Masked Triples: Amortizing Multiplication Triples Across Conditionals

David Heath; Vladimir Kolesnikov; Stanislav Peceny

doi:10.1007/978-3-030-75248-4_12

Masked Triples: Amortizing Multiplication Triples Across Conditionals

David Heath, Vladimir Kolesnikov, Stanislav Peceny

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A classic approach to MPC uses preprocessed multiplication triples to evaluate arbitrary Boolean circuits. If the target circuit features conditional branching, e.g. as the result of a IF program statement, then triples are wasted: one triple is consumed per AND gate, even if the output of the gate is entirely discarded by the circuit’s conditional behavior. In this work, we show that multiplication triples can be re-used across conditional branches. For a circuit with b branches, each having n AND gates, we need only a total of n triples, rather than the typically required b· n. Because preprocessing triples is often the most expensive step in protocols that use them, this significantly improves performance. Prior work similarly amortized oblivious transfers across branches in the classic GMW protocol (Heath et al., Asiacrypt 2020, [HKP20]). In addition to demonstrating conditional improvements are possible for a different class of protocols, we also concretely improve over [HKP20]: their maximum improvement is bounded by the topology of the circuit. Our protocol yields improvement independent of topology: we need triples proportional to the size of the program’s longest execution path, regardless of the structure of the program branches. We implemented our approach in C++. Our experiments show that we significantly improve over a “naïve” protocol and over prior work: for a circuit with 16 branches and in terms of total communication, we improved over naïve by 12 × and over [HKP20] by an average of 2.6 ×. Our protocol is secure against the semi-honest corruption of p- 1 parties.

Original language	English (US)
Title of host publication	Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings
Editors	Juan A. Garay
Publisher	Springer
Pages	319-348
Number of pages	30
ISBN (Print)	9783030752477
DOIs	https://doi.org/10.1007/978-3-030-75248-4_12
State	Published - 2021
Externally published	Yes
Event	24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021 - Virtual, Online Duration: May 10 2021 → May 13 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12711 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021
City	Virtual, Online
Period	5/10/21 → 5/13/21

Keywords

Beaver triples
Conditional branching
MPC

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Online availability

10.1007/978-3-030-75248-4_12

Library availability

Discover UIUC Full Text

Cite this

Heath, D., Kolesnikov, V., & Peceny, S. (2021). Masked Triples: Amortizing Multiplication Triples Across Conditionals. In J. A. Garay (Ed.), Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings (pp. 319-348). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12711 LNCS). Springer. https://doi.org/10.1007/978-3-030-75248-4_12

Masked Triples: Amortizing Multiplication Triples Across Conditionals. / Heath, David; Kolesnikov, Vladimir; Peceny, Stanislav.
Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings. ed. / Juan A. Garay. Springer, 2021. p. 319-348 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12711 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Heath, D, Kolesnikov, V & Peceny, S 2021, Masked Triples: Amortizing Multiplication Triples Across Conditionals. in JA Garay (ed.), Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12711 LNCS, Springer, pp. 319-348, 24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021, Virtual, Online, 5/10/21. https://doi.org/10.1007/978-3-030-75248-4_12

Heath D, Kolesnikov V, Peceny S. Masked Triples: Amortizing Multiplication Triples Across Conditionals. In Garay JA, editor, Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings. Springer. 2021. p. 319-348. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-75248-4_12

Heath, David ; Kolesnikov, Vladimir ; Peceny, Stanislav. / Masked Triples : Amortizing Multiplication Triples Across Conditionals. Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings. editor / Juan A. Garay. Springer, 2021. pp. 319-348 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6630c8c00d8b46afb4efdf2ea77a452b,

title = "Masked Triples: Amortizing Multiplication Triples Across Conditionals",

abstract = "A classic approach to MPC uses preprocessed multiplication triples to evaluate arbitrary Boolean circuits. If the target circuit features conditional branching, e.g. as the result of a IF program statement, then triples are wasted: one triple is consumed per AND gate, even if the output of the gate is entirely discarded by the circuit{\textquoteright}s conditional behavior. In this work, we show that multiplication triples can be re-used across conditional branches. For a circuit with b branches, each having n AND gates, we need only a total of n triples, rather than the typically required b· n. Because preprocessing triples is often the most expensive step in protocols that use them, this significantly improves performance. Prior work similarly amortized oblivious transfers across branches in the classic GMW protocol (Heath et al., Asiacrypt 2020, [HKP20]). In addition to demonstrating conditional improvements are possible for a different class of protocols, we also concretely improve over [HKP20]: their maximum improvement is bounded by the topology of the circuit. Our protocol yields improvement independent of topology: we need triples proportional to the size of the program{\textquoteright}s longest execution path, regardless of the structure of the program branches. We implemented our approach in C++. Our experiments show that we significantly improve over a “na{\"i}ve” protocol and over prior work: for a circuit with 16 branches and in terms of total communication, we improved over na{\"i}ve by 12 × and over [HKP20] by an average of 2.6 ×. Our protocol is secure against the semi-honest corruption of p- 1 parties.",

keywords = "Beaver triples, Conditional branching, MPC",

author = "David Heath and Vladimir Kolesnikov and Stanislav Peceny",

note = "Funding Information: Acknowledgements. This work was supported in part by NSF award #1909769, by a Facebook research award, and by Georgia Tech{\textquoteright}s IISP cybersecurity seed funding (CSF) award. Publisher Copyright: {\textcopyright} 2021, International Association for Cryptologic Research.; 24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021 ; Conference date: 10-05-2021 Through 13-05-2021",

year = "2021",

doi = "10.1007/978-3-030-75248-4_12",

language = "English (US)",

isbn = "9783030752477",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "319--348",

editor = "Garay, {Juan A.}",

booktitle = "Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Masked Triples

T2 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021

AU - Heath, David

AU - Kolesnikov, Vladimir

AU - Peceny, Stanislav

N1 - Funding Information: Acknowledgements. This work was supported in part by NSF award #1909769, by a Facebook research award, and by Georgia Tech’s IISP cybersecurity seed funding (CSF) award. Publisher Copyright: © 2021, International Association for Cryptologic Research.

PY - 2021

Y1 - 2021

N2 - A classic approach to MPC uses preprocessed multiplication triples to evaluate arbitrary Boolean circuits. If the target circuit features conditional branching, e.g. as the result of a IF program statement, then triples are wasted: one triple is consumed per AND gate, even if the output of the gate is entirely discarded by the circuit’s conditional behavior. In this work, we show that multiplication triples can be re-used across conditional branches. For a circuit with b branches, each having n AND gates, we need only a total of n triples, rather than the typically required b· n. Because preprocessing triples is often the most expensive step in protocols that use them, this significantly improves performance. Prior work similarly amortized oblivious transfers across branches in the classic GMW protocol (Heath et al., Asiacrypt 2020, [HKP20]). In addition to demonstrating conditional improvements are possible for a different class of protocols, we also concretely improve over [HKP20]: their maximum improvement is bounded by the topology of the circuit. Our protocol yields improvement independent of topology: we need triples proportional to the size of the program’s longest execution path, regardless of the structure of the program branches. We implemented our approach in C++. Our experiments show that we significantly improve over a “naïve” protocol and over prior work: for a circuit with 16 branches and in terms of total communication, we improved over naïve by 12 × and over [HKP20] by an average of 2.6 ×. Our protocol is secure against the semi-honest corruption of p- 1 parties.

AB - A classic approach to MPC uses preprocessed multiplication triples to evaluate arbitrary Boolean circuits. If the target circuit features conditional branching, e.g. as the result of a IF program statement, then triples are wasted: one triple is consumed per AND gate, even if the output of the gate is entirely discarded by the circuit’s conditional behavior. In this work, we show that multiplication triples can be re-used across conditional branches. For a circuit with b branches, each having n AND gates, we need only a total of n triples, rather than the typically required b· n. Because preprocessing triples is often the most expensive step in protocols that use them, this significantly improves performance. Prior work similarly amortized oblivious transfers across branches in the classic GMW protocol (Heath et al., Asiacrypt 2020, [HKP20]). In addition to demonstrating conditional improvements are possible for a different class of protocols, we also concretely improve over [HKP20]: their maximum improvement is bounded by the topology of the circuit. Our protocol yields improvement independent of topology: we need triples proportional to the size of the program’s longest execution path, regardless of the structure of the program branches. We implemented our approach in C++. Our experiments show that we significantly improve over a “naïve” protocol and over prior work: for a circuit with 16 branches and in terms of total communication, we improved over naïve by 12 × and over [HKP20] by an average of 2.6 ×. Our protocol is secure against the semi-honest corruption of p- 1 parties.

KW - Beaver triples

KW - Conditional branching

KW - MPC

UR - http://www.scopus.com/inward/record.url?scp=85106405682&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85106405682&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-75248-4_12

DO - 10.1007/978-3-030-75248-4_12

M3 - Conference contribution

AN - SCOPUS:85106405682

SN - 9783030752477

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 319

EP - 348

BT - Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings

A2 - Garay, Juan A.

PB - Springer

Y2 - 10 May 2021 through 13 May 2021

ER -

Masked Triples: Amortizing Multiplication Triples Across Conditionals

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this