Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks
Pages 3328 - 3342
Abstract
As more privacy-preserving solutions leverage trusted execution environments (TEEs) like Intel SGX, it becomes pertinent that these solutions can by design thwart TEE side-channel attacks that research has brought to light. In particular, such solutions need to be fully oblivious to circumvent leaking private information through memory or timing side channels.
In this work, we present fast fully oblivious algorithms for shuffling and sorting of data. Oblivious shuffling and sorting of data are two fundamental primitives that are frequently used for permuting data in privacy-preserving solutions. We present novel oblivious shuffling and sorting algorithms that work in the offline/online model such that the bulk of the computation can be done in an offline phase independent of the data to be permuted, resulting in an online phase that is asymptotically (O(βn log n)) and concretely (>5× and >3×) more efficient than the state-of-the-art solutions for oblivious shuffling and sorting (O(β n log² n)) when permuting n items, each of size β.
Our work revisits Waksman networks, and leverages the key observation that setting the control bits of a Waksman network for a uniformly random shuffle is independent of the data to be shuffled. However, setting the control bits of a Waksman network efficiently and fully obliviously poses a challenge, and we provide a novel control bit setting algorithm to this end. The total cost (inclusive of offline computation) of our algorithms WaksShuffle and WaksSort are lower than all other fully oblivious shuffling and sorting algorithms for moderately sized problems (β > 1400 B), and the performance gap only widens with increase in item sizes. Furthermore, our shuffling algorithm WaksShuffle improves the online cost of oblivious shuffling by >5× for shuffling 220 items of any size; similarly WaksShuffle+QS provides >2.7× speedups in the online cost of oblivious sorting.
References
[1]
M. Ajtai, J. Komlós, and E. Szemerédi. 1983. An O(n log n) Sorting Network. In Proceedings of the Fifteenth Annual ACM Symposium on Theory of Computing (STOC).
[2]
Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. https://software.intel.com/content/www/us/en/develop/articles/innovative-technology-for-cpu-based-attestation-and-sealing.html. Accessed May 2023.
[3]
Gilad Asharov, Wei-Kai Lin, and Elaine Shi. 2022. Sorting Short Keys in Circuits of Size o(n log n). SIAM J. Comput. (2022).
[4]
Kenneth E Batcher. 1968. Sorting networks and their applications. In Proceedings of American Federation of Information Processing Societies (AFIPS).
[5]
Bruno Beauquier and Eric Darrot. 2002. On Arbitrary Size Waksman Networks and Their Vulnerability. Parallel Processing Letters (2002).
[6]
Daniel J. Bernstein. 2020. Verified fast formulas for control bits for permutation networks. Cryptology ePrint Archive, Paper 2020/1493. https://eprint.iacr.org/2020/1493
[7]
Daniel J Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, et al. 2017. Classic McEliece: conservative code-based cryptography. NIST submissions, Vol. 1, 1 (2017).
[8]
Andrea Bittau, Úlfar Erlingsson, Petros Maniatis, Ilya Mironov, Ananth Raghunathan, David Lie, Mitch Rudominer, Ushasree Kode, Julien Tinnes, and Bernhard Seefeld. 2017. Prochlo: Strong Privacy for Analytics in the Crowd. In Symposium on Operating Systems Principles (SOSP).
[9]
Feng Chen, Shuang Wang, Xiaoqian Jiang, Sijie Ding, Yao Lu, Jihoon Kim, S Cenk Sahinalp, Chisato Shimizu, Jane C Burns, Victoria J Wright, Eileen Png, Martin L Hibberd, David D Lloyd, Hai Yang, Amalio Telenti, Cinnamon S Bloss, Dov Fox, Kristin Lauter, and Lucila Ohno-Machado. 2016. PRINCESS: Privacy-protecting Rare disease International Network Collaboration via Encryption through Software guard extensionS. Bioinformatics (2016).
[10]
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In IEEE European Symposium on Security and Privacy (EuroS&P).
[11]
Tung Chou. 2017. McBits revisited. In International Conference on Cryptographic Hardware and Embedded Systems.
