secure computation of mips machine code
play

Secure Computation of MIPS Machine Code Gordon, Katz, McIntosh, - PowerPoint PPT Presentation

Sep 15, 2022 •310 likes •610 views

Secure Computation of MIPS Machine Code Gordon, Katz, McIntosh, Wang Efficiency vs. Generality generality efficiency Domain specific languages that approximate certain high level languages. Constructions tailored towards particular

  1. Secure Computation of MIPS Machine Code Gordon, Katz, McIntosh, Wang

  2. Efficiency vs. Generality generality efficiency Domain specific languages that approximate certain high level languages. Constructions tailored towards particular applications. Machine code / legacy code 2

  3. Legacy Code Moving to the RAM model offers the possibility of securely emulating real architectures. In theory, we can support “real” languages, their existing libraries, and existing compilers. What would this take in practice? Ideal world: the programmer has never heard the words “secure computation”.

  4. Oblivious RAM [GO96,…] (v 1 , d 1 ), (v 2 , d 2 ) …. , (v n , d n ) client server (r, v 5 ), (r, v 2 ), (w, v 2 ,d 1 ) …. , (w, v 7 , d 2 ) access pattern 1: access pattern 2: (r, v 1 ), (r, v 1 ), (r, v 1 ) …. , (r, v 1 ) ANY 2 access patterns are indistinguishable 4

  5. ORAM in secure computation Who should hold the ORAM? Recall, the client fetches items from the server. Alice shouldn’t see Bob’s items, and Bob Shouldn’t see Alice’s. x F(x,y) y ORAM

  6. ORAM in Secure Computation But even if Alice sees which of her own items are fetched she learns something about y. (Consider a binary search for y among the items in X) x F(x,y) y ORAM ORAM

  7. Oblivious RAM (abstraction) V V state (0) v (1) ORAM state (1) state (1) ORAM v (2) ORAM (READ) state (2) … state (logn-1) v (logn) ORAM state (logn) v (1) , … ,v (logn) D 1 of the log n will match, output D

  8. CCS 2012 v 1 v 2 “secret shares” (0) state 1 ⊕ v 1 v 2 = v (0) state 2 ⊕ v (1) Y state 1 state 2 = state ORAM A (1) state 1 O (1) state 2 (1) state 1 (1) state 2 Y v (2) A ORAM (2) state 1 O (2) state 2 … (log n-1) state 1 (log n-1) state 2 Y v (logn) A ORAM (logn) state 1 O (logn) state 2 D 1 D 2

  9. CCS 2012 (0) (0) , inst 1 ) (state 1 inst 1 (0) inst 2 (0) , inst 2 ) (state 2 (0) state 1 (0) state 2 v (1) Y ORAM A (1) state 1 O RAM (1) state 2 Y (1) state 1 A (1) state 2 PROGRAM O Y v (2) A ORAM (BINARY SEARCH) (2) state 1 O (2) state 2 … (log n-1) state 1 (log n-1) state 2 (log n) , D 1 ) (state 1 Y v (logn) (log n) , D 2 ) (state 2 A ORAM (logn) state 1 O (logn) state 2 D 1 D 2

  10. Current Work (DARPA: PROCEED) new 32-registers progCounter new progCounter ObliVM INSTRUCTION Y Y FETCH CPU A A O O MIPS ARCHITECTURE YAO new instruction 32-registers LOAD/STORE new 32-registers WORD instruction progCounter

  11. Current Work new 32-registers progCounter new progCounter INSTRUCTION Y Y FETCH CPU A A O O MIPS ARCHITECTURE YAO new instruction 32-registers LOAD/STORE new 32-registers WORD instruction progCounter

  12. Current Work new 32-registers Why MIPS? new progCounter • Fixed register space = fixed circuit. • With approximately 15 instructions, we can compute: Djikstra, longest common sub-string, set- intersection, stable marriage, binary search, decision trees… Y CPU • Easy to implement! A O MIPS ARCHITECTURE • 15 instructions = small circuit. • We first proposed LLVM, but instructions in LLVM are polymorphic objects. On the other hand: • ARM or x86 would give bigger circuits, new 32-registers instruction but smaller programs. Ultimately, I don’t progCounter know which is best.

  13. Current Work new 32-registers progCounter new progCounter INSTRUCTION Y Y FETCH CPU A A O O MIPS ARCHITECTURE YAO new instruction 32-registers LOAD/STORE new 32-registers WORD instruction progCounter

  14. Component Run-Times ALU  15 instructions  7K AND gates Memory Fetch from 1024 32-bit words  43K AND gates

  15. Improvement #1: Instruction Mapping Divide all instructions into separate “banks” Bank i contains instructions that could be executed in the i th cycle.

