oblivm: a programming framework for secure computation chang liu joint work with xiao shaun wang,...
TRANSCRIPT
![Page 1: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/1.jpg)
ObliVM: A Programming Framework for Secure
Computation
Chang LiuJoint work with Xiao Shaun Wang, Kartik Nayak
Yan Huang, and Elaine Shi
![Page 2: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/2.jpg)
Dating: Genetically
2
Good match?
Not leaking their sensitive genomic data
to anyone else!
![Page 3: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/3.jpg)
Problem AbstractionBobAlice
Holds
Holds
Public
function f
z = f(x, y)
Reveal zbut nothing more!
Security requirement:
3
![Page 4: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/4.jpg)
Generic protocols
Customized protocols
Low design cost,
Flexible
Efficient, requires Expertise
Nina TaftDistinguished
Scientist
5 researchers, 4 months to develop an (efficient) oblivious matrix factorization algorithm over secure computation
![Page 5: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/5.jpg)
Can generic secure computation be
practical?
Challenge 1: Efficiency: time & space
Challenge 2: Programmability: for non-expert programmers
![Page 6: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/6.jpg)
ObliVM: Achieve the Best of Both Worlds
Programs by non-specialists achieve the performance of customized designs.
Challenge 1: Efficiency: time & space
Challenge 2: Programmability: for non-expert programmers
![Page 7: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/7.jpg)
AND XOR
OR
… … …
Cryptographer’s favorite model
Programmer’s favorite model
def binSearch(a, x): lo, hi = 0, len(a) res = -1 while lo <= hi: mid = (lo+hi)//2 midval = a[mid] if midval < x: lo = mid+1 elif midval > x: hi = mid else: res = mid return res
Accessing a secret index
may leak information!
![Page 8: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/8.jpg)
How secret indexes leak information?
Breastcancer
Liverproblem
Kidneyproblem
AND XOR
OR
… … …
𝑓 (𝑥 , 𝑦)
A naive solution (in generic approaches) is to linear scan through the entire memory
for each memory access.Extremely Slow!
![Page 9: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/9.jpg)
Garbled Circuit
Crypto Tool: Oblivious RAM
• Hide access patterns• Redundancy• Data Shuffling
• Poly-logarithmic cost per access
𝑖
𝑂 (𝑝𝑜𝑙𝑦 log 𝑁 )
[Shi, et al., 2011] Oblivious RAM with O((logN)3) Worst-Case Cost. In ASIACRYPT 2011.[Stefanov et al., 2013] Path ORAM: An extremely simple oblivious RAM protocol. In CCS 2013 [Wang, et al., 2015] Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound
ORAM
Scheme
Read M[i]
[𝑖]
]
![Page 10: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/10.jpg)
Oblivious Program
Source Program
Oblivious Program
CircuitEasyChallenge!
![Page 11: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/11.jpg)
1Program-specific
optimizations through static
analysis
2Programming
abstractions for oblivious
computation
[LHS-CSF’13][LHSKH-Oakland’14]
[LHMHTS-ASPLOS’15]
[LWNHS-Oakland’15]
ObliVM: A Programming Framework for Oblivious Computation
![Page 12: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/12.jpg)
Example: FindMax
int max(public int n, secret int h[]) {
public int i = 0;secret int m = 0;while (i < n) {
if (h[i] > m) then m = h[i];i++;
}return m;
} h[] need not be in ORAM. Encryption suffices.
![Page 13: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/13.jpg)
for(int i=1; i<n; ++i) { int bestj = -1; for(int j=0; j<n; ++j)
if(!vis[j] && (bestdis < 0 || dis[j] < bestdis))bestdis = dis[j];
vis[bestj] = 1; for(int j=0; j<n; ++j)
if(!vis[j] && (bestdis + e[bestj][j] < dis[j]))
dis[j] = bestdis + e[bestj][j];}
Dynamic Memory Accesses: Main loop in Dijkstra
Our compiler automates this analysis
dis[]: Not in ORAMvis[], e[][]: Inside ORAM
![Page 14: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/14.jpg)
Do we need to place all variables/data inside one ORAM?
Key observation:
Accesses that do not depend on secret inputs need not be hidden
![Page 15: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/15.jpg)
A memory-trace obliviousness type system ensures the security of the target program.
[LHS-CSF’13, LHSKH-Oakland’14, LHMHTS-ASPLOS’15]
[LHS-CSF ‘13] Memory Trace Oblivious Program Execution. In CSF 2013.[LHSKH-Oakland ‘14] Automating RAM-model Secure Computation. In Oakland 2014 [LHMHTS-ASPLOS ‘15] GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation. In ASPLOS 2015
![Page 16: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/16.jpg)
1Program-specific
optimizations through static
analysis
2Programming
abstractions for oblivious
computation
[LHS-CSF’13][LHSKH-Oakland’14]
[LHTHMS-ASPLOS’15]
[LWNHS-Oakland’15]
ObliVM: A Programming Framework for Oblivious Computation
![Page 17: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/17.jpg)
Analogy to Parallel Computation
Approach 1: Limited opportunities for compile-time optimizations.