[12]
Hung Dang, Tien Tuan Anh Dinh, Ee-Chien Chang, and Beng Chin Ooi. 2017. Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute. Proceedings on Privacy Enhancing Technologies (PoPETs) (2017).
[13]
Emma Dauterman, Vivian Fang, Ioannis Demertzis, Natacha Crooks, and Raluca Ada Popa. 2021. Snoopy: Surpassing the scalability bottleneck of oblivious storage. In Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles (SOSP).
[14]
Kris Vestergaard Ebbesen. 2015. On the Practicality of Data-oblivious Sorting. Master's thesis. Aarhus Universitet, Datalogisk Institut.
[15]
Saba Eskandarian and Dan Boneh. 2022. Clarion: Anonymous Communication from Multiparty Shuffling Protocols. In Network and Distributed System Security Symposium, (NDSS).
[16]
Oded Goldreich and Rafail Ostrovsky. 1996. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM (JACM) (1996).
[17]
Koki Hamada, Ryo Kikuchi, Dai Ikarashi, Koji Chida, and Katsumi Takahashi. 2012. Practically Efficient Multi-Party Sorting Protocols from Comparison Sort Algorithms. In Proceedings of the 15th International Conference on Information Security and Cryptology (ICISC).
[18]
William Holland, Olga Ohrimenko, and Anthony Wirth. 2022. Efficient Oblivious Permutation via the Waksman Network. In Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (AsiaCCS).
[19]
Intel. 2018. Q3 2018 Speculative Execution Side Channel Update. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html. Accessed August 2023.
[20]
Intel. 2019. Intel Processors Voltage Settings Modification Advisory. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html. Accessed August 2023.
[21]
Intel. 2020. 2020.2 IPU - Intel RAPL Interface Advisory. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html. Accessed August 2023.
[22]
Simeon Krastnikov, Florian Kerschbaum, and Douglas Stebila. 2020. Efficient Oblivious Database Joins. Proceedings of the VLDB Endowment (2020).
[23]
Dayeol Lee, Dongha Jung, Ian T. Fang, Chia-Che Tsai, and Raluca Ada Popa. 2020. An Off-Chip Attack on Hardware Enclaves via the Memory Bus. In USENIX Security Symposium.
[24]
Kyungsook Yoon Lee. 1985. On the Rearrangeability of 2(log2 N)-1 Stage Permutation Networks. IEEE Trans. Comput. (1985).
[25]
Kyungsook Yoon Lee. 1987. A New Benes Network Control Algorithm. IEEE Trans. Comput. (1987).
[26]
Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security Symposium.
[27]
Wei-Kai Lin and Elaine Shi. 2022. Optimal Sorting Circuits for Short Keys. In Proceedings of the 2022 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA).
[28]
Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. 2021. PLATYPUS: Software-based power side-channel attacks on x86. In 2021 IEEE Symposium on Security and Privacy (S&P).
[29]
Pratyush Mishra, Rishabh Poddar, Jerry Chen, Alessandro Chiesa, and Raluca Ada Popa. 2018. Oblix: An Efficient Oblivious Search Index. In IEEE Symposium on Security and Privacy (S&P).
[30]
Kit Murdock, David Oswald, Flavio D Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. 2020. Plundervolt: Software-based fault injection attacks against Intel SGX. In IEEE Symposium on Security and Privacy (S&P).
[31]
David Nassimi and Sartaj Sahni. 1982. Parallel Algorithms to Set Up the Benes Permutation Network. IEEE Trans. Comput. (1982).
[32]
Olga Ohrimenko, Michael T Goodrich, Roberto Tamassia, and Eli Upfal. 2014. The Melbourne shuffle: Improving oblivious storage in the cloud. In International Colloquium on Automata, Languages, and Programming (ICALP).
[33]
Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious multi-party machine learning on trusted processors. In USENIX Security Symposium.
[34]
Nicholas Pippenger. 1993. Self-Routing Superconcentrators. In Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing (STOC).
[35]
Rishabh Poddar, Ganesh Ananthanarayanan, Srinath Setty, Stavros Volos, and Raluca Ada Popa. 2020. Visor: Privacy-Preserving Video Analytics as a Cloud Service. In USENIX Security Symposium.
