Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit...
Transcript of Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit...
![Page 1: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/1.jpg)
Preserving Privacy through Processing Encrypted Data
Prof. Miriam Leeser
Department of Electrical and Computer EngineeringNortheastern University
Boston, [email protected]
Joint work with Prof. Stratis Ioannidis
![Page 2: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/2.jpg)
Analyzing Data from Human Subjects
Preserving Privacy through Processing Encrypted Data1
Ubiquitous practice Display & search ads e-Commerce Streaming ...
Integral to daily operations User profiling Targeted advertising Personalized recommendations
Long history in experimental/life sciences Medicine Psychology Sociology Behavioral Economics …
![Page 3: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/3.jpg)
Privacy threat exists because
Preserving Privacy through Processing Encrypted Data2
…personal information can be inferred from seemingly innocuous behavioral data
[Kosinski, Stillwell, Graepel, 2013]Observed in several contexts:
Facebook likes [Kosinski, Stillwell, Graepel, 2013] Gender, Political Affiliation, Age, Religion,
Marital Status, Smoking, Sexual Orientation, Drug Use.
Search queries [Bi, Shokouhi, Kosinski, Graepel, 2013]. Gender, Political Affiliation, Age, Religion
Tweets [Rao, Yarowsky, Shreevats, Gupta, 2010] Gender, Political Affiliation, Age, Origin.
Movie Ratings [Weinsberg, Bhagat,Ioannidis,Taft, 2012] Gender, Political Affiliation, Age
![Page 4: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/4.jpg)
Privacy threat exists because…
Preserving Privacy through Processing Encrypted Data3
…information is coming from an increasingly diverse pool of sources
Implicit (e.g., queries, clicks, purchases, views)
Explicit (e.g., ratings, likes) Mobile devices Integrated/embedded sensors …
![Page 5: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/5.jpg)
Privacy Concerns Well Documented
Preserving Privacy through Processing Encrypted Data4
![Page 6: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/6.jpg)
Q: Can we enable the mining and analysis of sensitive datasets, while offering privacy guarantees?
A: Yes, through SFE:Secure Function Evaluation
Motivating Question
Preserving Privacy through Processing Encrypted Data5
![Page 7: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/7.jpg)
• Current state of the art– Users transmit encrypted data– Evaluator decrypts data for processing
• Evaluator or malicious third party could access decrypted data
• SFE: Secure Function Evaluation– Evaluator processes encrypted data– In our model, everyone knows function
• Only user has access to his/her unencrypted data
SFE: Canonical Problem: Millionaires
Preserving Privacy through Processing Encrypted Data6
![Page 8: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/8.jpg)
Secure Function Evaluation (SFE)
Preserving Privacy through Processing Encrypted Data7
The analyst learns only , and nothing else.
![Page 9: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/9.jpg)
Grand Challenge
Preserving Privacy through Processing Encrypted Data8
Apply SFE to execute real-life, practical algorithms over massive datasets
![Page 10: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/10.jpg)
Challenge 1: Overhead Due to Encryptions
Preserving Privacy through Processing Encrypted Data9
Slow-down can be of several orders of magnitude (e.g., 100,000 times slower).
