-
Secure and Accurate Summation of Many Floating-Point Numbers
Authors:
Marina Blanton,
Michael T. Goodrich,
Chen Yuan
Abstract:
Motivated by the importance of floating-point computations, we study the problem of securely and accurately summing many floating-point numbers. Prior work has focused on security absent accuracy or accuracy absent security, whereas our approach achieves both of them. Specifically, we show how to implement floating-point superaccumulators using secure multi-party computation techniques, so that a…
▽ More
Motivated by the importance of floating-point computations, we study the problem of securely and accurately summing many floating-point numbers. Prior work has focused on security absent accuracy or accuracy absent security, whereas our approach achieves both of them. Specifically, we show how to implement floating-point superaccumulators using secure multi-party computation techniques, so that a number of participants holding secret shares of floating-point numbers can accurately compute their sum while keeping the individual values private.
△ Less
Submitted 15 December, 2023;
originally announced December 2023.
-
A Formal Model for Secure Multiparty Computation
Authors:
Amy Rathore,
Marina Blanton,
Marco Gaboardi,
Lukasz Ziarek
Abstract:
Although Secure Multiparty Computation (SMC) has seen considerable development in recent years, its use is challenging, resulting in complex code which obscures whether the security properties or correctness guarantees hold in practice. For this reason, several works have investigated the use of formal methods to provide guarantees for SMC systems. However, these approaches have been applied mostl…
▽ More
Although Secure Multiparty Computation (SMC) has seen considerable development in recent years, its use is challenging, resulting in complex code which obscures whether the security properties or correctness guarantees hold in practice. For this reason, several works have investigated the use of formal methods to provide guarantees for SMC systems. However, these approaches have been applied mostly to domain specific languages (DSL), neglecting general-purpose approaches. In this paper, we consider a formal model for an SMC system for annotated C programs. We choose C due to its popularity in the cryptographic community and being the only general-purpose language for which SMC compilers exist. Our formalization supports all key features of C -- including private-conditioned branching statements, mutable arrays (including out of bound array access), pointers to private data, etc. We use this formalization to characterize correctness and security properties of annotated C, with the latter being a form of non-interference on execution traces. We realize our formalism as an implementation in the PICCO SMC compiler and provide evaluation results on SMC programs written in C.
△ Less
Submitted 31 May, 2023;
originally announced June 2023.
-
Understanding Information Disclosure from Secure Computation Output: A Study of Average Salary Computation
Authors:
Alessandro Baccarini,
Marina Blanton,
Shaofeng Zou
Abstract:
Secure multi-party computation has seen substantial performance improvements in recent years and is being increasingly used in commercial products. While a significant amount of work was dedicated to improving its efficiency under standard security models, the threat models do not account for information leakage from the output of secure function evaluation. Quantifying information disclosure abou…
▽ More
Secure multi-party computation has seen substantial performance improvements in recent years and is being increasingly used in commercial products. While a significant amount of work was dedicated to improving its efficiency under standard security models, the threat models do not account for information leakage from the output of secure function evaluation. Quantifying information disclosure about private inputs from observing the function outcome is the subject of this work. Motivated by the City of Boston gender pay gap studies, in this work we focus on the computation of the average of salaries and quantify information disclosure about private inputs of one or more participants (the target) to an adversary via information-theoretic techniques. We study a number of distributions including log-normal, which is typically used for modeling salaries. We consequently evaluate information disclosure after repeated evaluation of the average function on overlapping inputs, as was done in the Boston gender pay study that ran multiple times, and provide recommendations for using the sum and average functions in secure computation applications. Our goal is to develop mechanisms that lower information disclosure about participants' inputs to a desired level and provide guidelines for setting up real-world secure evaluation of this function.
△ Less
Submitted 20 March, 2024; v1 submitted 21 September, 2022;
originally announced September 2022.
-
SDSS-V Algorithms: Fast, Collision-Free Trajectory Planning for Heavily Overlapping Robotic Fiber Positioners
Authors:
Conor Sayres,
José R. Sánchez-Gallego,
Michael R. Blanton,
Ricardo Araujo,
Mohamed Bouri,
Loïc Grossen,
Jean-Paul Kneib,
Juna A. Kollmeier,
Luzius Kronig,
Richard W. Pogge,
Sarah Tuttle
Abstract:
Robotic fiber positioner (RFP) arrays are becoming heavily adopted in wide field massively multiplexed spectroscopic survey instruments. RFP arrays decrease nightly operational overheads through rapid reconfiguration between fields and exposures. In comparison to similar instruments, SDSS-V has selected a very dense RFP packing scheme where any point in a field is typically accessible to three or…
▽ More
Robotic fiber positioner (RFP) arrays are becoming heavily adopted in wide field massively multiplexed spectroscopic survey instruments. RFP arrays decrease nightly operational overheads through rapid reconfiguration between fields and exposures. In comparison to similar instruments, SDSS-V has selected a very dense RFP packing scheme where any point in a field is typically accessible to three or more robots. This design provides flexibility in target assignment. However, the task of collision-less trajectory planning is especially challenging. We present two multi-agent distributed control strategies that are highly efficient and computationally inexpensive for determining collision-free paths for RFPs in heavily overlapping workspaces. We demonstrate that a reconfiguration path between two arbitrary robot configurations can be efficiently found if "folded" state, in which all robot arms are retracted and aligned in a lattice-like orientation, is inserted between the initial and final states. Although developed for SDSS-V, the approach we describe is generic and so applicable to a wide range of RFP designs and layouts. Robotic fiber positioner technology continues to advance rapidly, and in the near future ultra-densely packed RFP designs may be feasible. Our algorithms are especially capable in routing paths in very crowded environments, where we see efficient results even in regimes significantly more crowded than the SDSS-V RFP design.
△ Less
Submitted 8 December, 2020;
originally announced December 2020.
-
Privacy Preserving Analytics on Distributed Medical Data
Authors:
Marina Blanton,
Ah Reum Kang,
Subhadeep Karan,
Jaroslaw Zola
Abstract:
Objective: To enable privacy-preserving learning of high quality generative and discriminative machine learning models from distributed electronic health records.
Methods and Results: We describe general and scalable strategy to build machine learning models in a provably privacy-preserving way. Compared to the standard approaches using, e.g., differential privacy, our method does not require al…
▽ More
Objective: To enable privacy-preserving learning of high quality generative and discriminative machine learning models from distributed electronic health records.
Methods and Results: We describe general and scalable strategy to build machine learning models in a provably privacy-preserving way. Compared to the standard approaches using, e.g., differential privacy, our method does not require alteration of the input biomedical data, works with completely or partially distributed datasets, and is resilient as long as the majority of the sites participating in data processing are trusted to not collude. We show how the proposed strategy can be applied on distributed medical records to solve the variables assignment problem, the key task in exact feature selection and Bayesian networks learning.
Conclusions: Our proposed architecture can be used by health care organizations, spanning providers, insurers, researchers and computational service providers, to build robust and high quality predictive models in cases where distributed data has to be combined without being disclosed, altered or otherwise compromised.
△ Less
Submitted 17 June, 2018;
originally announced June 2018.
-
Secure Fingerprint Alignment and Matching Protocols
Authors:
Fattaneh Bayatbabolghani,
Marina Blanton,
Mehrdad Aliasgari,
Michael Goodrich
Abstract:
We present three private fingerprint alignment and matching protocols, based on what are considered to be the most precise and efficient fingerprint recognition algorithms, which use minutia points. Our protocols allow two or more honest-but-curious parties to compare their respective privately-held fingerprints in a secure way such that they each learn nothing more than an accurate score of how w…
▽ More
We present three private fingerprint alignment and matching protocols, based on what are considered to be the most precise and efficient fingerprint recognition algorithms, which use minutia points. Our protocols allow two or more honest-but-curious parties to compare their respective privately-held fingerprints in a secure way such that they each learn nothing more than an accurate score of how well the fingerprints match. To the best of our knowledge, this is the first time fingerprint alignment based on minutiae is considered in a secure computation framework. We build secure fingerprint alignment and matching protocols in both the two-party setting using garbled circuit evaluation and in the multi-party setting using secret sharing techniques. In addition to providing precise and efficient secure fingerprint alignment and matching, our contributions include the design of a number of secure sub-protocols for complex operations such as sine, cosine, arctangent, square root, and selection, which are likely to be of independent interest.
△ Less
Submitted 16 December, 2017; v1 submitted 10 February, 2017;
originally announced February 2017.
-
Optimizing Secure Statistical Computations with PICCO
Authors:
Justin DeBenedetto,
Marina Blanton
Abstract:
Growth in research collaboration has caused an increased need for sharing of data. However, when this data is private, there is also an increased need for maintaining security and privacy. Secure multi-party computation enables any function to be securely evaluated over private data without revealing any unintended data. A number of tools and compilers have been recently developed to support evalu…
▽ More
Growth in research collaboration has caused an increased need for sharing of data. However, when this data is private, there is also an increased need for maintaining security and privacy. Secure multi-party computation enables any function to be securely evaluated over private data without revealing any unintended data. A number of tools and compilers have been recently developed to support evaluation of various functionalities over private data. PICCO is one of such compilers that transforms a general-purpose user program into its secure distributed implementation. Here we assess performance of common statistical programs using PICCO. Specifically, we focus on chi-squared and standard deviation computations and optimize user programs for them to assess performance that an informed user might expect from securely evaluating these functions using a general-purpose compiler.
△ Less
Submitted 27 December, 2016;
originally announced December 2016.
-
Implementing Support for Pointers to Private Data in a General-Purpose Secure Multi-Party Compiler
Authors:
Yihua Zhang,
Marina Blanton,
Ghada Almashaqbeh
Abstract:
Recent compilers allow a general-purpose program (written in a conventional programming language) that handles private data to be translated into secure distributed implementation of the corresponding functionality. The resulting program is then guaranteed to provably protect private data using secure multi-party computation techniques. The goals of such compilers are generality, usability, and ef…
▽ More
Recent compilers allow a general-purpose program (written in a conventional programming language) that handles private data to be translated into secure distributed implementation of the corresponding functionality. The resulting program is then guaranteed to provably protect private data using secure multi-party computation techniques. The goals of such compilers are generality, usability, and efficiency, but the complete set of features of a modern programming language has not been supported to date by the existing compilers. In particular, recent compilers PICCO and the two-party ANSI C compiler strive to translate any C program into its secure multi-party implementation, but currently lack support for pointers and dynamic memory allocation, which are important components of many C programs. In this work, we mitigate the limitation and add support for pointers to private data and consequently dynamic memory allocation to the PICCO compiler, enabling it to handle a more diverse set of programs over private data. Because doing so opens up a new design space, we investigate the use of pointers to private data (with known as well as private locations stored in them) in programs and report our findings. Besides dynamic memory allocation, we examine other important topics associated with common pointer use such as reference by pointer/address, casting, and building various data structures in the context of secure multi-party computation. This results in enabling the compiler to automatically translate a user program that uses pointers to private data into its distributed implementation that provably protects private data throughout the computation. We empirically evaluate the constructions and report on performance of representative programs.
△ Less
Submitted 30 June, 2017; v1 submitted 5 September, 2015;
originally announced September 2015.
-
Discrepancy-Sensitive Dynamic Fractional Cascading, Dominated Maxima Searching, and 2-d Nearest Neighbors in Any Minkowski Metric
Authors:
Mikhail J. Atallah,
Marina Blanton,
Michael T. Goodrich,
Stanislas Polu
Abstract:
This paper studies a discrepancy-sensitive approach to dynamic fractional cascading. We provide an efficient data structure for dominated maxima searching in a dynamic set of points in the plane, which in turn leads to an efficient dynamic data structure that can answer queries for nearest neighbors using any Minkowski metric. We provide an efficient data structure for dominated maxima searching…
▽ More
This paper studies a discrepancy-sensitive approach to dynamic fractional cascading. We provide an efficient data structure for dominated maxima searching in a dynamic set of points in the plane, which in turn leads to an efficient dynamic data structure that can answer queries for nearest neighbors using any Minkowski metric. We provide an efficient data structure for dominated maxima searching in a dynamic set of points in the plane, which in turn leads to an efficient dynamic data structure that can answer queries for nearest neighbors using any Minkowski metric.
△ Less
Submitted 29 April, 2009;
originally announced April 2009.
