Skip to main content

LLVM-Based Circuit Compilation for Practical Secure Computation

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2021)

Abstract

Multi-party computation (MPC) allows two or more parties to jointly and securely compute functions over private inputs. Cryptographic protocols that realize MPC require functions to be expressed as Boolean or arithmetic circuits. Deriving such circuits is either done manually, or with hardware synthesis tools and specialized MPC compilers. Unfortunately, such existing tools compile only from a single front-end language and neglect decades of research for optimizing regular compilers.

In this paper, we make MPC practical for developers by automating circuit compilation based on the compiler toolchain LLVM. For this, we develop an LLVM optimizer suite consisting of multiple transform passes that operate on the LLVM intermediate representation (IR) and gradually lower functions to circuit level. Our approach supports various front-end languages (currently C, C++, and Fortran) and takes advantage of powerful source code optimizations built into LLVM. We furthermore make sure to produce circuits that are optimized for MPC, and even offer fully automated post-processing for efficient post-quantum MPC.

We empirically measure the quality of our compilation results and compare them to the state-of-the-art specialized MPC compiler HyCC (Büscher et al. CCS’2018). For all benchmarked HyCC example applications (e.g., biomatch and linear equation solving), our highly generalizable approach achieves similar quality in terms of gate count and composition.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ABC: A system for sequential synthesis and verification. http://www.eecs.berkeley.edu/~alanmi/abc/

  2. Aly, A., et al.: SCALE-MAMBA v1. 10: Documentation (2020)

    Google Scholar 

  3. Archer, D., et al.: Bristol Fashion MPC circuits (2020). https://homes.esat.kuleuven.be/~nsmart/MPC/

  4. Barrio, P., Carruth, C., Molloy, J.: Recursion inlining in LLVM (2015). https://www.llvm.org/devmtg/2015-04/slides/recursion-inlining-2015.pdf

  5. Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: STOC (1990)

    Google Scholar 

  6. Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: CCS (2008)

    Google Scholar 

  7. Boemer, F., Cammarota, R., Demmler, D., Schneider, T., Yalame, H.: MP2ML: a mixed-protocol machine learning framework for private inference. In: ARES (2020)

    Google Scholar 

  8. Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13

    Chapter  Google Scholar 

  9. Boston University: JIFF: JavaScript implementation of federated functionalities (2015). https://github.com/multiparty/jiff/

  10. Boyar, J., Damgård, I., Peralta, R.: Short non-interactive cryptographic proofs. J. Cryptol. 13, 449–472 (2000)

    Google Scholar 

  11. Braun, L., Demmler, D., Schneider, T., Tkachenko, O.: MOTION - A framework for mixed-protocol multi-party computation. ePrint (2020). https://ia.cr/2020/1137

  12. Büscher, N., et al.: Secure two-party computation in a quantum world. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12146, pp. 461–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57808-4_23

    Chapter  Google Scholar 

  13. Büscher, N., Demmler, D., Katzenbeisser, S., Kretzmer, D., Schneider, T.: HyCC: compilation of hybrid protocols for practical secure computation. In: CCS (2018)

    Google Scholar 

  14. Chandran, N., Gupta, D., Rastogi, A., Sharma, R., Tripathi, S.: EzPC: programmable, efficient, and scalable secure two-party computation for machine learning. In: EuroS&P (2019)

    Google Scholar 

  15. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15

    Chapter  MATH  Google Scholar 

  16. Coussy, P., Morawiec, A.: High-Level Synthesis: From Algorithm to Digital Circuit. Springer, Dordrecht (2008). https://doi.org/10.1007/978-1-4020-8588-8

  17. Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: CCS (2015)

    Google Scholar 

  18. Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)

    Google Scholar 

  19. Dessouky, G., Koushanfar, F., Sadeghi, A.R., Schneider, T., Zeitouni, S., Zohner, M.: Pushing the communication barrier in secure computation using lookup tables. In: NDSS (2017)

    Google Scholar 

  20. Fereidooni, H., et al.: SAFELearn: secure aggregation for private federated learning. In: Deep Learning and Security Workshop (2021)

    Google Scholar 

  21. Fowler, D., Robson, E.: Square root approximations in old Babylonian mathematics: YBC 7289 in context. Historia Mathematica (1998)

    Google Scholar 

  22. Fraser, C.W., Hanson, D.R.: A Retargetable C Compiler: Design and Implementation. Addison-Wesley (1995)

    Google Scholar 

  23. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)

    Google Scholar 

  24. Gueron, S., Lindell, Y., Nof, A., Pinkas, B.: Fast garbling of circuits under standard assumptions. In: CCS, pp. 567–578. ACM (2015)

    Google Scholar 

  25. Hastings, M., Hemenway, B., Noble, D., Zdancewic, S.: SoK: general purpose compilers for secure multi-party computation. In: S&P (2019)

    Google Scholar 

  26. Henecka, W., Kögl, S., Sadeghi, A., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: CCS (2010)

    Google Scholar 

  27. Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: CCS (2012)

    Google Scholar 

  28. Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS (2012)

    Google Scholar 

  29. Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security (2011)

    Google Scholar 

  30. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  31. Ishaq, M., Milanova, A.L., Zikas, V.: Efficient MPC via program analysis: a framework for efficient optimal mixing. In: CCS (2019)

    Google Scholar 

  32. Javadi, M., Yalame, H., Mahdiani, H.: Small constant mean-error imprecise adder/multiplier for efficient VLSI implementation of MAC-based applications. IEEE Trans. Comput. (2020)

    Google Scholar 

  33. Keller, M.: MP-SPDZ: a versatile framework for multi-party computation. In: CCS (2020)

    Google Scholar 

  34. Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Improved garbled circuit building blocks and applications to auctions and computing minima. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 1–20. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_1

    Chapter  MATH  Google Scholar 

  35. Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_40

    Chapter  MATH  Google Scholar 

  36. Kreuter, B., Shelat, A., Mood, B., Butler, K.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security (2013)

    Google Scholar 

  37. Kreuter, B., Shelat, A., Shen, C.H.: Billion-gate secure computation with malicious adversaries. In: USENIX Security (2012)

    Google Scholar 

  38. Lattner, C., Adve, V.S.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Code Generation and Optimization (2004)

    Google Scholar 

  39. LLVM Community: CIRCT / Circuit IR compilers and tools (2020). https://github.com/llvm/circt

  40. LLVM Project: LLVM’s analysis and transform passes (2020). https://llvm.org/docs/Passes.html

  41. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - Secure two-party computation system. In: USENIX Security (2004)

    Google Scholar 

  42. Mantel, H., Scheidel, L., Schneider, T., Weber, A., Weinert, C., Weißmantel, T.: RiCaSi: rigorous cache side channel mitigation via selective circuit compilation. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 505–525. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_25

    Chapter  Google Scholar 

  43. Mohassel, P., Rindal, P.: ABY3: a mixed protocol framework for machine learning. In: CCS (2018)

    Google Scholar 

  44. Mood, B., Gupta, D., Carter, H., Butler, K.R.B., Traynor, P.: Frigate: a validated, extensible, and efficient compiler and interpreter for secure computation. In: Euro S&P (2016)

    Google Scholar 

  45. Mood, B., Letaw, L., Butler, K.: Memory-efficient garbled circuit generation for mobile devices. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 254–268. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_19

    Chapter  Google Scholar 

  46. Nguyen, T.D., et al.: FLGUARD: secure and private federated learning. ePrint (2021). https://ia.cr/2021/025

  47. Nielsen, J.D., Schwartzbach, M.I.: A domain-specific programming language for secure multiparty computation. In: Workshop on Programming Languages and Analysis for Security (2007)

    Google Scholar 

  48. Patra, A., Schneider, T., Suresh, A., Yalame, H.: ABY2.0: improved mixed-protocol secure two-party computation. In: USENIX Security (2020)

    Google Scholar 

  49. Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: PSI from PaXoS: fast, malicious private set intersection. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 739–767. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_25

    Chapter  Google Scholar 

  50. Rastogi, A., Hammer, M.A., Hicks, M.: Wysteria: a programming language for generic, mixed-mode multiparty computations. In: S&P (2014)

    Google Scholar 

  51. Robertson, J.E.: A new class of digital division methods. Trans. Electron. Comput. (1958)

    Google Scholar 

  52. Rotaru, D.: awesome-mpc (2020). https://github.com/rdragos/awesome-mpc#frameworks

  53. Rugina, R., Rinard, M.: Recursion unrolling for divide and conquer programs. In: Midkiff, S.P., et al. (eds.) LCPC 2000. LNCS, vol. 2017, pp. 34–48. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45574-4_3

    Chapter  MATH  Google Scholar 

  54. Schoenmakers, B.: MPyC: secure multiparty computation in Python (2018). https://github.com/lschoe/mpyc/blob/master/README.md

  55. Schropfer, A., Kerschbaum, F., Muller, G.: L1 - an intermediate language for mixed-protocol secure computation. In: Computer Software and Applications Conference (2011)

    Google Scholar 

  56. Songhori, E.M., Hussain, S.U., Sadeghi, A., Schneider, T., Koushanfar, F.: TinyGarble: highly compressed and scalable sequential garbled circuits. In: S&P (2015)

    Google Scholar 

  57. Synopsis: DC Ultra (2020). https://www.synopsys.com/implementation-and-signoff/rtl-synthesis-test/dc-ultra.html

  58. Tatsuoka, M., et al.: Physically aware high level synthesis design flow. In: DAC (2015)

    Google Scholar 

  59. Tillich, S., Smart, N.: (Bristol Format) Circuits of basic functions suitable for MPC and FHE (2020). https://homes.esat.kuleuven.be/~nsmart/MPC/old-circuits.html

  60. Verilog.com: Verilog Resources (2020). https://verilog.com/

  61. Wang, X., Malozemoff, A.J., Katz, J.: EMP-toolkit: Efficient multiparty computation toolkit (2016). https://github.com/emp-toolkit

  62. Wolf, C.: Yosys open synthesis suite. http://www.clifford.at/yosys/

  63. Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)

    Google Scholar 

  64. Zahur, S., Evans, D.: Obliv-C: a language for extensible data-oblivious computation. ePrint (2015). https://ia.cr/2015/1153

  65. Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_8

    Chapter  MATH  Google Scholar 

  66. Zhang, Y., Steele, A., Blanton, M.: PICCO: A general-purpose compiler for private distributed computation. In: CCS (2013)

    Google Scholar 

Download references

Acknowledgment

We thank the anonymous reviewers for their helpful comments. This project was co-funded by the Deutsche Forschungsgemeinschaft (DFG) – SFB 1119 CROSSING/236615297 and GRK 2050 Privacy & Trust/251805230, and by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE. It has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (grant agreement No. 850990 PSOTI).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Christian Weinert .

Editor information

Editors and Affiliations

Appendices

A Optimized Building Blocks

We provide details of the building blocks used by our LLVM toolchain during the gateify pass (cf. Sect. 4.3). To obtain these building blocks, we utilize logic synthesis tools [1, 57, 62] with our custom technology libraries (cf. Sect. 5.2) to optimize (multiplicative) size and restrict the types of basic gates. The most common building blocks are addition, subtraction, multiplication, and (integer) division, multiplexer for array accesses, and comparator, which we detail in the following. Table 5 shows a summary of the circuit size complexities, i.e., the number of non-linear (AND) gates. Moreover, we show the actual circuit sizes for standard 32 bit integers generated by the synthesis tool.

Table 5. Multiplicative complexity of building blocks for bit length l. Concrete sizes for \(l = 32\) as used in Sect. 4.3.

Addition/Subtraction. To perform addition of two l-bit values, the traditional ripple carry adder (RCA), in which the carry out of one stage is fed directly to the carry-in of the next stage, has a multiplicative size of \(l-1\) [10, 34]. The subtractor can be viewed as a special case of adder as the subtraction of two values a and b can be represented as \(a -\bar{b} + 1\) where \(\bar{b}\) denotes the two’s complement representation of b.

Multiplication. In classic logic synthesis, a multiplier outputs a 2l-bit product of two l-bit inputs. The best approach for this multiplier is the textbook method with the size of \(2l^2-l\) [34]. However, in many programming languages and MPC protocols, multiplication is defined as a \(l\rightarrow l\) operation, where the product of two l unsigned integers is l-bit. Generating a \(l \rightarrow l\) multiplication with logic synthesis tools give us a circuit size of \(l^2-l\) [27, 44].

Division. The division operation computes the quotient and remainder of two binary integer numbers. The standard approach for the division is similar to the text-book multiplication, where the divisor is iteratively shifted and subtracted from the remainder. By doing so, one division operation can be built with complexity of \(2l^2\) AND gates. Restoring division can help us in hardware synthesis to have a complexity of \(l^2+2l+1\) [51].

Multiplexer. A 2-to-1 MUX was proposed in [35] with a size of l. The tree architecture for an m-to-1 MUX has size \((m-1)l\).

Comparator. The standard comparator circuit checks whether one l-bit number is greater than another with a size of l. We implement this comparator as described in [35].

B Dummy Application

In Listing 1 we provide the C++ code for our dummy application that we use for benchmark purposes in addition to applications from the HyCC repository (cf. Sect. 6.2). It showcases as many supported features as short as possible.

figure h

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Heldmann, T., Schneider, T., Tkachenko, O., Weinert, C., Yalame, H. (2021). LLVM-Based Circuit Compilation for Practical Secure Computation. In: Sako, K., Tippenhauer, N.O. (eds) Applied Cryptography and Network Security. ACNS 2021. Lecture Notes in Computer Science(), vol 12727. Springer, Cham. https://doi.org/10.1007/978-3-030-78375-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78375-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78374-7

  • Online ISBN: 978-3-030-78375-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics