# A New Way to Think About Secure Computation: Language-based Secure Computation

### Florian Kerschbaum

#### Abstract

Assume two parties, Alice and Bob, want to compute a joint function, but they want to keep their inputs private. This problem setting and its solutions are known as secure computation. General solutions to secure computation require the construction of a binary circuit for the function to be computed. This paper proposes the concept of language-based secure computation. Instead of constructing a binary circuit program code is directly translated into a secure computation protocol. This concept is compared to the approaches for language-based information-flow security and many connections between the two approaches are identified. The major challenge in this translation is the secure translation of the program’s control-flow without leaking private information via a timing channel. The paper presents a method for translating an if statement with a secret branching condition that may not be known to any party. Furthermore, that protocol can be optimized using trusted computing, such that the overall performance of a program executed as a secure computation protocol can be greatly improved.

#### References

- J. Agat. Transforming out timing leaks. Proceedings of the ACM Symposium on Principles of programming languages, 2000.
- J. Agat, and D. Sands. On Confidentiality and Algorithms. Proceedings of the IEEE Symposium on Security and Privacy, 2001.
- Z. Benenson, F. Gärtner, and D. Kesdogan. Secure Multi-Party Computation with Security Modules. Proceedings of SICHERHEIT, 2005.
- M. Ben-Or, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proceedings of the 20th ACM symposium on theory of computing, 1988.
- D. Brumley, and D. Boneh. Remote Timing Attacks Are Practical. Proceedings of the USENIX security symposium, 2003.
- D. Denning. A lattice model of secure information flow. Communications of the ACM 19(5), 1976.
- C. Fournet, and A. Gordon. Stack Inspection: Theory and Variants. Proceedings of the 29th ACM symposium on principles of programming languages, 2002.
- O. Goldreich. Secure Multi-party Computation. Available at www.wisdom.weizmann.ac.il/˜oded/pp.html, 2002.
- S. Goldwasser. Multi party computations: past and present. Proceedings of the 16th ACM symposium on principles of distributed computing, 1997.
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. Proceedings of the 19th ACM conference on theory of computing, 1987.
- O. Goldreich, and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 1996.
- J. Gosling, B. Joy, and G. Steele. The Java Language Specification. Addison-Wesley, 1996.
- P. Kocher. Timings attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. Proceedings of CRYPTO, 1996.
- Y. Lindell, and B. Pinkas. Privacy Preserving Data Mining. Proceedings of CRYPTO, 2000.
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay - A Secure Two-party Computation System. Proceedings of the USENIX security symposium, 2004.
- A. Myers. JFlow: Practical Mostly-Static Information Flow Control. Proceedings of the ACM Symposium on Principles of Programming Languages, 1999.
- G. Necula, and P. Lee. Safe Kernel Extensions Without Run-Time Checking. Proceedings of USENIX Symposium on Operating Systems Design and Implementation, 1996.
- O. Rabin. How to exchange secrets by oblivious transfer. Technical Memo TR-81, Aiken Computation Laboratory, 1981.
- A. Sabelfeld, and H. Mantel. Static confidentiality enforcement for distributed programs. Proceedings of the Symposium on Static Analysis, 2002.
- A. Sabelfeld, and A. Myers. Language-Based Information-Flow Security. IEEE Journal on selected areas in communications 21(1), 2003.
- D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security 4(3), 1996.
- C. Wang, J. Davidson, J. Hill, and J. Knight. Protection of Software-based Survivability Mechanisms. Proceedings of the international conference of dependable systems and networks, 2001.
- A. Yao. Protocols for Secure Computations. Proceedings of the IEEE Symposium on foundations of computer science 23, 1982.
- S. Zdancewic, L. Zheng, N. Nystrom, and A. Myers. Secure program partitioning. ACM Transactions on Computer Systems 20(3), 2002.

#### Paper Citation

#### in Harvard Style

Kerschbaum F. (2007). **A New Way to Think About Secure Computation: Language-based Secure Computation** . In *Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)* ISBN 978-972-8865-96-2, pages 33-42. DOI: 10.5220/0002423300330042

#### in Bibtex Style

@conference{wosis07,

author={Florian Kerschbaum},

title={A New Way to Think About Secure Computation: Language-based Secure Computation},

booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},

year={2007},

pages={33-42},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0002423300330042},

isbn={978-972-8865-96-2},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)

TI - A New Way to Think About Secure Computation: Language-based Secure Computation

SN - 978-972-8865-96-2

AU - Kerschbaum F.

PY - 2007

SP - 33

EP - 42

DO - 10.5220/0002423300330042