A Secure Protocol for Computing Dot-products in Clustered and Distributed Environments

1. A Secure Protocol for Computing Dot-products in Clustered and Distributed Environments Ioannis Ioannidis, Ananth Grama and Mikhail Atallah Purdue University. Acknowledgements: National Science Foundation.

2. The Problem • Dot-products are the basis of many important applications • Scientific computations • Data mining • Transaction processing • Biometrics • Use of distributed environments creates security issues • Data too valuable to expose • Untrusted links or hosts • Spoofing is very easy

3. The Problem • Each party is honest-but-curious • They play by the rules, but if they can find out more, they will. • Only one of the parties is interested in the result. • We have a random number generator, which generates a uniformly distributed random integer, cast into a real.

4. Candidate Solution • Use conventional cryptography • Secure tunneling can protect the links • More complex protocols offer protection against untrusted hosts • Unfortunately, public-key crypto has a high complexity • Modular exponentiation computations can have a crippling effect on the overall performance

5. Security vs. Efficiency • Ideally, no information should leak about the participating vectors during a secure dot-product protocol • However, in the context of the given problem, in a clustered environment, security need not be so tight • Dot-products inherently leak data in the solution • Some leakage may be acceptable, since the same dot-product will not be computed multiple times • Small compromises in security can lead to large gains in efficiency

6. An Efficient Alternative • Use linear algebraic properties to achieve a sufficient level of security • Hide a vector inside a matrix • Scramble the matrix • Multiply the matrix by the other vector • Retrieve the dot-product • A large part of the computation can be reused • Both parties must share a secret – a number – before the protocol

7. An Efficient Alternative • Security is not perfect • A small number of equations will leak • Statistics can reveal information • But is sufficient for a real-world setting • If you don’t need to execute the same instance many times, leaking a few equations is not a problem • Statistical attacks demand larges amounts of information • Not so easy to gather them in clustered environments

8. The Protocol

9. The Protocol

10. The Protocol

11. The Protocol

12. An Example:

13. Example (continued):

14. Proof of Correctness

15. Proof of Correctness

16. Proof of Correctness

17. Algorithmic Considerations • Time overhead • How much more computation needs to be performed? • Public-key cryptography adds an unacceptable amount of overhead. • But it is the only solution if perfect secrecy is the goal. • Communication overhead • Network latency prevails in larger networks. • Bit count is the decisive factor in tightly coupled networks.

18. Stability Considerations • Algebraic manipulations of the data can introduce numerical errors in scientific computation data. • Any protocol applied to real-valued vectors must be numerically stable to be of practical importance.

19. Experimental Results • The protocol was executed on two PIII/450Mhz machines connected on a Gigabit Ethernet network • Data was randomly generated vectors of length 106 • We measured the total overhead (computation and communication) • Communication overhead is expected to be a factor of 4

20. Experimental Results • Measured overhead showed a factor of 4.69 overhead • Communication overhead is the dominating factor, even on a fast network • Average numerical error was measured to 4.5 x 10-9

21. Conclusions and Ongoing Research • It is possible to execute multiparty, real-valued dot-product computations efficiently and with satisfactory security • Binary dot-products pose a different problem due to the sparsity of the vectors • Number theoretic techniques introduce large time and communication overheads