Search

US-12627485-B2 - Method for providing correlated randomness for secure multiparty computation

US12627485B2US 12627485 B2US12627485 B2US 12627485B2US-12627485-B2

Abstract

A computer-implemented method for providing correlated randomness for secure multiparty computation using a plurality of computing machines. The method includes: executing a trusted execution environment system; setting up at least one correlated randomness generator in the trusted execution environment system; remote attestation of a single correlated randomness generator by all computing machines or remote attestation of a plurality of correlated randomness generators by in each case one computing machine, injecting in each case at least one secret by all computing machines into a single correlated randomness generator or injecting at least one secret by one computing machine into in each case one correlated randomness generator; checking the injected secrets by the correlated randomness generator(s); generating correlated randomness for the computing machines depending on the injected secrets; distributing the correlated randomness to the computing machines, wherein each computing machine receives only the correlated randomness created for it.

Inventors

  • Christoph BOESCH
  • Jonas Eppard
  • Sven Trieflinger
  • Vincent Sebastian Rieder

Assignees

  • ROBERT BOSCH GMBH

Dates

Publication Date
20260512
Application Date
20240513
Priority Date
20230530

Claims (14)

  1. 1 . A computer-implemented method for providing correlated randomness for secure multiparty computation using a plurality of computing machines, the method comprising the following steps: for each of one or more of the plurality of computing machines: instantiating a respective trusted execution environment system on the respective machine or on a component communicatively coupled to the respective computing machine; and running a respective correlated randomness generator in the respective trusted execution environment system of the respective computing machine; performing, by each of the computing machines, a remote attestation, the remote attestations verifying an integrity of the one or more correlated randomness generators; injecting, by each of the computing machines, a respective secret into the one or more correlated randomness generators, wherein either: (I) the one or more correlated randomness generators includes a single correlated randomness generator (i) for which each of the computing machines performs the remote attestation and (ii) into which the respective secrets of all of the computing machines are injected; or (II) the one or more correlated randomness generators includes a plurality of correlated randomness generators (i) for each of which a respective one of the computing machines performs the remote attestation and (ii) into each of which the respective secret of a respective one of the computing machines is injected; authenticating, by the one or more correlated randomness generators, the injected secrets for usability; responsive to the authentication, using, by the one or more correlated randomness generators, the authenticated secrets to generate respective portions of correlated randomness data for respective ones of the computing machines, wherein the correlated randomness data is formed of shares (I) that are randomly formed for the respective ones of the computing machines and (II) that are correlated with one another such that a combination of the shares enables multiparty computation; and distributing, by the one or more correlated randomness generators, the respective portions of the correlated randomness data to the computing machines, wherein each of the computing machines receives only the respective portion of the correlated randomness data that was generated for the respective computing machine.
  2. 2 . The method according to claim 1 , wherein the trusted execution environment system is executed as a single trusted execution environment, and wherein a respective party communication link is established between each of the computing machines and the trusted execution environment.
  3. 3 . The method according to claim 1 , wherein the trusted execution environment system is executed for each computing machine of the computing machines as a respective trusted execution environment, wherein, for each of the computing machines, a respective party communication link is established between the respective computing machine and the respective trusted execution environment, and wherein communication links are established between the trusted execution environments.
  4. 4 . The method according to claim 3 , wherein the trusted execution environments exchange the secrets and/or information regarding the remote attestation, and wherein the trusted execution environments agree on a seed for the correlated randomness generators based on the secrets and/or the information regarding the remote attestation.
  5. 5 . The method according to claim 3 , wherein the trusted execution environments and the correlated randomness generators form a plurality of subsystems, each of the subsystems including a respective one of the trusted execution environments with a respective one of the correlated randomness generators, wherein, for each of the computing machines, the party communication link is established between the respective computing machine and all of the subsystems, and wherein communication links are established between the subsystems.
  6. 6 . The method according to claim 5 , wherein the plurality of subsystems communicate using secure MPC protocols.
  7. 7 . The method according to claim 5 , wherein the plurality of subsystems communicate via LAN connections.
  8. 8 . The method according to claim 5 , wherein the plurality of subsystems carry out a remote attestation with respect to one another.
  9. 9 . The method according to claim 2 , wherein at least one of the computing machines starts one or more of the instantiated trusted execution environments.
  10. 10 . The method according to claim 9 , wherein a starting computing machine of the computing machines has a LAN connection to the trusted execution environment.
  11. 11 . The method according to claim 1 , wherein the secret includes key shares of a message authentication code (MAC).
  12. 12 . The method according to claim 1 , wherein the secrets and/or a seed are kept secret in the trusted execution environment system.
  13. 13 . A computer system configured to provide correlated randomness for secure multiparty computation, the system comprising: a plurality of computing machines that each includes a respective at least one processor, wherein: each of one or more of the plurality of computing machines is configured to: instantiate a respective trusted execution environment system on the respective machine or communicatively couple to a component of the computer system that is communicatively coupled to the respective computing machine, a respective correlated randomness generator being run in the respective trusted execution environment system of the respective computing machine; perform a remote attestation, the remote attestations verifying an integrity of the one or more correlated randomness generators; and inject a respective secret into the one or more correlated randomness generators; either: (I) the one or more correlated randomness generators includes a single correlated randomness generator (i) for which each of the computing machines performs the remote attestation and (ii) into which the respective secrets of all of the computing machines are injected; or (II) the one or more correlated randomness generators includes a plurality of correlated randomness generators (i) for each of which a respective one of the computing machines performs the remote attestation and (ii) into each of which the respective secret of a respective one of the computing machines is injected; the one or more correlated randomness generators are configured to: authenticate the injected secrets for usability; responsive to the authentication, use the authenticated secrets to generate respective portions of correlated randomness data for respective ones of the computing machines; the correlated randomness data is formed of shares (I) that are randomly formed for the respective ones of the computing machines and (II) that are correlated with one another such that a combination of the shares enables multiparty computation; the one or more correlated randomness generators are configured to distribute the respective portions of the correlated randomness data to the computing machines; and each of the computing machines receives only the respective portion one of the correlated randomness data that was generated for the respective computing machine.
  14. 14 . Non-transitory computer-readable media on which are is stored computer programs for providing correlated randomness for secure multiparty computation using a plurality of computing machines, the computer programs, when executed by a computer system including the plurality of computing machines, causing the computer system to perform the following steps: for each of one or more of the plurality of computing machines: instantiating a respective trusted execution environment system on the respective machine or on a component communicatively coupled to the respective computing machine, a respective correlated randomness generator being run in the respective trusted execution environment system of the respective computing machine; performing, by each of the computing machines, a remote attestation, the remote attestations verifying an integrity of the one or more correlated randomness generators; injecting, by each of the computing machines, a respective secret into the one or more correlated randomness generators, wherein either: (I) the one or more correlated randomness generators includes a single correlated randomness generator (i) for which each of the computing machines performs the remote attestation and (ii) into which the respective secrets of all of the computing machines are injected; or (II) the one or more correlated randomness generators includes a plurality of correlated randomness generators (i) for each of which a respective one of the computing machines performs the remote attestation and (ii) into in each of which the respective secret of a respective one of the computing machines is injected; authenticating, by the one or more correlated randomness generators, the injected secrets for usability; responsive to the authentication, using, by the one or more correlated randomness generators, the authenticated secrets to generate respective portions of correlated randomness data for respective ones of the computing machines, wherein the correlated randomness data is formed of shares (I) that are randomly formed for the respective ones of the computing machines and (II) that are correlated with one another such that a combination of the shares enables multiparty computation; and distributing, by the one or more correlated randomness generators, the respective portions of the correlated randomness data to the computing machines, wherein each of the computing machines receives only the respective portion of the correlated randomness data that was generated for the respective computing machine.