![Page 11: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/11.jpg)
Challenge 2: Cost of Obliviousness
Preserving Privacy through Processing Encrypted Data10
Translating to data-oblivious algorithm can increase total work
function bs(val, s, t)mid = (s + t) / 2;if (val < mem[mid])
bs(val, 0, mid)else
bs(val, mid+1, t)
For “big data”, even going from to is prohibitive
![Page 12: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/12.jpg)
Challenge 3: Maintaining Parallelism
Preserving Privacy through Processing Encrypted Data11
Very important for “big data”
Caveat: Communication patterns between processors may reveal something about the data
Desirable properties:Low parallel processing time Low communication cost
Processor 1 Processor 2 Processor 3
t = 1
t = 2
time
communication
![Page 13: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/13.jpg)
Our Contributions (Ioannidis and Leeser)
Preserving Privacy through Processing Encrypted Data12
Generic approach for SFE of graph-parallel algorithm Scatter/Gather/Apply Includes several important DM+ML algorithms
Matrix/Tensor Factorization, Training DNNs, …
GraphSC: Highly parallel implementation– Total Work: Blowup: – Parallel Time: – Generic Implementation -- no accelerators– MF: 1M ratings, 128 cores: 13 hours
Hardware implementation & acceleration via FPGAs in the Datacenter First published in FPGA 2017
![Page 14: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/14.jpg)
Background: Yao's Garbled Circuits
Acceleration via FPGAs
Overview
Preserving Privacy through Processing Encrypted Data13
![Page 15: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/15.jpg)
Basic Ingredient: Proxy Oblivious Transfer
Preserving Privacy through Processing Encrypted Data14
choosersender
,
receiver
Initially: Chooser has a secret bit Sender has two secret messages Receiver knows nothing
![Page 16: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/16.jpg)
Basic Ingredient: Proxy Oblivious Transfer
Preserving Privacy through Processing Encrypted Data15
choosersender
,
receiver
PROXY OBLIVIOUS TRANSFER
At the conclusion of the protocol:
Receiver learns neither nor Receiver learns secret message corresponding to secret bit (i.e., )
Sender and chooser learn nothing
![Page 17: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/17.jpg)
Yao’s Garbled Circuits (GC)
Preserving Privacy through Processing Encrypted Data16
Evaluator
The evaluator learns f(…) and nothing but f(…)
input owners
GC requires expressing f as a Boolean Circuit
![Page 18: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/18.jpg)
Yao’s Garbled Circuits Example: AND gate
Preserving Privacy through Processing Encrypted Data18
Evaluator Garbler
Inputs Outputs
0 0 00 1 01 0 01 1 1
The garbler facilitates SFE but learns nothing
The evaluator learns f(…) and nothing but f(…)
input owners
![Page 19: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/19.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data19
Evaluator Garbler
For each input wire, the garbler generates 2 random strings (representing 0 and 1, respectively)
keys:
Inputs Outputs
0 0 00 1 01 0 01 1 1
input owners
![Page 20: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/20.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data20
Evaluator Garbler
For each input wire, the garbler generates 2 random strings (representing 0 and 1, respectively)
keys:
Inputs Outputs
0 01 0
1 0 01 1 1
input owners
![Page 21: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/21.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data21
Evaluator Garbler
For each input wire, the garbler generates 2 random strings (representing 0 and 1, respectively)
keys:
Inputs Outputs
0 01 00 01 1
input owners
![Page 22: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/22.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data22
Evaluator Garbler
For each input wire, the garbler generates 2 random strings (representing 0 and 1, respectively)
Inputs Outputs
0001
input owners
![Page 23: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/23.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data23
Evaluator Garbler
The garbler encrypts each of the 4 possible outputs using the corresponding pairs input keys
Inputs Outputs
input owners
![Page 24: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/24.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data24
Evaluator Garbler
Garbled gate: 4 encrypted ciphertexts, permuted.
Inputs Outputs
input owners
![Page 25: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/25.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data25
Evaluator Garbler
Garbled gate: 4 encrypted ciphertexts, permuted.
Inputs Outputs
input owners
![Page 26: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/26.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data26
Evaluator Garbler
Inputs Outputs
Garbled gate: 4 encrypted ciphertexts, permuted.
input owners
![Page 27: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/27.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data27
Evaluator Garbler
Garbler sends garbled gate to Evaluator.
Inputs Outputs
input owners
![Page 28: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/28.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data28
Evaluator Garbler
Garbler, Evaluator, and input owners engage in proxy oblivious transfer.
Inputs Outputs
input owners
![Page 29: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/29.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data29
Evaluator Garbler
Garbler, Evaluator, and input owners engage in proxy oblivious transfer.
Inputs Outputs
input owners
PROXY OBLIVIOUS TRANSFER
,
As a result, Evaluator learns keys corresponding to true inputs, while Garbler learns nothing.
![Page 30: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/30.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data30
Evaluator Garbler
Inputs Outputs
input owners
PROXY OBLIVIOUS TRANSFER
,
Evaluator attempts to decrypt each of the four ciphertexts; the decryption that succeeds reveals the true output.