  16. Instruction Mapping If (x > 5) If x is tainted: instr1 and instr3 must go instr1 in the same ORAM bank instr2 else and instr3 instr2 and instr4 must go in the same ORAM bank instr4 for (i = 1 to x) t = 1: instr1 instr1 t = 2: instr2 instr2 t = 3: instr1 or instr3 end for t = 4: instr2 or instr4 instr3 t = 5: instr1 or instr3 or intsr5 instr4 loop size t, program length n: instr5 n/t banks, each of size t.

  17. Instruction Mapping Wade through fewer instructions! INSTRUCTION Y Y FETCH CPU A A O O MIPS ARCHITECTURE Reduce the YAO number of instructions! skip this on MANY steps! LOAD/STORE WORD

  18. Instruction Mapping Y CPU A O MIPS ARCHITECTURE Set Intersection: Reduces the average ALU size from Reduce the 6727 to 1848 AND gates. (3.5X) number of instructions!

  19. Instruction Mapping Wade through fewer instructions! INSTRUCTION Y FETCH A O Set Intersection: The full program has about 150 instructions. The largest instruction bank after mapping has 31 instructions. More than half the instruction banks have fewer than 20 instructions.

  20. Instruction Mapping Unfortunately, even after instruction mapping, load/store operations still might occur in almost every time step. YAO skip this on MOST steps!  LOAD/STORE WORD

  21. Improvement #2: padding for (i = 1 to x) If two branches are relatively prime, one of length k 1 , the other If (x > 5) k 2 , then in less than k 1 k 2 time-steps, instr1 we will cover the entire loop. instr2 else instr3 By padding branches such that the lengths are relatively composite, we instr4 can greatly reduce the number of instr5 instructions per bank: for set intersection, we go from  40 down to 4.

  22. Padding We padded 2 of 3 branches that appear in the main loop using a total of 6 NOP instructions. Before padding we found that a load/store operation might be executed in almost every time step. After padding, we find that for only 1/10 of all time steps require a load/store operation. YAO skip this on MOST steps!  LOAD/STORE WORD

  23. Set Intersection Run-time decomposition for computing set- Run-time decomposition for computing set- intersection size when each party's input intersection size when each party's input consists of 64 32-bit integers. consists of 1024 32-bit integers.

  24. Set Intersection

  25. Binary Search Comparing the performance of secure binary search. One party holds an array of 32-bit integers, while the other holds a value to search for.

  26. Decision Trees

  27. A True Universal Circuit One more benefit of the general approach: We have a true universal circuit! 1. Compile the private input function to MIPS, 2. Supply a function pointer as input to the emulator. 3. Our optimizations no longer apply: the analysis leaks information.

  28. Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Recall MIPS word size In hex 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12

1 Recall MIPS word size In hex 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12

Stored program computer MIPS Memory Forms of Address (2 32 -1) . . . MIPS private regs PC (A+24) MIPS machine code and addressing IR (A+20) modes MIPS user regs (A+16) 0 0 0 0 $zero (A+12) $v0

354 views • 7 slides
MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is Java "byte code" Java Virtual Machine invoked methods and local stack (is it related to MIPS assembly/machine code ?) variables ?

487 views • 4 slides
1 Well, plenty of registers But where should X, Y and SUM go? MIPS Memory (2 32 -1)

1 Well, plenty of registers But where should X, Y and SUM go? MIPS Memory (2 32 -1)

Behold the MIPS machine MIPS Memory The assembly language level (2 32 -1) . . . MIPS private regs PC (A+24) Introduction to MIPS IR (A+20) MIPS user regs (A+16) 0 0 0 0 $zero (A+12) $v0 (A+8)

447 views • 6 slides
Assignment 4 - Code Generation A few words about the MIPS architecture Compilerconstructie LIACS

Assignment 4 - Code Generation A few words about the MIPS architecture Compilerconstructie LIACS

Assignment 4 - Code Generation A few words about the MIPS architecture Compilerconstructie LIACS Universiteit Leiden 1 The MIPS Machine Highlights: Word-addressable (word = 4 bytes) Has 32 general purpose registers: $0, $1, . . . ,

278 views • 7 slides
Code Generation The Main Idea of Todays Lecture We can emit stack-machine-style code for

Code Generation The Main Idea of Todays Lecture We can emit stack-machine-style code for

Code Generation The Main Idea of Todays Lecture We can emit stack-machine-style code for expressions via recursion (We will use MIPS assembly as our target language) 2 Lecture Outline What are stack machines? The MIPS assembly

596 views • 40 slides
Machine Code -and- How the Assembler Works Mar 813, 2013 1 / 32 Outline What is machine

Machine Code -and- How the Assembler Works Mar 813, 2013 1 / 32 Outline What is machine

