Skip to main content
SpringerLink
Log in
Book cover

International Conference on Financial Cryptography and Data Security

FC 2017: Financial Cryptography and Data Security pp 477–497Cite as

Secure Multiparty Computation from SGX

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10322))

Abstract

In this paper we show how Isolated Execution Environments (IEE) offered by novel commodity hardware such as Intel’s SGX provide a new path to constructing general secure multiparty computation (MPC) protocols. Our protocol is intuitive and elegant: it uses code within an IEE to play the role of a trusted third party (TTP), and the attestation guarantees of SGX to bootstrap secure communications between participants and the TTP. The load of communications and computations on participants only depends on the size of each party’s inputs and outputs and is thus small and independent from the intricacies of the functionality to be computed. The remaining computational load– essentially that of computing the functionality – is moved to an untrusted party running an IEE-enabled machine, an attractive feature for Cloud-based scenarios.

Our rigorous modular security analysis relies on the novel notion of labeled attested computation which we put forth in this paper. This notion is a convenient abstraction of the kind of attestation guarantees one can obtain from trusted hardware in multi-user scenarios.

Finally, we present an extensive experimental evaluation of our solution on SGX-enabled hardware. Our implementation is open-source and it is functionality agnostic: it can be used to securely outsource to the Cloud arbitrary off-the-shelf collaborative software, such as the one employed on financial data applications, enabling secure collaborative execution over private inputs provided by multiple parties.

This work was supported by the European Union’s 7th Framework Program (FP7/2007-2013) under grant agreement no. 609611 (PRACTICE). Manuel Barbosa and Bernardo Portela were funded by project “NanoSTIMA: Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics/NORTE-01-0145-FEDER-000016”, which is financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Since our emphasis is on efficiency and analysing SGX-based protocols used in practice, we do not consider Universal Composability, but rather a simulation-based security model akin to those used for other practical secure computation protocols, e.g. [6].

  2. 2.

    We use schemes which satisfy the additional notion of minimal leakage which ensures that the outsourced instrumented program \(P^*\) reveals no information about its internal state beyond what the normal input/output behavior of the original program P would reveal.

  3. 3.

    https://nacl.cr.yp.to.

  4. 4.

    This particular choice in our model has implications for the composability properties of our results, as discussed in the related work section.

  5. 5.

    We also note that ABY assumes a semi-honest adversary, which is weaker than the one we consider; but still our performance gains are significant.

References

  1. Almeida, J.B., Barbosa, M., Barthe, G., Dupressoir, F., Emmi, M.: Verifying constant-time implementations. In: USENIX Security Symposium. USENIX Association (2016)

    Google Scholar 

  2. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: HASP (2013)

    Google Scholar 

  3. Bahmani, R., Barbosa, M., Brasser, F., Portela, B., Sadeghi, A., Scerri, G., Warinschi, B.: Secure multiparty computation from SGX. IACR Cryptology ePrint Archive (2016)

    Google Scholar 

  4. Barbosa, M., Portela, B., Scerri, G., Warinschi, B.: Foundations of hardware-based attested computation and application to SGX. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE (2016)

    Google Scholar 

  5. Baumann, A., Peinado, M., Hunt, G.C.: Shielding applications from an untrusted cloud with haven. In: OSDI. USENIX Association (2014)

    Google Scholar 

  6. Ben-David, A., Nisan, N., Pinkas, B.: Fairplaymp: a system for secure multi-party computation. In: CCS. ACM (2008)

    Google Scholar 

  7. Bernstein, D.J.: Cache-timing attacks on AES (2005). http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

  8. Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_9

    Chapter  Google Scholar 

  9. Bogetoft, P., Damgård, I., Jakobsen, T., Nielsen, K., Pagter, J., Toft, T.: A practical implementation of secure auctions based on multiparty integer computation. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 142–147. Springer, Heidelberg (2006). https://doi.org/10.1007/11889663_10

    Chapter  Google Scholar 

  10. Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166–178. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68979-9_13

    Chapter  Google Scholar 

  11. Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: CCS. ACM (2004)

    Google Scholar 

  12. Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4

    Chapter  Google Scholar 

  13. Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_2

    Chapter  Google Scholar 

  14. Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A.-R., Schulz, S., Schunter, M., Winandy, M., Zhan, J.: Trusted virtual domains – design, implementation and lessons learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14597-1_10

    Chapter  Google Scholar 

  15. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive (2016)

    Google Scholar 

  16. CYBERNETICA. Sharemind. http://sharemind.cyber.ee/

  17. Damgård, I., Damgård, K., Nielsen, K., Nordholt, P.S., Toft, T.: Confidential benchmarking based on multiparty computation. IACR Cryptology ePrint Archive (2015)

    Google Scholar 

  18. Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38

    Chapter  Google Scholar 

  19. Demmler, D., Schneider, T., Zohner, M.: ABY - A framework for efficient mixed-protocol secure two-party computation. In: NDSS. The Internet Society (2015)

    Google Scholar 

  20. Francillon, A., Nguyen, Q., Rasmussen, K.B., Tsudik, G.: A minimalist approach to remote attestation. In: Proceedings of the conference on Design, Automation & Test in Europe DATE (2014)

    Google Scholar 

  21. Ge, H., Tate, S.R.: A direct anonymous attestation scheme for embedded devices. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 16–30. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_2

    Chapter  Google Scholar 

  22. Gebhardt, C., Tomlinson, A.: Secure virtual disk images for grid computing. In: APTC. IEEE (2008)

    Google Scholar 

  23. Gupta, D., Mood, B., Feigenbaum, J., Butler, K., Traynor, P.: Using intel software guard extensions for efficient two-party secure function evaluation. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 302–318. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_20

    Chapter  Google Scholar 

  24. Halevi, S., Lindell, Y., Pinkas, B.: Secure computation on the web: computing without simultaneous interaction. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 132–150. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_8

    Chapter  Google Scholar 

  25. Henecka, W., Kögl, S., Sadeghi, A., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: CCS. ACM (2010)

    Google Scholar 

  26. Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: HASP@ISCA. ACM (2013)

    Google Scholar 

  27. Intel. software guard extensions programming reference (2014). http://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf

  28. Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_7

    Chapter  Google Scholar 

  29. Koeberl, P., Schulz, S., Sadeghi, A., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices. In: EuroSys. ACM (2014)

    Google Scholar 

  30. Langley, A.: Lucky thirteen attack on TLS CBC (2013). http://www.imperialviolet.org/2013/02/04/luckythirteen.html

  31. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security Symposium, USENIX (2004)

    Google Scholar 

  32. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: EuroSys. ACM (2008)

    Google Scholar 

  33. Microsoft. BitLocker drive encryption: data encryption toolkit for mobile PCS: security analysis (2007). http://technet.microsoft.com/en-us/library/cc162804.aspx

  34. Noorman, J., Agten, P., Daniels, W., Strackx, R., Herrewege, A.V., Huygens, C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: USENIX Security Symposium. USENIX Association (2013)

    Google Scholar 

  35. Pass, R., Shi, E., Tramèr, F.: Formal abstractions for attested execution secure processors. IACR Cryptology ePrint Archive (2016)

    Google Scholar 

  36. Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., Russinovich, M.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy. IEEE (2015)

    Google Scholar 

  37. Smyth, B., Ryan, M., Chen, L.: Direct Anonymous Attestation (DAA): ensuring privacy with corrupt administrators. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 218–231. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73275-4_16

    Chapter  Google Scholar 

  38. Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Darmstadt, Germany

    Raad Bahmani, Ferdinand Brasser & Ahmad-Reza Sadeghi

  2. HASLab – INESC TEC & DCC-FCUP, Porto, Portugal

    Manuel Barbosa & Bernardo Portela

  3. Laboratoire DAVID – Université de Versailles St-Quentin & INRIA, Versailles, France

    Guillaume Scerri

  4. University of Bristol, Bristol, UK

    Bogdan Warinschi

Authors
  1. Raad Bahmani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Barbosa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ferdinand Brasser
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bernardo Portela
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Guillaume Scerri
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Bogdan Warinschi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raad Bahmani .

Editor information

Editors and Affiliations

  1. University of Edinburgh, Edinburgh, UK

    Aggelos Kiayias

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Bahmani, R. et al. (2017). Secure Multiparty Computation from SGX. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70972-7_27

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70971-0

  • Online ISBN: 978-3-319-70972-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation