Abstract
Private Function Evaluation (PFE) is the problem of evaluating one party’s private data using a private function owned by another party. Existing solutions for PFE are based on universal circuits evaluated in secure multiparty computations or on hiding the circuit’s topology and the gate’s functionality through additive homomorphic encryption. These solutions, however, are not efficient enough for practical use; hence there is a need for more efficient techniques. This work looks at utilizing the Intel Software Guard Extensions platform (SGX) to provide a more practical solution for PFE where the privacy of the data and the function are both preserved. Notably, our solution carefully avoids the pitfalls of side-channel attacks on SGX. We present solutions for two different scenarios: the first is when the function’s owner has an SGX-enabled device and the other is when a third party (or one of the data owners) has the SGX capability. Our results show a clear expected advantage in terms of running time for the first case over the second. Investigating the slowdown in the second case leads to the garbling time which constitutes more than 60% of the consumed time. Both solutions clearly outperform FairplayPF in our tests.
Highlights
In Private Function Evaluation (PFE), a participant S0 holds some private function f, while participants S1, S2, . . ., Sm each have their own private input xi. ese parties would like to work together to find f (x1, x2, . . ., xm) while retaining the confidentiality of their respective inputs and of S0’s function.is problem is useful when an entity holding a proprietary piece of software would like to offer some service using that software to other entities that have confidential data
PFE requires the function to be private while Secure Multiparty Computation (SMPC) assumes a publicly known function. e performance of SMPC solutions has improved a lot over the years making SMPC more practical and thereby more widely adopted. is is not the case with PFE as the additional requirement of function privacy adds more complexity to the problem
One such solution involves running a universal circuit in SMPC that takes x1, x2, . . ., xm in addition to Cf, a circuit representation of f, as inputs. e idea is that SMPC insures the privacy of all inputs; the privacy of the function is insured since it is part of the input. e issue, is that a universal circuit that can run Cf will be of size Ω (|Cf| log |Cf|) according to the state of the art [1]
Summary
In Private Function Evaluation (PFE), a participant S0 holds some private function f, while participants S1, S2, . . ., Sm each have their own private input xi. ese parties would like to work together to find f (x1, x2, . . ., xm) while retaining the confidentiality of their respective inputs and of S0’s function. Solutions for PFE do exist and are mostly adapted from techniques used in SMPC. One such solution involves running a universal circuit in SMPC that takes x1, x2, . More recent solutions involve modifying the garbled circuits used in SMPC in order to hide the gates functionality and circuit topology of Cf. ese approaches can achieve a linear cost of |Cf |, but with an additional cost of a linear amount of asymmetric key operations which are not practical. The best solution still takes O (|Cf | log |Cf |) time We implement a proofof-concept of our solutions in both scenarios to benchmark the efficiency of our approach and show that it outperforms current existing solutions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
