Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MEVAL: A Practically Efficient System for Secure Multi-party Statistical Analysis Koki Hamada NTT Secure Platform Laboratories.

Published byBertram Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 MEVAL: A Practically Efficient System for Secure Multi-party Statistical Analysis Koki Hamada NTT Secure Platform Laboratories."— Presentation transcript:

1 1 MEVAL: A Practically Efficient System for Secure Multi-party Statistical Analysis Koki Hamada NTT Secure Platform Laboratories

2 2 Overview Introduction of our MPC system MEVAL (Multi-party EVALuator) Main features of MEVAL: – 8.7 MIPS (million instructions per second) 61-bit multiplication – 6.9 seconds for Sorting 1 million 20-bit items

3 3 Outline Overview of MEVAL Performance Techniques Demonstration

4 4 OVERVIEW OF MEVAL

5 5 MEVAL (Multi-party EVALuator)

6 6 Intended application Secure outsourcing of data storage and analysis 1.Data holders outsource data storage to MEVAL servers 2.Servers conduct analysis on request and return the result Requirement: MEVAL servers never see the stored data MEVAL servers 1. 2.

7 7 Implemented operations Basic MPC protocols – Dealing, revealing – Addition, multiplication – Bet-decomposition, comparison, equality test – Shuffling – Sorting Statistical functions – Count, sum, min, max, median, sum of squares – Mean, variance, Student’s t-test Fully realized as MPC protocols Computed from revealed count, sum, and sum of squares

8 8 Practical accomplishments of MEVAL

9 9 PERFORMANCE OF MEVAL

10 10 Experimental outline

11 11 Performance on 1-Gbps LAN Running-time on 1-Gbps LAN in seconds – Input values were randomly chosen # items Addition0.001 0.0120.138= 724.63 MIPS Multiplication0.0170.1351.19111.449= 8.73 MIPS Shuffling0.0310.2342.60329.073= 3,439,617 items/s Equality test (20-bit)0.8390.6680.8809.024= 11.08 MIPS Comparison (20-bit)0.4130.2870.59213.680= 7.30 MIPS Sorting (20-bit)0.7386.87573.382-= 136,273 items/s

12 12 Performance on 10-Gbps LAN Running-time on 10-Gbps LAN in seconds – Input values were randomly chosen # items Addition0.001 0.0120.139= 719.42 MIPS Multiplication0.0170.0500.4694.752= 21.04 MIPS Shuffling0.0200.1181.31515.073= 6,634,379 items/s Equality test (20-bit)0.7100.6640.6742.689= 37.18 MIPS Comparison (20-bit)0.3220.2630.2871.699= 58.85 MIPS Sorting (20-bit)0.2532.21130.207-= 331,049 items/s

13 13 Performance on WAN Running-time on WAN in seconds – 200-Mbps best-effort delivery network was used – Network delay between machines were 24.6, 36.1 and, 46.7 ms – Input values were real medical data # items11001,54710,829108,290 Addition-0.001 0.002= 54.009 MIPS Multiplication-0.0910.0630.0740.233= 0.464 MIPS Shuffling-0.0590.0620.1250.671= 161,385 items/s Equality test (20-bit)0.9700.9301.0301.5915.468= 0.019 MIPS Comparison (20-bit)0.6340.7710.9611.6476.174= 0.017 MIPS Sorting (20-bit)1.0751.0320.7721.59512.723= 8,511 items/s

14 14 TECHNIQUES USED IN MEVAL

15 15 Techniques used in MEVAL Implementation techniques Efficient high-level protocols

16 16 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field

17 17 Without asynchronous processing In our settings, times consumed by data transfer and local computation are comparable So, naïve implementation leaves many resources unused – Example: cascade conductions of MPC protocols ComputeReceiveSend 1 st conduction ComputeReceiveSend 2 nd conduction Receive Network usage CPU usage

18 18 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details (before applying our ideas):

19 19 Asynchronous processing Asynchronous implementation enables better resource usage ComputeReceiveSend ComputeReceiveSend Receive Compute Send Receive Thread 1 Thread 2 Thread 3 Compute Send Network usage CPU usage

20 20 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details:

21 21 Balancing resource usage If implementation is asynchronous, maximum of resource usages determines total running time Balancing resource usage is important for reducing running time on asynchronous implementation Sending/receiving Computation Running time 30 s 8 s 30 s 8 s 30 s 18 s 20 s Case #2Case #1 Case #3

22 22 Pseudorandom secret sharing Pseudorandom secret sharing technique [CDI05] is used to convert network communication to local computation – Almost half of communications can be converted to local computation – AES-NI is used to obtain 30-Gbps pseudorandom generation Typical communication on 3-party MPC: mask and send

