter leaks information
• The instructions being executed leak information
if(a[mid] <key) l = mid + 1;else r = mid;
Universal Circuit
Instruction
Execute ALL instructions!
INEFFICIENT!
new pc value
![Page 20: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/20.jpg)
20
Instruction-trace obliviousness
if(a[mid] <key) l = mid + 1;else r = mid;
t1=a[mid];cmp = t1<key;t2=mid+1;l=mux(cmp, t2, l);r=mux(cmp, r, mid);
Instruction-trace oblivious
programs, e.g. straight-line
programs, can avoid the
universal circuit
![Page 21: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/21.jpg)
21
Toward generating efficient protocol
Instruction-trace
obliviousness
Memory-trace obliviousness
![Page 22: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/22.jpg)
22
Memory Trace Obliviousness
int count(public int n, alice int* data, bob int T) {
int count = 0;
for(int i=0; i<n; ++i) {
if(data[i]==T)
count = count+1;
}
}
data need not be stored in an
ORAM
RAM
Linear scan
![Page 23: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/23.jpg)
23
Toward generating efficient protocol
Instruction-trace
obliviousness
Memory-trace obliviousness
Mixed-mode execution
![Page 24: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/24.jpg)
24
Mix-mode Execution
When code can be computed locally or publicly, a secure computation protocol is not necessary
E.g. sorting the array before performing binary search.
{ P , A , B , O}
![Page 25: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/25.jpg)
25
Compilation
• Typing the source language• Labeling statements• On secret branching• On secret while looping – can impose
constraint• Declassification – info can flow from only low
secure to high• Correctness - type checker
![Page 26: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/26.jpg)
26
Evaluation
• KMP string matching algorithm• Dijkstra’s shortest distance algorithm• Inverse Permutation• Aggregation over sliding windows• Binary Search• Heap Data Structure
![Page 27: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/27.jpg)
27
Evaluation
• Little compile time compared to earlier circuit model compilers
• Metric – block cipher evaluations as performance metric
![Page 28: ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.](https://reader036.fdocuments.us/reader036/viewer/2022062714/56649cfa5503460f949cc3d4/html5/thumbnails/28.jpg)
28
Thank you