1. bookVolume 2021 (2021): Issue 4 (October 2021)
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year
access type Open Access

Fortified Multi-Party Computation: Taking Advantage of Simple Secure Hardware Modules

Published Online: 23 Jul 2021
Page range: 312 - 338
Received: 28 Feb 2021
Accepted: 16 Jun 2021
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year

In practice, there are numerous settings where mutually distrusting parties need to perform distributed computations on their private inputs. For instance, participants in a first-price sealed-bid online auction do not want their bids to be disclosed. This problem can be addressed using secure multi-party computation (MPC), where parties can evaluate a publicly known function on their private inputs by executing a specific protocol that only reveals the correct output, but nothing else about the private inputs. Such distributed computations performed over the Internet are susceptible to remote hacks that may take place during the computation. As a consequence, sensitive data such as private bids may leak. All existing MPC protocols do not provide any protection against the consequences of such remote hacks. We present the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking. More specifically, unless the remote hack takes place before the party received its input or all parties are corrupted, a hacker is unable to learn the parties’ inputs and outputs, and is also unable to modify them. We achieve these strong (privacy) guarantees by utilizing the fact that in practice parties may not be susceptible to remote attacks at every point in time, but only while they are online, i.e. able to receive messages. To this end, we model communication via explicit channels. In particular, we introduce channels with an airgap switch (disconnect-able by the party in control of the switch), and unidirectional data diodes. These channels and their isolation properties, together with very few, similarly simple and plausibly remotely unhackable hardware modules serve as the main ingredient for attaining such strong security guarantees. In order to formalize these strong guarantees, we propose the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework.


[1] D. Achenbach, J. Müller-Quade, and J. Rill. Universally composable firewall architectures using trusted hardware. In B. Ors and B. Preneel, editors, BalkanCryptSec 2014, volume 9024 of LNCS, pages 57–74. Springer, 2014. 10.1007/978-3-319-21356-9_5. Search in Google Scholar

[2] J. Andronick, B. Chetali, and C. Paulin-Mohring. Formal verification of security properties of smart card embedded source code. In J. S. Fitzgerald, I. J. Hayes, and A. Tarlecki, editors, FM 2005: Formal Methods, International Symposium of Formal Methods Europe, volume 3582 of LNCS, pages 302–317. Springer, 2005. 10.1007/11526841_21. Search in Google Scholar

[3] G. Asharov, S. Halevi, Y. Lindell, and T. Rabin. Privacy-preserving search of similar patients in genomic data. Proc. Priv. Enhancing Technol., 2018(4):104–124, 2018. 10.1515/popets-2018-0034. Search in Google Scholar

[4] J. Baron, K. E. Defrawy, J. Lampkins, and R. Ostrovsky. How to withstand mobile virus attacks, revisited. In M. M. Halldórsson and S. Dolev, editors, PODC 2014, pages 293–302. ACM, 2014. 10.1145/2611462.2611474. Search in Google Scholar

[5] G. Barthe and G. Dufay. Formal methods for smartcard security. In A. Aldini, R. Gorrieri, and F. Martinelli, editors, Foundations of Security Analysis and Design III, FOSAD 2004/2005 Tutorial Lectures, volume 3655 of LNCS, pages 133–177. Springer, 2005. 10.1007/11554578_5. Search in Google Scholar

[6] M. Bellare and A. Sahai. Non-malleable encryption: Equivalence between two notions, and an indistinguishability-based characterization. In M. J. Wiener, editor, CRYPTO ’99, volume 1666 of LNCS, pages 519–536. Springer, 1999. 10.1007/3-540-48405-1_33. Search in Google Scholar

[7] E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from Bitcoin. In IEEE Symposium on Security and Privacy, SP 2014, pages 459–474. IEEE Computer Society, 2014. 10.1109/SP.2014.36. Search in Google Scholar

[8] P. Bogetoft, D. L. Christensen, I. Damgård, M. Geisler, T. P. Jakobsen, M. Krøigaard, J. D. Nielsen, J. B. Nielsen, K. Nielsen, J. Pagter, M. I. Schwartzbach, and T. Toft. Secure multiparty computation goes live. In R. Dingledine and P. Golle, editors, Financial Cryptography and Data Security, FC 2009, volume 5628 of LNCS, pages 325–343. Springer, 2009. 10.1007/978-3-642-03549-4_20. Search in Google Scholar

