Cryptology ePrint Archive: Report 2014/467
Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens
Daniel Demmler and Thomas Schneider and Michael Zohner
Abstract: Secure two-party computation allows two mutually distrusting parties to jointly compute an arbitrary function on their private inputs without revealing anything but the result. An interesting target for deploying secure computation protocols are mobile devices as they contain a lot of sensitive user data. However, their resource restriction makes the deployment of secure computation protocols a challenging task.
In this work, we optimize and implement the secure computation protocol by Goldreich-Micali-Wigderson (GMW) on mobile phones. To increase performance, we extend the protocol by a trusted hardware token (i.e., a smartcard). The trusted hardware token allows to pre-compute most of the workload in an initialization phase, which is executed locally on one device and can be pre-computed independently of the later communication partner. We develop and analyze a proof-of-concept implementation of generic secure two-party computation on Android smart phones making use of a microSD smartcard. Our use cases include private set intersection for finding shared contacts and private scheduling of a meeting with location preferences. For private set intersection, our token-aided implementation on mobile phones is up to two orders of magnitude faster than previous generic secure two-party computation protocols on mobile phones and even as fast as previous work on desktop computers.
Category / Keywords: cryptographic protocols / secure computation, smart cards, implementation
Original Publication (with major differences): USENIX Security Symposium 2014
Date: received 16 Jun 2014, last revised 3 Jul 2014
Contact author: daniel demmler at ec-spride de
Available format(s): PDF | BibTeX Citation
Note: This new revision contains minor cosmetic changes.
Version: 20140703:120925 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]