Approach 2: MapReduce is a parallel programming abstraction.
A program written in C Compile
A program written in
MapReduce
Compile
![Page 18: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/18.jpg)
Oblivious representationusing ORAM
Oblivious representationusing ORAM (generic)
and oblivious algorithms(problem specific, but efficient)
A program written in ObliVM
abstractions
Programming Abstractions for Oblivious Computation
Approach 1: Limited opportunities for compile-time optimizations.
A program written in C Compile
Compile
Approach 2: We provide oblivious programming abstractions.
[NWIWTS-Oakland15] [WLNHS-Oakland15]
![Page 19: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/19.jpg)
Programming abstractions
Oblivious algorithms
Interactions between PL and algorithms
Find common patterns, generalize into abstractions
The expected
![Page 20: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/20.jpg)
Programming abstractions
Oblivious algorithms
Interactions between PL and algorithms
Find common patterns, generalize into abstractions
New insights lead to new algorithms
The unexpected
The expected
![Page 21: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/21.jpg)
Programming abstractions
Oblivious algorithms
Interactions between PL and algorithms
Find common patterns, generalize into abstractions
New insights lead to new algorithms
The unexpected
The expected
Interactions between PL and algorithms allowed us to solve open problems in oblivious algorithms design!
• Depth-First Search• Shortest path• Minimum spanning tree
![Page 22: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/22.jpg)
Block 1 ×n
Block 2 ×m
Block 3 ×n
Loop Coalescing
Gives oblivious Dijkstra and MST for sparse graphs
![Page 23: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/23.jpg)
Loop Coalescing
Gives oblivious Dijkstra and MST for sparse graphs
![Page 24: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/24.jpg)
Hand-crafting vs. Automated Compilation
Matrix Factorization
5 researchers 4 months
2013 ObliVM Today
5 researchers 3 weeks
[NIWJTB-CCS’13]
[NWIJBT-IEEE S&P ’13]
1 graduate student-day
10x-20x better performanceRidge Regression
Same Tasks
[LWNHS-IEEE S&P ’15] (This work)
Nina TaftDistinguished
Scientist
![Page 25: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/25.jpg)
Backend
PL
Circuit ORAM
[HKFV12]
Dijkstra MST K-Means Heap Map/Set BSearch AMS CountMin Sketch Sketch
106
105
104
103
100
10
1
Sp
eed
up
9x105x
7x
2500x
51x
9x105x
7x
2500x
51x
5900x
7x
13x
65x
1.6x104x
7x
5.5x
407x
8200x
7x
5.5x
212x
2.6x104x
7x
10x
366x
1.7x106x
7x2x
1.2x105x
7400x
7x2x
530x
Data size: 768KB 768KB 2MB 8GB 8GB 1GB 10GB 0.31GB
Speedup for More ApplicationsEarlier non-tree-based ORAMs perform
worse than linear scans of memory
![Page 26: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/26.jpg)
ObliVM: Binary Search on 1GB Database
ObliVM Today:
7.3 secs/query
2 EC2 virtual cores, 60GB memory, 10MBps bandwidth
Reference point: ~24 hours in 2012
[HFKV-CCS’12]
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 27: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/27.jpg)
ObliVM: Binary Search on 1GB Database
With cryptographic extensions (projected)
0.3 secs/query
2 EC2 virtual cores, 60GB memory, 300MBps bandwidth
Reference point: ~24 hours in 2012
[HFKV-CCS’12]
[HFKV-CCS’12] Holzer et al. Secure Two-Party Computations in ANSI C. In CCS ‘12
![Page 28: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/28.jpg)
Overhead w.r.t. Insecure Baseline
130× slowdown
1.7×104× slowdown
9.3×106× slowdown
DistributedGWAS
K-Means
HammingDistance
![Page 29: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/29.jpg)
Overhead w.r.t. Insecure Baseline
130× slowdown
1.7×104× slowdown
9.3×106× slowdown
DistributedGWAS
K-Means
HammingDistance
Opportunities for further optimizations:
• Hardware acceleration
• Parallelism
• Faster cryptography
…
![Page 30: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/30.jpg)
ObliVM AdoptionPrivacy-preserving data mining andrecommendation system
Computational biology, privacy-preserving microbiome analysis
Privacy-preserving Software-Defined Networking
Cryptographic MIPS processor
www.oblivm.com
iDash secure genome analysis competition(Won an “HLI Award for Secure Multiparty Computing”)
![Page 31: ObliVM: A Programming Framework for Secure Computation Chang Liu Joint work with Xiao Shaun Wang, Kartik Nayak Yan Huang, and Elaine Shi](https://reader035.vdocuments.us/reader035/viewer/2022062422/56649e6c5503460f94b6b9ee/html5/thumbnails/31.jpg)
Secure Multiparty Computation
Program Obfuscation(DARPA Safeware)
Fully Homomorphic Encryption
Functional Encryption
Verifiable Computation
ObliVM:
Compiling Programs into Circuits
Future Work: From ObliVM to A Unified Programming Framework for Modern
Cryptography