[36]
A Pranav Shriram, Nishat Koti, Varsha Bhat Kukkala, Arpita Patra, Bhavish Raj Gopal, and Somya Sangal. 2023. Ruffle: Rapid 3-party shuffle protocols. Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 3 (2023).
[37]
Vijaya Ramachandran and Elaine Shi. 2021. Data Oblivious Algorithms for Multicores. In Proceedings of the 33rd ACM Symposium on Parallelism in Algorithms and Architectures (SPAA).
[38]
Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In USENIX Security Symposium.
[39]
Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. 2018. ZeroTrace: Oblivious Memory Primitives from Intel SGX. In Network and Distributed System Security Symposium (NDSS).
[40]
Sajin Sasy, Aaron Johnson, and Ian Goldberg. 2022a. Fast Fully Oblivious Compaction and Shuffling. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS).
[41]
Sajin Sasy, Aaron Johnson, and Ian Goldberg. 2022b. Fast Fully Oblivious Compaction and Shuffling. https://crysp.uwaterloo.ca/software/obliv/. Software artifact.
[42]
Sajin Sasy, Aaron Johnson, and Ian Goldberg. 2023. Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks. https://crysp.uwaterloo.ca/software/obliv/.
[43]
Sajin Sasy and Olga Ohrimenko. 2019. Oblivious Sampling Algorithms for Private Data Analysis. In Advances in Neural Information Processing Systems (NeurIPS).
[44]
Nigel P Smart and Younes Talibi Alaoui. 2019. Distributing any Elliptic Curve Based Protocol. In Proceedings of the 17th IMA International Conference on Cryptography and Coding (IMACC).
[45]
Afonso Tinoco, Sixiang Gao, and Elaine Shi. 2023. EnigMap: External-Memory Oblivious Map for Secure Enclaves. In USENIX Security Symposium.
[46]
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security Symposium.
[47]
Abraham Waksman. 1968. A Permutation Network. Journal of the ACM (JACM) (1968).
[48]
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE Symposium on Security and Privacy (S&P).
[49]
Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, and Jonathan Katz. 2016. Revisiting Square-Root ORAM: Efficient Random access in Multi-Party Computation. In 2016 IEEE Symposium on Security and Privacy (S&P).
[50]
Wenting Zheng, Ankur Dave, Jethro G Beekman, Raluca Ada Popa, Joseph E Gonzalez, and Ion Stoica. 2017. Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In USENIX Symposium on Networked Systems Design and Implementation (NSDI).
Index Terms
- Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks
Recommendations
Fast Fully Oblivious Compaction and Shuffling
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecuritySeveral privacy-preserving analytics frameworks have been proposed that use trusted execution environments (TEEs) like Intel SGX. Such frameworks often use compaction and shuffling as core primitives. However, due to advances in TEE side-channel attacks,...
Efficient Oblivious Permutation via the Waksman Network
ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications SecurityMemory accesses to data stored on an untrusted server are known to leak information, even if the data is encrypted. The oblivious permutation (OP) is a key primitive for algorithms and protocols that are designed to hide these client accesses to the ...
Private and oblivious set and multiset operations
Privacy-preserving set operations are a popular research topic. Despite a large body of literature, the great majority of the available solutions are two-party protocols and expect that each participant knows her input set in the clear. In this work, we ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2023
3722 pages
ISBN:9798400700507
DOI:10.1145/3576915
- General Chairs:
- Weizhi Meng,
- Christian D. Jensen,
- Program Chairs:
- Cas Cremers,
- Engin Kirda
Copyright © 2023 ACM.
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 November 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Ontario Graduate Scholarships
- Canada Research Chairs
- Office of Naval Research
- NSERC
- Royal Bank of Canada
Conference
CCS '23
Sponsor:
CCS '23: ACM SIGSAC Conference on Computer and Communications Security
November 26 - 30, 2023
Copenhagen, Denmark
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 274Total Downloads
- Downloads (Last 12 months)180
- Downloads (Last 6 weeks)41
Reflects downloads up to 01 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in