[PPT] - Performance of Secure Multiparty Computation Ludwig Dickmanns PowerPoint Presentation

SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Performance of Secure Multiparty Computation

Ludwig Dickmanns

Thursday 11th October, 2018 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

SLIDE 2

Overview

Introduction to SMC
What is SMC?
A.C. Yao: Millionaires’ problem
A.C. Yao: General approach
Addition with secret-sharing
Test Setup
SMC framework
FRESCO
Tested Application
Testbed
Results
Amount of peers
Transmission rate
Network latency
Practical indications
Conclusion
L. Dickmanns — Performance of SMC

2

SLIDE 3

Introduction to SMC

What is SMC? [1] Secure multi-party computation (SMC):

Set of parties
Jointly calculated function
Input contribution by all parties
No input is revealed
No Trusted Thrid Party required
L. Dickmanns — Performance of SMC

3

SLIDE 4

Introduction to SMC

A.C. Yao: Millionaires’ problem [2]

Introduced in 1982
Two millionaires (Alice & Bob)
Determine who is wealthier
Neither has to reveal the credit balance
Mathematical solution (no implementation due to lack in computational power)
L. Dickmanns — Performance of SMC

4

SLIDE 5

Introduction to SMC

A.C. Yao: General approach [2]

Introduced in 1982
Set of m parties
Jointly calculated function (f(x1, ..., xm))
All inputs stay private
Cheating detection (even if m-1 parties cheat)
Mathematical approach (no implementation due to lack in computational power)
L. Dickmanns — Performance of SMC

5

SLIDE 6

Introduction to SMC

SMC Example: Addition with secret-sharing [3]

n parties
Party i contributes input xi
Goals:
Calculate sum of all inputs
Keep inputs private
Protocol:
Input xi is split into n randomly sized shares (xi

1, ..., xi n) by party i

Party j receives share j of each party (x1

j , ..., xn j )

Party j calculates partial sum rj of received shares
Parties exchange partial sums
Complete sum can be calculated by each party
L. Dickmanns — Performance of SMC

6

SLIDE 7

Test Setup

SMC-Framework: FRESCO [4]

FRamework for Efficient Secure COmputation
Developed by Alexandra Institute (Denmark)
Open source (MIT license)
Prototypically in usage
Java
Runnable demos
https://github.com/aicis/fresco
L. Dickmanns — Performance of SMC

7

SLIDE 8

Test Setup

SMC-Framework: Tested Application

Adjusted FRESCO demo
3-17 parties
Each party contributing an int array as input
Calculation:
Mean of all inputs
Standard deviation of all inputs
L. Dickmanns — Performance of SMC

8

SLIDE 9

Test Setup

Testbed

Lab at TUM
High bandwidth (1 GBit/s)
Low network latency
Up to 17 physical peers
Star topology
L. Dickmanns — Performance of SMC

9

SLIDE 10

Results

Evaluated parameters

Amount of peers:

⇒ Protocol invocations & batches ⇒ Execution time

Transmission rate:

⇒ Execution time

Network latency:

⇒ Execution time

L. Dickmanns — Performance of SMC

10

SLIDE 11

Results

Terminology: Protocols and Batches Protocol:

Defined in a protocol suite
Base functions of protocol suites (e.g. add, OR)
Applications are built with protocols

Batch:

Contain a certain number of protocols
Protocols are evaluated in parallel
L. Dickmanns — Performance of SMC

11

SLIDE 12

Results

Amount of peers: Protocol invocations and batches

Increase in peers:

⇒ Increase in protocols ⇒ Increase in batches

Both grow linearely
Batches slower
Protocols faster

3 peers 4 peers 5 peers 6 peers 7 peers 8 peers 9 peers 10 peers 11 peers 12 peers 13 peers 14 peers 15 peers 16 peers 17 peers 0.25 0.5 0.75 1 1.25 1.5 1.75 2 ·104 Protocol invocations Batches

Figure 1: The amount of native protocol invocations and the number of batches in which they have been executed depending on the number of participating peers.

L. Dickmanns — Performance of SMC

12

SLIDE 13

Results

Amount of peers: Execution time

Increase in peers:

⇒ Increase in execution time

Grows linearely

5 10 15 0.25 0.5 0.75 1 1.25 1.5 1.75 2

Figure 2: The execution time depending on the number of participating peers.

L. Dickmanns — Performance of SMC

13

SLIDE 14

Results

Transmission rate: Execution time

1000 MBit/s to 100 MBit/s:

⇒ No significant change

100 MBit/s to 10 MBit/s:

⇒ Small increase (~factor 2)

10 MBit/s to 1 MBit/s:

⇒ Significant change (up to ~factor 6) Problematic combination:

Low Bandwidth
High number of peers

100 101 102 103 10 20 30 40 50 60 Transmission rate [MBit] Execution time [s] 3 peers 4 peers 5 peers 6 peers 7 peers 8 peers 9 peers 10 peers 11 peers 12 peers 13 peers 14 peers 15 peers 16 peers 17 peers

Figure 3: The execution time of the secure computation depending on the transmission rate. The shown case has no additional network latency.

L. Dickmanns — Performance of SMC

14

SLIDE 15

Results

Network latency: Execution time

Default link latency of 0.18ms
Added delays: 0ms, 10ms, 25ms, 50ms
Behavior: Root function
Greatest absolute increase in execution

time Problematic combination:

High network latency
High number of peers

20 40 25 50 75 100 125 150 175 200 Network latency [ms] Execution time [s] 3 peers 4 peers 5 peers 6 peers 7 peers 8 peers 9 peers 10 peers 11 peers 12 peers 13 peers 14 peers 15 peers 16 peers 17 peers

Figure 4: The execution time of the secure computation depending on the number of peers and on the network latency of the network. The latency highly influences computation time irrespective of the available transmission rate.

L. Dickmanns — Performance of SMC

15

SLIDE 16

Parctical Indications

Disadvantageous circumstances High number of peers:

Increase in protocol invocations & batches
Increase in execution time

Low bandwidth (<10MBit/s):

Increase in execution time
Combination with high number of peers

High network latency:

Increase in execution time
Combination with high number of peers

Example: Large scale mobile application

Large amount of peers
Possibly low bandwidth
EDGE: 384 KBit/s [5]
3G: 7.2 MBit/s (HSPA) [5]
Possibly high network latency
EDGE: 200-450ms [6]
3G: 100-350ms [7]
L. Dickmanns — Performance of SMC

16

SLIDE 17

Parctical Indications

Advantageous circumstances Limited number of peers:

Limited protocol invocations & batches
Lower in execution time

High bandwidth (>10MBit/s):

Lower in execution time
Combination with limited number of peers

Low network latency:

Lower in execution time
Combination with limited number of peers

Example: Evaluation Testbed

Limited amount of peers (17)
High bandwidth (1 GBit/s)
Low network latency (0.18ms)
L. Dickmanns — Performance of SMC

17

SLIDE 18

Conclusion

Summary - Feasibility of use-cases Possibly already feasible:

Intranet applications
Limited peers
High bandwidth
Low latency
Internet application
Limited peers (close to each other)
High bandwidth
Low latency

Problematic at the moment:

Internet application
Many peers
Medium bandwidth
Medium latency
Mobile application
Many peers
Low bandwidth
High latency
L. Dickmanns — Performance of SMC

18

SLIDE 19

Conclusion

Outlook Factors increasing feasibility by use-case:

Mobile application:
Limit allowed number of peers
Higher 3G+/4G network coverage

⇒ Increase in bandwidth ⇒ Decrease in latency

Internet application:
Limit allowed number of peers
Higher high-speed optical fiber coverage

⇒ Increase in bandwidth ⇒ Decrease in latency

General factors:

Faster network infrastructure
New technologies
L. Dickmanns — Performance of SMC

19

SLIDE 20

Bibliography

[1] Secure multi-party computation. https://en.wikipedia.org/wiki/Secure_multi-party_computation. [2] A.C. Yao. Protocols for secure computations. https://research.cs.wisc.edu/areas/sec/yao1982-ocr.pdf, 1982. [3] What is spdz? https://bristolcrypto.blogspot.com/2016/10/what-is-spdz-part-1-mpc-circuit.html. [4] FRamework for Efficient Secure COmputation (fresco). https://github.com/aicis/fresco. [5] Mobiles internet. https://de.wikipedia.org/wiki/Mobiles_Internet. [6] Alles zum thema edge. https://www.onlinekosten.de/mobiles-internet/edge/. [7] 3g/4g ping/latency. https://www.evdoinfo.com/content/view/4818/64/.

L. Dickmanns — Performance of SMC

20