[9] T. Braibant and A. Chlipala. Formal verification of hardware synthesis. In N. Sharygina and H. Veith, editors, Computer Aided Verification, CAV 2013, volume 8044 of LNCS, pages 213–228. Springer, 2013. 10.1007/978-3-642-39799-8_14. Search in Google Scholar

[10] B. Broadnax, N. Döttling, G. Hartung, J. Müller-Quade, and M. Nagel. Concurrently composable security with shielded super-polynomial simulators. In J. Coron and J. B. Nielsen, editors, EUROCRYPT 2017, volume 10210 of LNCS, pages 351–381, 2017. 10.1007/978-3-319-56620-7_13. Search in Google Scholar

[11] R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS 2001, pages 136–145, 2001. 10.1109/SFCS.2001.959888. Search in Google Scholar

[12] R. Canetti and M. Fischlin. Universally composable commitments. In J. Kilian, editor, CRYPTO 2001, pages 19–40. Springer, 2001. 10.1007/3-540-44647-8_2. Search in Google Scholar

[13] R. Canetti, U. Feige, O. Goldreich, and M. Naor. Adaptively secure multi-party computation. In STOC 1996, pages 639–648, 1996. 10.1145/237814.238015. Search in Google Scholar

[14] R. Canetti, Y. Lindell, R. Ostrovsky, and A. Sahai. Universally composable two-party and multi-party secure computation. In J. H. Reif, editor, STOC 2002, pages 494–503. ACM, 2002. 10.1145/509907.509980. Search in Google Scholar

[15] R. Canetti, E. Kushilevitz, and Y. Lindell. On the limitations of universally composable two-party computation without set-up assumptions. In E. Biham, editor, EUROCRYPT 2003, pages 68–86, 2003. 10.1007/3-540-39200-9_5. Search in Google Scholar

[16] R. Canetti, O. Poburinnaya, and M. Venkitasubramaniam. Equivocating Yao: constant-round adaptively secure multiparty computation in the plain model. In H. Hatami, P. McKenzie, and V. King, editors, STOC 2017, pages 497–509. ACM, 2017. 10.1145/3055399.3055495. Search in Google Scholar

[17] CrypTech. CrypTech Alpha. URL https://cryptech.is/. Search in Google Scholar

[18] N. Döttling, T. Mie, J. Müller-Quade, and T. Nilges. Implementing resettable uc-functionalities with untrusted tamper-proof hardware-tokens. In A. Sahai, editor, TCC 2013, volume 7785 of LNCS, pages 642–661. Springer, 2013. 10.1007/978-3-642-36594-2_36. Search in Google Scholar

[19] M. Ender, A. Moradi, and C. Paar. The unpatchable silicon: A full break of the bitstream encryption of Xilinx 7-series FPGAs. In S. Capkun and F. Roesner, editors, USENIX Security 2020, pages 1803–1819. USENIX Association, 2020. URL https://www.usenix.org/conference/usenixsecurity20/presentation/ender. Search in Google Scholar

[20] L. Erkök, M. Carlsson, and A. Wick. Hardware/software co-verification of cryptographic algorithms using Cryptol. In Formal Methods in Computer-Aided Design, FMCAD 2009, pages 188–191. IEEE, 2009. 10.1109/FMCAD.2009.5351121. Search in Google Scholar

[21] V. Fetzer, M. Hoffmann, M. Nagel, A. Rupp, and R. Schwerdt. P4TC - provably-secure yet practical privacy-preserving toll collection. Proc. Priv. Enhancing Technol., 2020(3): 62–152, 2020. 10.2478/popets-2020-0046. Search in Google Scholar

[22] Fibersystem. Data diodes. URL https://www.fibersystem.com/product-category/data-diodes/. Search in Google Scholar

