-
Notifications
You must be signed in to change notification settings - Fork 112
EMP toolkit
This is an extensive library that implements a series of secure computation protocols designed by Xiao Wang & coathors that are based on garbled circuits. These protocols span multiple papers and settings, including:
- 2-party setting, malicious adversary, some pre-processing
- 2-party setting, malicious adversaries, single-execution (no amortization or pre-processing)
- multi-party setting, arbitrary malicious actors, constant rounds in a global setting
- 2-party setting, semi-honest adversary
- 2-party setting, malicious setting with input validation
The library also includes an oblivious transfer implementation.
Shares can optionally be XOR, but they're something else by default.
The framework comes with installation scripts that we mostly used as-is. We weren't able to compile on OSX, but it worked fine on Ubuntu.
We deviate slightly from the recommended build procedure given in the original repositories. We make a build repository for cmake output, which is easier to clean up after. See install.sh for details. The generated binaries will be in build/bin.
New examples need to be added to the cmake system.
$ vim test/my_secure_computation.cpp
... write code ...
$ echo "add_test (my_secure_computation)" >> CMakeLists.txt
$ cd build
$ cmake ..
$ make my_secure_computation
The executable will be in build/bin. If you make changes, you can simply run
$ make my_test_name
Arbitrary length integers are an option! You can input large values as strings, but there isn't a matching way to output. You can output bit-by-bit using a binary array.
We found two user-caused correctness issue. (1) the reveal function requires both parties to run it in order to complete.
if (party == ALICE) {
cout << a.reveal<int> << endl;
}
(2) The reveal function also doesn't verify that the two parties are revealing the same thing. This is possible using party-based conditional behavior, though the output isn't garbage. It's -1 for all parties.
if (party == ALICE) {
cout << a.reveal<int> << endl;
cout << b.reveal<int> << endl;
}
if (party == BOB) {
cout << b.reveal<int> << endl;
cout << a.reveal<int> << endl;
}
You can reveal to a single party by adding them as a parameter.
Integer constructors' third argument is the party, but all the relevant code goes
if (party == ALICE) {
// do something
} else {
// do something else
}
So you can put any value for the third argument. Sometimes there's a separate branch for PUBLIC.
Additional variables need to be attributed to one party.
Each declared variable must belong to a single party. No sharing. This is perfectly reasonable, since all parties need to allocate space for their secret share of the value.
// Valid
Integer a(32, input, ALICE);
Integer b(32, input, BOB);
// Invalid:
Integer c(32, input, party);
We tested our sample programs in two settings: the semi-honest 2-party setting, and the maliciously secure 2-party setting. The latter uses circuits generated by the former, so the above notes don't change.
While secret shared inputs isn't a built-in concept, you can easily input more than one value on the command line or (probably) by reading from a file, so bootstrapping a secret-sharing front end for arbitrary parties is fairly straightforward. Input arbitrary-length integers by passing a string to the Integer constructor.
Brute force implemented (sums of bins).
Note: x.select(b, y) -> if b: y else: x
To build:
$ python geninput.py -n <bits> -l <length>
$ cd build
...hardcode appropriate length into xtabs impl...
$ make xtabs
$ time ./bin/xtabs 1 <port> <bits> & ./bin/xtabs 2 <port> <bits>
The emp-ag2pc library implements a malicious 2-party protocol. This is primarily a protocol implementation, and as such, has far more primitive function specification and I/O abilities than the previous library. Circuits must be built in sh2pc, then passed to the authenticated garbling library as a text file. Any input must be specified as a Boolean array.
Our programming paradigms for this vary from the samples given. The examples are hash and encryption functions. They take an array of 0s as input and produce some interesting output. Our examples do not always produce interesting output in this way (e.g. multiply 3 with 0 input only produces 0s). We have included examples with hard-coded input by party, but you could adjust this to read from a file.
- write circuit in sh2pc format
- wrap circuit impl with
setup_plain_prot(true, "output.txt")andfinalize_plain_prot ()calls - compile with sh2pc
- move
output.txtto/usr/local/includes/emp-tool/circuit/files/ - write boilerplate code in ag2pc format
- compile with ag2pc
- run as usual
global scale paper - describes protocol + evaluates library
2-party paper - describes new 2-party protocol
constant 2-party paper - describes new constant-round 2-party protocol
2-party input valid
github - lots of related libraries.
doc - auto-generated, sparse