Using Tiny Trusted Third Parties to Enhance Secure Two Party Computations

Secure Multiparty Computation (SMC), in its many forms, has received theoretical attention for more than two decades, yielding many protocols for many settings. One common thread is that the protocols cannot in actuality use a Trusted Third Party (TTP), even though this is conceptually the simplest and most general way to solve SMC problems. Thus, current protocols involve only the direct players (who do not trust each other), and incur a cost which is sometimes considerable. Recent work in practical security has seen the development of devices intended to be used as actually trustworthy third parties, namely the secure coprocessor (SCop), like the IBM 4758. This opens the door for a different approach to SMC problems, utilizing these new TTPs. One major challenge is executing large programs on large inputs using a TTP with very limited protected memory (which can be adequately shielded), and a slow processor, while preserving the trust properties that an ideal TTP provides. We propose to investigate the use of real TTPs to help with the solution of SMC problems. We would like to investigate in particular the balance between solutions which do not use a TTP (and so have access to fast processing with large memory) and those which do (and so avoid some of the algorithmic overheads of the other solutions). We have already investigated the use of such TTPs to solve the Private Information Retrieval (PIR) problem, which is one important instance of SMC. The rest of the thesis will be targeted at general SMC, which is currently solved by blinding a boolean circuit which computes the desired function. This approach has several sources of overhead, some due to the circuit representation and some due to the blinding. We propose to investigate how moving some functionality into a SCop TTP, and thus avoiding the blinded circuit overhead, can improve the performance of existing SMC solutions. Recently a prototype system for general secure two-party computation, Fairplay, has been developed, which we can use as a starting point and also as a point of reference for performance analysis. Since limited memory size appears to be a salient feature of highly trustworthy devices (and certainly a feature of current high-end devices), we are basing all our designs on the assumption that the protected memory is tiny. This should allow less expensive devices to be used. We have outlined how a new-generation tiny TTP can be optimized for a common class of bottleneck algorithms used in TTP-assisted SMC applications. We expect a speed improvement of several orders of magnitude over the 4758, in a very small device. We will next build an initial FPGA prototype of such a tiny TTP, and report on its performance and size. ∗Advised by Sean Smith