![Page 31: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/31.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data31
Evaluator Garbler
Inputs Outputs
input owners
PROXY OBLIVIOUS TRANSFER
,
Evaluator attempts to decrypt each of the four ciphertexts; the decryption that succeeds reveals the true output.
0
![Page 32: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/32.jpg)
Yao’s Garbled Circuits: Protocol Overview
Preserving Privacy through Processing Encrypted Data32
GARBLER EVALUATOR INPUT OWNERS
TRANSMIT
PROXY OBLIVIOUS TRANSFER Private Inputs
GAR
BLE
Keys
Garbled Circuit
EVALUATE
PHAS
E I
PHAS
E II
PHAS
E III
![Page 33: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/33.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data34
Evaluatorinput owners Garbler
…
For each gate, input keys are used to encrypt output keys
Inputs Outputs
![Page 34: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/34.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data36
Evaluatorinput owners Garbler
…
For each gate, input keys are used to encrypt output keys
Inputs Outputs
![Page 35: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/35.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data37
Evaluatorinput owners Garbler
…
Garbler keeps only input keys, and sends all garbled gates to Evaluator
![Page 36: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/36.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data38
Evaluatorinput owners Garbler
…
Through proxy OT, Evaluator learns keys corresponding to true inputs
PROXY OT
![Page 37: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/37.jpg)
PROXY OT
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data39
Evaluatorinput owners Garbler
…
Using input keys, Evaluator “ungarbles” gates, learning final output.
![Page 38: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/38.jpg)
Yao’s Garbled Circuits
Preserving Privacy through Processing Encrypted Data40
GC Protocol Improvements Row reduction Point-and-permute Free-XOR Two halves AND
GC Implementation Frameworks Fairplay TASTY FastGC ObliVM …
[Malkhi, Nisan, Pinkas, Sella; USENIX Security 2004][Naor, Pinkas, Summer; EC 1999]
[Kolesnikov, Schneider; ICALP 2008]
[Henecka, Kogl, Sadeghi, Schneider Wehrenberg; CCS 2010]
[Huang, Evans, Katz, Malka; USENIX Security 2011]
[Malkhi, Nisan, Pinkas, Sella; Usenix 2004]
[Liu, Wang, Nayak, Huang, Shi; IEEE S&P, 2015]
[Zahur, Rosulek, Evans; EUROCRYPT 2015]
![Page 39: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/39.jpg)
The “SFE for Privacy” Program
Preserving Privacy through Processing Encrypted Data41
Pick data mining/ML algorithm of interest Linear/Logistic Regression Matrix Factorization DNNs …
Express it as a binary circuit
Apply Yao's Protocol
![Page 40: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/40.jpg)
Overhead
Cost-of-obliviousness
Maintaining Parallelism
Computational Cost is high!
Caveat: The Three Challenges!
Preserving Privacy through Processing Encrypted Data42
function bs(val, s, t)mid = (s + t) / 2;if (val < mem[mid])
bs(val, 0, mid)else
bs(val, mid+1, t)
Low depth Low fan-out per gate
![Page 41: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/41.jpg)
FPGAs to the rescue!
Preserving Privacy through Processing Encrypted Data45
• Initial implementation using a Stratix V• Currently working on port to AWS
![Page 42: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/42.jpg)
Translating GC to FPGA
• Translation of problem to Garbled Circuit (GC)– Need to do this for SW or hardware
• Translation of GC to FPGA – NOT a good approach:
• Generate GC hardware for each problem instance– Can take a long time
• Download new circuit when problem changes
Preserving Privacy through Processing Encrypted Data51
![Page 43: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/43.jpg)
• Two parts:– A circuit design implemented on FPGA
fabric using standard design flow– A user circuit mapped onto that overlay
circuit
• Benefits:– User-configured logic in fixed FPGA
bitstream– Optimized for GC problem (coarse grain) – One time synthesis and programming
• For GC– Garbled AND gates VERY complex– Garbled XOR gates somewhat complex
FPGA Overlay for Garbled Circuits
FPGA
Preserving Privacy through Processing Encrypted Data52
![Page 44: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/44.jpg)
CPU
AND
AND
AND
AND
AND
AND
AND
AND
AND
AND
AND
XOR
Workload Dispatcher
&Data
Controller
FIFO
BRAM
FPGA
Garbling FPGA
PCIe
Preserving Privacy through Processing Encrypted Data53
![Page 45: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/45.jpg)
Yao’s Garbled Circuits: Protocol Overview
Preserving Privacy through Processing Encrypted Data
GARBLER EVALUATOR INPUT OWNERS
TRANSMIT
PROXY OBLIVIOUS TRANSFER Private Inputs
GAR
BLE
Keys
Garbled Circuit
EVALUATE
PHAS
E I
PHAS
E II
PHAS
E III
55
![Page 46: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/46.jpg)
CPUFPGA CPU FPGA
Garbler Evaluator
Layer Info.
Shared
Garbled Table
Input garbled value via O.T.
PCIE PCIE
Layer Info.
Garbler and Evaluator on FPGAs
Preserving Privacy through Processing Encrypted Data56
![Page 47: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/47.jpg)
Garbled Circuit Workflow
CPUFPGA
FlexSC
GC Problem
Gate Netlist
Layer Extractor
Layer Info.
PCIE
Architecture Mapping
Host Code Generation
Garbled Table
Input Garbled
Value
Memory System
Preserving Privacy through Processing Encrypted Data57
https://github.com/wangxiao1254/FlexSC
![Page 48: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/48.jpg)
CPU
AND
AND
AND
AND
AND
AND
AND
AND
AND
AND
AND
XOR
Workload Dispatcher
&Data
Controller
FIFO
BRAM
FPGA
Garbling FPGA
PCIe
Preserving Privacy through Processing Encrypted Data58
![Page 49: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/49.jpg)
Latency:1 cycle
K10K0
0
K10
R
K00
R
K00
K20
K10 K2
1
Garbled XOR Gate
Kitrue = Ki
false xor R
Kolesnikov, Vladimir, and Thomas Schneider. "Improved garbled circuit: Free XOR gates and applications." International Colloquium on Automata, Languages, and Programming. 2008.
Preserving Privacy through Processing Encrypted Data59
![Page 50: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/50.jpg)
K20
SHA-1
K00
K10
K20
R
K00,K1
0
K20
SHA-1
K01,K1
0
K20
SHA-1
K00,K1
1
K21
SHA-1
K01,K1
1
Latency:82 cycles
Basic Garbled AND Gate
Preserving Privacy through Processing Encrypted Data60
![Page 51: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/51.jpg)
Improved Garbled AND Gate
Row Reduction Optimization
Preserving Privacy through Processing Encrypted Data61
![Page 52: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/52.jpg)
Garbler Overlay Architecture Using On Chip Memory
Preserving Privacy through Processing Encrypted Data65
![Page 53: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/53.jpg)
Resource Utilization
Preserving Privacy through Processing Encrypted Data66
![Page 54: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/54.jpg)
Run times: Our FPGA Implementation vs. FlexSC
Preserving Privacy through Processing Encrypted Data67
![Page 55: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/55.jpg)
Speedup compared with FlexSC
FlexSC runs at 2.80 GHzFPGA overlay runs at 200 MHz
Preserving Privacy through Processing Encrypted Data68
![Page 56: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/56.jpg)
Garbler Architecture Using On Board Memory
For large problems, embedded memory is not large enough to hold all the values
Solution: Use DDR Memory on board
Pro: Memory spaceCon: Access speed
Preserving Privacy through Processing Encrypted Data69
![Page 57: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/57.jpg)
Garbler Architecture Using “Caching”
DDR Access is slow compared to embedded memory
Solution: Use BRAM as a user managed “cache”
Pro: Space and Fast
User defined caching policy and implementation
Preserving Privacy through Processing Encrypted Data70
![Page 58: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/58.jpg)
• Goal: reduce latency of memory accesses• Two strategies implemented
– Most frequently used• Count number of uses of each netlist in the entire
circuit• Store the most frequently used in on-chip memory
– Directly used• Store value in on-chip memory if
– It is only used once– It is used in the next layer
Using on chip memory as user managed cache
Preserving Privacy through Processing Encrypted Data71
![Page 59: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/59.jpg)
Speedup Results with Multiple Optimizatons
15 AND overlay cells and 15 XOR overlay cells Hybrid memory system with “directly-used” policy300 MHz clock for PCIeinterface; 200 MHz clock for FPGA fabricPipelining and synchronization between host and FPGA optimized
Preserving Privacy through Processing Encrypted Data72
![Page 60: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/60.jpg)
Conclusions
• First FPGA overlay architecture to accelerate generic Garbled Circuit problems
• Tools and workflow for modeling and mapping GC problems onto FPGAs
• Speedup compared with state-of-art software platform for arbitrary GC problems
Preserving Privacy through Processing Encrypted Data73
![Page 61: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/61.jpg)
• Optimization for better GC performance on one node– Expand GC Overlay Cell Library– Cross Layer Boolean Operation Extraction
One example:
E = A XOR BF = C XOR D => G = (A XOR B) AND (C XOR D)G = E AND F
Future Work on FPGA Implementation
Preserving Privacy through Processing Encrypted Data74
![Page 62: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/62.jpg)
• CPU communicates with DDR memory• AXI-4 used to access DDR memory • AXI-4-lite used to access FPGA registers• FPGA structure contains garble cores, state
machine and logic to access data through AXI-4 and AXI-4-lite
• Challenges– Improving latency between host and FPGA– Improve latency when accessing off chip memory
AWS F1 Design
Preserving Privacy through Processing Encrypted Data75
![Page 63: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/63.jpg)
• Garbled two bit adder working on AWS– Red squares: AND gates– Blue triangles: XOR gates– Layers shown
• Data transfer time for 256 bytes: 71 us
• Garbled circuit execution time: 41 us
• Design uses off chip memory
Two bit adder on AWS
Preserving Privacy through Processing Encrypted Data76
![Page 64: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/64.jpg)
Porting to AWS F1 instances, multiple nodes
• Garbled Circuits in the Datacenter with multiple nodes– Previous Work done with CPU Cluster[1]
• Challenges:– Data Storage– Problem Separation
• Port to Amazon Web Services– F1 instances: FPGAs in the cloud
• Work supported by NSF funding
[1] GraphSC: Parallel secure computation made easy K Nayak, XS Wang, S Ioannidis, U Weinsberg, N Taft, E Shi 2015 IEEE Symposium on Security and Privacy (SP)
Preserving Privacy through Processing Encrypted Data77
![Page 65: Preserving Privacy through Processing Encrypted Data• Current state of the art – Users transmit encrypted data – Evaluator decrypts data for processing • Evaluator or malicious](https://reader035.fdocuments.us/reader035/viewer/2022070713/5ed07c9b79dc1f40c57a61ba/html5/thumbnails/65.jpg)
Thank you!
Preserving Privacy through Processing Encrypted Data78
Xin Fang, “Privacy Preserving Computations Accelerated using FPGA Overlays.” PhD dissertation, Northeastern University, August 2017.https://repository.library.northeastern.edu/files/neu:cj82qd893
Xin Fang, Stratis Ioannidis, Miriam Leeser. “Secure Function Evaluation using an FPGA Overlay Architecture”. In International Symposium on Field-Programmable Gate Arrays (FPGA), 2017.
Kartik Nayak, Xiao Shaun Wang, Stratis Ioannidis, Udi Weinsberg, Nina Taft, and Elaine Shi. "GraphSC: Parallel secure computation made easy." In IEEE Symposium on Security and Privacy (S&P/OAKLAND), 2015.
Nikolaenko, Valeria, Stratis Ioannidis, Udi Weinsberg, Marc Joye, Nina Taft, and Dan Boneh. "Privacy-preserving matrix factorization." In Conference on Computer & Communications Security (CCS), 2013.