Description

CROSS REFERENCE The present application claims the benefit under 35 U.S.C. § 119 of German Patent Application No. DE 10 2023 205 012.9 filed on May 30, 2023, which is expressly incorporated herein by reference in its entirety. BACKGROUND INFORMATION Modern protocols for secure multiparty computation (MPC) work according to the so-called pre-processing model. The result of an input-independent offline phase is correlated randomness (CR) in the form of secret, shared tuples of body elements that are consumed in an input-dependent online phase in order to make operations such as multiplication more efficient. Existing offline phase protocols, also referred to as correlated randomness generators (CRG) in the following, are based on heavyweight cryptographic constructions such as homomorphic encryption or oblivious transfer. They suffer from high computing and communication complexity. SUMMARY A first general aspect of the present invention relates to a method for providing correlated randomness for secure multiparty computation using a plurality of computing machines. According to an example embodiment of the present invention, the method comprises Execution of a trusted execution environment system,Setting up of at least one correlated randomness generator in the trusted execution environment system,Remote attestation of a single correlated randomness generator by all computing machines or remote attestation of a plurality of correlated randomness generators by in each case one computing machine,Injection in each case of at least one secret by all computing machines into a single correlated randomness generator or injection of at least one secret by one computing machine into in each case one correlated randomness generator,Check of the injected secrets by the correlated randomness generator(s),Generation of correlated randomness for the computing machines depending on the injected secrets,Distribution of the correlated randomness to the computing machines, wherein each computing machine only receives the correlated randomness created for it. A second general aspect of the present invention relates to a computer system designed to execute the method according to the first general aspect (or an embodiment thereof) of the present invention. A third general aspect of the present invention relates to a computer program designed to execute the method according to the first general aspect (or an embodiment thereof) of the present invention. A fourth general aspect of the present invention relates to a computer-readable medium or signal that stores and/or contains the computer program according to the third general aspect (or an embodiment thereof) of the present invention. The techniques of the first, second, third and fourth general aspects of the present invention may in some situations have one or more of the following advantages. The present invention allows cost-effective secure multiparty computation in the pre-processing model with active security and a dishonest majority by replacing resource-intensive existing methods based on advanced cryptography with methods that use confidential computing (CC) techniques with low overhead either independently or in combination with more efficient, actively secure honest-majority MPC protocols. The total costs of secure multiparty computation MPC in the pre-processing model are largely dominated by the costs of the offline phase (the factor is up to one order of magnitude). The present disclosure utilizes confidential computing (CC) techniques to significantly reduce the costs of the offline phase. These techniques rely on security mechanisms that can be supported by hardware devices in order to ensure the confidentiality and integrity of sensitive workloads. The present invention allows the strength of security guarantees to be exchanged for performance and covers a range of deployment scenarios with varying deployment complexity, security and performance characteristics. With them, the costs of MPC in the pre-processing model can be reduced by at least one order of magnitude (for the per-party TEE-MPC CRG variant shown in FIG. 4) by strengthening the trust assumptions and generating the security guarantees through cryptographic, formally provable guarantees or through hardware and trust guarantees. In this case, this is the generation of the secret, shared correlated random value. The present invention is superior to the following approaches: Direct use of confidential computing CC, i.e., without secure multiparty computation MPC, to secure workloads: By integrating complex workloads into a trusted execution environment (TEE), a large trusted computing base (TCB) is created, which potentially provides a large attack surface for side-channel attacks. According to the present disclosure, the trusted execution environment TEE contains comparatively few complex, small workloads. That is to say, either a logic for generating the correlated randomness CR locally or a medium-