[23] S. Garg, Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai. Cryptography with one-way communication. In R. Gennaro and M. Robshaw, editors, CRYPTO 2015, volume 9216 of LNCS, pages 191–208. Springer, 2015. 10.1007/978-3-662-48000-7_10. Search in Google Scholar

[24] genua. Data diode cyber-diode: High-security industrial monitoring of plants, machinery and critical infrastructure. URL https://www.genua.de/en/it-security-solutions/data-diode-cyber-diode. Search in Google Scholar

[25] V. Goyal, Y. Ishai, A. Sahai, R. Venkatesan, and A. Wadia. Founding cryptography on tamper-proof hardware tokens. In D. Micciancio, editor, TCC 2010, volume 5978 of LNCS, pages 308–326. Springer, 2010. 10.1007/978-3-642-11799-2_19. Search in Google Scholar

[26] I. Haque, D. D’Souza, H. P, A. Kundu, and G. Babu. Verification of a generative separation kernel. In D. V. Hung and O. Sokolsky, editors, Automated Technology for Verification and Analysis, ATVA 2020, volume 12302 of LNCS, pages 305–322. Springer, 2020. 10.1007/978-3-030-59152-6_17. Search in Google Scholar

[27] C. Hazay, Y. Lindell, and A. Patra. Adaptively secure computation with partial erasures. In C. Georgiou and P. G. Spirakis, editors, PODC 2015, pages 291–300. ACM, 2015. 10.1145/2767386.2767400. Search in Google Scholar

[28] C. Hazay, A. Polychroniadou, and M. Venkitasubramaniam. Constant round adaptively secure protocols in the tamper-proof hardware model. In S. Fehr, editor, PKC 2017, volume 10175 of LNCS, pages 428–460. Springer, 2017. 10.1007/978-3-662-54388-7_15. Search in Google Scholar

[29] Y. Ishai, M. Prabhakaran, and A. Sahai. Founding cryptography on oblivious transfer - efficiently. In D. A. Wagner, editor, CRYPTO 2008, volume 5157 of LNCS, pages 572–591. Springer, 2008. 10.1007/978-3-540-85174-5_32. Search in Google Scholar

[30] J. Katz. Universally composable multi-party computation using tamper-proof hardware. In M. Naor, editor, EURO-CRYPT 2007, LNCS, pages 115–128. Springer, 2007. ISBN 978-3-540-72540-4. 10.1007/978-3-540-72540-4_7. Search in Google Scholar

[31] G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In J. N. Matthews and T. E. Anderson, editors, ACM Symposium on Operating Systems Principles, SOSP 2009, pages 207–220. ACM, 2009. 10.1145/1629575.1629596. Search in Google Scholar

[32] L-com. Physical layer air gap network switches. URL https://www.l-com.com/secure-data-physical-layer-air-gap-network-switches. Search in Google Scholar

[33] A. Levy, B. Campbell, B. Ghena, D. B. Giffin, P. Pannuto, P. Dutta, and P. Levis. Multiprogramming a 64kB computer safely and efficiently. In Symposium on Operating Systems Principles, 2017, pages 234–251. ACM, 2017. 10.1145/3132747.3132786. Search in Google Scholar

[34] H. Liang, M. Li, Y. Chen, L. Jiang, Z. Xie, and T. Yang. Establishing trusted I/O paths for SGX client systems with Aurora. IEEE Trans. Inf. Forensics Secur., 15:1589–1600, 2020. 10.1109/TIFS.2019.2945621. Search in Google Scholar

[35] M. Marlinspike. Technology preview: Private contact discovery for Signal, 2017. URL https://signal.org/blog/private-contact-discovery/. Search in Google Scholar

[36] H. Nemati. Secure System Virtualization: End-to-End Verification of Memory Isolation. PhD thesis, Royal Institute of Technology, Stockholm, 2017. URL http://nbn-resolving.de/urn:nbn:se:kth:diva-213030. Search in Google Scholar

[37] A. Nilsson, P. N. Bideh, and J. Brorsson. A survey of published attacks on Intel SGX. CoRR, abs/2006.13598, 2020. URL https://arxiv.org/abs/2006.13598. Search in Google Scholar