Machine Code -and- How the Assembler Works Mar 813, 2013 1 / 32 Outline What is machine code? RISC vs. CISC MIPS instruction formats Assembling basic instructions R-type instructions I-type instructions J-type instructions Macro

647 views • 32 slides
Compilers Introduction to Code Generation Alex Aiken Code Generation We focus on generating

Compilers Introduction to Code Generation Alex Aiken Code Generation We focus on generating

Compilers Introduction to Code Generation Alex Aiken Code Generation We focus on generating code for a stack machine with accumulator We want to run the resulting code on a real machine e.g., the MIPS processor (or simulator) We

267 views • 6 slides
Code Generation We can emit stack-machine-style code for expressions via recursion (We will use

Code Generation We can emit stack-machine-style code for expressions via recursion (We will use

The Main Idea of Todays Lecture Code Generation We can emit stack-machine-style code for expressions via recursion (We will use MIPS assembly as our target language) 2 Compiler Design I (2011) Lecture Outline Stack Machines What are

319 views • 10 slides
Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
MIPS Architecture An Example: MIPS Example: subset of MIPS processor architecture From the

MIPS Architecture An Example: MIPS Example: subset of MIPS processor architecture From the

MIPS Architecture An Example: MIPS Example: subset of MIPS processor architecture From the Harris/Weste book Drawn from Patterson & Hennessy MIPS is a 32-bit architecture with 32 registers Based on the MIPS-like processor from

339 views • 6 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
Monte Carlo activities in ALICE status and prospects Jochen Klein 1 for the ALICE Collaboration 1

Monte Carlo activities in ALICE status and prospects Jochen Klein 1 for the ALICE Collaboration 1

Monte Carlo activities in ALICE status and prospects Jochen Klein 1 for the ALICE Collaboration 1 CERN 8th International Workshop on Multiple Partonic Interactions at the LHC San Crist obal de las Casas, Chiapas, Mexico Nov 28 th Dec 2

366 views • 24 slides
Your Storage is Broken Lessons from Studying Databases and Key-Value Stores Remzi H.

Your Storage is Broken Lessons from Studying Databases and Key-Value Stores Remzi H.

Your Storage is Broken Lessons from Studying Databases and Key-Value Stores Remzi H. Arpaci-Dusseau Andrea C. Arpaci-Dusseau Many Students University of Wisconsin-Madison Major Problem for a Storage System: Complexity Complexity is

1.36k views • 86 slides
Trusted 3 rd par7es Dan Boneh Key management Problem:

Trusted 3 rd par7es Dan Boneh Key management Problem:

Online Cryptography Course

784 views • 36 slides
Funcons reusable components of language specifications Peter D. Mosses Swansea University

Funcons reusable components of language specifications Peter D. Mosses Swansea University

Funcons reusable components of language specifications Peter D. Mosses Swansea University (emeritus) TU Delft (visitor) LangDev Meet-Up at CWI, Amsterdam, 89 March 2018

868 views • 47 slides
Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal Miuda 2 , Ladislav Mita 2 , Jr., Miloslav Duek 2 , Petros Wallden 3 , and Erika Andersson 1 1 SUPA, Institute of Photonics and Quantum Sciences,

752 views • 29 slides
On the Log Rank Conjecture Thomas Rothvoss UW Seattle Current Topics Seminar Communication

On the Log Rank Conjecture Thomas Rothvoss UW Seattle Current Topics Seminar Communication

On the Log Rank Conjecture Thomas Rothvoss UW Seattle Current Topics Seminar Communication complexity Setting: Function f : X Y { 0 , 1 } Alice Bob Communication complexity Setting: Function f : X Y { 0 , 1 }

915 views • 60 slides
High-Pressure Gas TPC (HPgTPC) for DUNE Near Detector Tanaz Angelina Mohayai Physics

High-Pressure Gas TPC (HPgTPC) for DUNE Near Detector Tanaz Angelina Mohayai Physics

High-Pressure Gas TPC (HPgTPC) for DUNE Near Detector Tanaz Angelina Mohayai Physics Opportunities in the Near DUNE Detector Hall Dec. 3, 2018 Outline Purpose Conceptual Design Expected Physics Performance n Channels of Interest Summary

594 views • 32 slides
Alice in CubicleLand (my favorite assignment) Susan L. Luck, PhD Pfeiffer University The SeCng:

Alice in CubicleLand (my favorite assignment) Susan L. Luck, PhD Pfeiffer University The SeCng:

Alice in CubicleLand (my favorite assignment) Susan L. Luck, PhD Pfeiffer University The SeCng: Alice works for ABC company, which provides accoun9ng and payroll support for a variety of clients. Alices work environment consists of

457 views • 12 slides

More recommend