23 23 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details:

24 24 Mersenne prime field operation Local computations mainly consist of the following operations: - Pseudorandom number generation30-Gbps - Field addition12-Gbps - Field multiplication0.5-Gbps - Pseudorandom number generation30-Gbps - Field addition12-Gbps70-Gbps - Field multiplication0.5-Gbps30-Gbps

25 25 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details:

26 26 Our efficient protocols Efficient high-level protocols were also investigated: – Bit-decomposition for small number of parties – Radix sort protocol

27 27 Our bit-decomposition protocol # items Multiplication0.0170.0500.4694.752= 21.04 MIPS Comparison (20-bit)0.3220.2630.2871.699= 58.85 MIPS Running time on 10-Gbps LAN Communication complexityRound complexity Multiplication1 Our bit-decomposition204 bits21

28 28 Our bit-decomposition protocol (contd.)

29 29 Our sorting protocol Radix sort algorithm:

30 30 Our sorting protocol (contd.) Our technique: “Shuffle and reveal” In addition, “Shuffle and reveal” technique is again used to improve efficiency of resultant MPC radix sort protocol Computing destinations ShufflingRevealing MPC bitwise stable sort:

31 31 DEMONSTRATION

32 32 Outline of demonstration MEVAL is demonstrated on this laptop PC – Client program (R with add-on) runs on host OS (Windows 7) – Three server programs runs on a single virtual machine (Ubuntu 12.04) This laptop PC (Thinkpad) Virtual machine (Ubuntu 12.04) Process #1 (MPC server #1) Process #2 (MPC server #2) Process #3 (MPC server #3) R with add-on (Client program)

Download ppt "1 MEVAL: A Practically Efficient System for Secure Multi-party Statistical Analysis Koki Hamada NTT Secure Platform Laboratories."

Similar presentations

MQ Series Cross Platform Dominant Messaging sw – 70% of market Messaging API same on all platforms Guaranteed one-time delivery Two-Phase Commit Wide EAI.

MQ Series Cross Platform Dominant Messaging sw – 70% of market Messaging API same on all platforms Guaranteed one-time delivery Two-Phase Commit Wide EAI.
MPC for Comparing Two Shared Secrets without Bit-Decomposition Takashi Nishide * Kazuo Ohta The University of Electro-Communications * Hitachi Software.

MPC for Comparing Two Shared Secrets without Bit-Decomposition Takashi Nishide * Kazuo Ohta The University of Electro-Communications * Hitachi Software.
Computer networks Fundamentals of Information Technology Session 6.

Computer networks Fundamentals of Information Technology Session 6.
Operating System.

Operating System.
1 GridTorrent Framework: A High-performance Data Transfer and Data Sharing Framework for Scientific Computing.

1 GridTorrent Framework: A High-performance Data Transfer and Data Sharing Framework for Scientific Computing.
Lesson 1-Introducing Basic Network Concepts

Lesson 1-Introducing Basic Network Concepts
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
1 Virtual Machine Resource Monitoring and Networking of Virtual Machines Ananth I. Sundararaj Department of Computer Science Northwestern University July.

1 Virtual Machine Resource Monitoring and Networking of Virtual Machines Ananth I. Sundararaj Department of Computer Science Northwestern University July.
GridFlow: Workflow Management for Grid Computing Kavita Shinde.

GridFlow: Workflow Management for Grid Computing Kavita Shinde.
1 Communication Complexity מגישים: 317735678 מיכאל זמור: 01762926/2 אבי מינץ: ערן מנצור: ת.ז. 02801532/9.

1 Communication Complexity מגישים: מיכאל זמור: /2 אבי מינץ: ערן מנצור: ת.ז /9.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
EEC-484/584 Computer Networks Lecture 14 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 14 Wenbing Zhao
Performance Comparison of Congested HTTP/2 Links Brian Card, CS 577 12/7/2014 1.

Performance Comparison of Congested HTTP/2 Links Brian Card, CS /7/
OS Fall ’ 02 Performance Evaluation Operating Systems Fall 2002.

OS Fall ’ 02 Performance Evaluation Operating Systems Fall 2002.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Leveraging State Information for Automated Attack Discovery In Transport Protocol Implementations Samuel Jero, Hyojeong Lee, and Cristina Nita-Rotaru Purdue.

Leveraging State Information for Automated Attack Discovery In Transport Protocol Implementations Samuel Jero, Hyojeong Lee, and Cristina Nita-Rotaru Purdue.
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.

What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
Final Presentation 4/21/2010 By Guofu Xiong, Yuli Deng.

Final Presentation 4/21/2010 By Guofu Xiong, Yuli Deng.

Similar presentations

Ads by Google