[38] Nitrokey. NetHSM - The Open Hardware Security Module. URL https://www.nitrokey.com/products/nethsm. Search in Google Scholar

[39] R. Ostrovsky and M. Yung. How to withstand mobile virus attacks (extended abstract). In L. Logrippo, editor, PODC 1991, pages 51–59. ACM, 1991. 10.1145/112600.112605. Search in Google Scholar

[40] M. Ottela. Tinfoil Chat. URL https://github.com/maqp/tfc. Search in Google Scholar

[41] J. E. Park and S. M. Ragan. Build an internet kill switch. URL https://makezine.com/projects/internet-kill-switch/. Search in Google Scholar

[42] D. Parrinha and R. Chaves. Flexible and low-cost HSM based on non-volatile FPGAs. In International Conference on ReConFigurable Computing and FPGAs, ReConFig 2017, pages 1–8. IEEE, 2017. 10.1109/RECONFIG.2017.8279795. Search in Google Scholar

[43] R. Pass, E. Shi, and F. Tramèr. Formal abstractions for attested execution secure processors. In J. Coron and J. B. Nielsen, editors, EUROCRYPT 2017, volume 10210 of LNCS, pages 260–289, 2017. 10.1007/978-3-319-56620-7_10. Search in Google Scholar

[44] Patton. 1-Gigabit Data Diode SFP Module. URL https://www.patton.com/sfx-1dd/. Search in Google Scholar

[45] A. Peyrard, N. Kosmatov, S. Duquennoy, I. Lille, and S. Raza. Towards formal verification of Contiki: Analysis of the AES-CCM* modules with Frama-C. In D. Giustiniano, D. Koutsonikolas, A. Banchs, E. Mingozzi, and K. R. Chowdhury, editors, Embedded Wireless Systems and Networks, EWSN 2018, pages 264–269. Junction Publishing, Canada/ACM, 2018. URL http://dl.acm.org/citation.cfm?id=3234910. Search in Google Scholar

[46] S. Popoveniuc and B. Hosp. An introduction to PunchScan. In D. Chaum, M. Jakobsson, R. L. Rivest, P. Y. A. Ryan, J. Benaloh, M. Kutylowski, and B. Adida, editors, Towards Trustworthy Elections, New Directions in Electronic Voting, volume 6000 of LNCS, pages 242–259. Springer, 2010. 10.1007/978-3-642-12980-3_15. Search in Google Scholar

[47] Qubes OS Project. Qubes split GPG, 2018. URL https://www.qubes-os.org/doc/split-gpg/. User Documentation. Search in Google Scholar

[48] A. Salem, P. Berrang, M. Humbert, and M. Backes. Privacy-preserving similar patient queries for combined biomedical data. Proc. Priv. Enhancing Technol., 2019(1):47–67, 2019. 10.2478/popets-2019-0004. Search in Google Scholar

[49] SKUDO. KRYPTOR - FPGA Board. URL https://skudo.tech/products/kryptor. Search in Google Scholar

[50] SoloKeys. Solo 2. URL https://www.indiegogo.com/projects/solo-v2-safety-net-against-phishing. Search in Google Scholar

[51] Trussed. Modern cryptographic firmware. URL https://trussed.dev/. Search in Google Scholar

[52] Wavestone - Cybersecurity & Digital Trust. Dyode : Do your own diode. URL https://github.com/wavestone-cdt/dyode. Search in Google Scholar

[53] S. Weiser and M. Werner. SGXIO: generic trusted I/O path for Intel SGX. In G. Ahn, A. Pretschner, and G. Ghinita, editors, ACM Conference on Data and Application Security and Privacy, CODASPY 2017, pages 261–268. ACM, 2017. 10.1145/3029806.3029822. Search in Google Scholar

[54] Yubico. YubiHSM. URL https://www.yubico.com/products/hardware-security-module/. Search in Google Scholar

[55] E. Zheng, P. Gates-Idem, and M. Lavin. Building a virtually air-gapped secure environment in AWS. In M. P. Singh, L. Williams, R. Kuhn, and T. Xie, editors, HoTSoS 2018, pages 11:1–11:8. ACM, 2018. 10.1145/3190619.3190642. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo