From Oblivious AES to Efficient and Secure Database Join in the Multiparty Setting [chapter]

Sven Laur, Riivo Talviste, Jan Willemson
2013 Lecture Notes in Computer Science  
AES block cipher is an important cryptographic primitive with many applications. In this work, we describe how to efficiently implement the AES-128 block cipher in the multiparty setting where the key and the plaintext are both in a secret-shared form. In particular, we study several approaches for AES S-box substitution based on oblivious table lookup and circuit evaluation. Given this secure AES implementation, we build a universally composable database join operation for secret shared
more » ... The resulting protocol scales almost linearly with the database size and can join medium sized databases with 100, 000 rows in few minutes, which makes many privacy-preserving data mining algorithms feasible in practice. All the practical implementations and performance measurements are done on the Sharemind secure multiparty computation platform. nothing about shared values during the computations and the final publication of output shares reveals only the desired output(s). For most share-computing systems, even a coalition of parties cannot learn anything about private data unless the size of a coalition is over a threshold. Development and implementation of such multi-party computing platforms is an active research area. FairPlayMP [6], SecureSCM [2], SEPIA [13], Sharemind [8], VMCrypt [30] and TASTY [24] computing platforms represent only some of the most efficient implementations and share-computing has been successfully applied to real-world settings [10, 9] . Note that various database operations are particularly important in privacypreserving data processing. Efficient and secure protocols for most key operations on secret-shared databases are already known, see [29] . The most notable operation still missing is database join based on secret-shared key columns. This operation can be used e.g. for combining customer data coming from different organisations or linking the results of statistical polls into a single dataset. Our main theoretical contribution is an efficient multi-party protocol for database join, which combines oblivious shuffle with pseudorandom function evaluation on secret-shared data. In practice, we instantiate the pseudorandom function with the AES-128 block cipher and implement it on the Sharemind platform [8] . The latter is a non-trivial task, since the input and the secret key are secret-shared in this context. The resulting AES-evaluation protocol is interesting in its own right. First, AES is becoming a standard performance benchmark for share-computing platforms [18, 25, 33, 28] and thus we can directly compare how well the implementation on the Sharemind platform does. Second, a secret-shared version of AES can be used to reduce security requirements put onto the key management of symmetric encryption [18] . In brief, we can emulate trusted hardware encryption in the cloud by sharing a secret key among several servers. Preliminaries AES. Advanced Encryption Standard (AES) is a symmetric block cipher approved by the National Institute of Standards and Technology [31] . AES takes a 128-bit block of plaintext and outputs 128 bits of corresponding ciphertext. AES can use cipher keys with lengths of 128, 192 or 256 bits. In our work we will only use AES-128, which denotes AES with 128-bit keys. Sharemind platform. Sharemind platform is a practical and secure sharecomputing framework for privacy-preserving computations [8] , where the private data is shared among three parties referred to as miners. In its original implementation, Sharemind uses additive secret sharing on 32-bit integers, i.e., a secret s is split into three shares s 1 , s 2 , s 3 such that s = s 1 + s 2 + s 3 mod 2 32 . In this work, we use bitwise sharing where the secret can be reconstructed by XOR-ing individual shares: s = s 1 ⊕ s 2 ⊕ s 3 .
doi:10.1007/978-3-642-38980-1_6 fatcat:sih2pvrdybarzgv3kbs2guyxg4