Computations Markus Hauck 1 Savvas Savvides 2 Patrick Eugster 2 Mira Mezini 3 Guido Salvaneschi3 1codecentric AG 2Purdue University 3TU Darmstadt October 30, 2016 Markus Hauck - SecureScala: Scala Embedding of Secure Computations 1
offers cheap processing power we have more data available than ever but what about sensitive data? Markus Hauck - SecureScala: Scala Embedding of Secure Computations 2
decrypt for computation = danger of leak need to compute over encrypted data: secure function evaluation using garbled circuits Markus Hauck - SecureScala: Scala Embedding of Secure Computations 3
decrypt for computation = danger of leak need to compute over encrypted data: secure function evaluation using garbled circuits Homomorphic Encryption Schemes fully homomorphic (FHE) partial homomorphic (PHE) Markus Hauck - SecureScala: Scala Embedding of Secure Computations 3
on cipher text without decryption fully homomorphic encryption schemes support at least multiplication and addition far too expensive for practical use partial homomorphic encryption schemes in most cases support only one operation collection of schemes for multiple operations significant overhead but usable in practice Markus Hauck - SecureScala: Scala Embedding of Secure Computations 4
/ external DSL goal: use general purpose language How implement embedded DSL in Scala user: no cryptographic knowledge external libraries! Markus Hauck - SecureScala: Scala Embedding of Secure Computations 5
ADT to encode encrypted integers sealed trait EncInt case class PaillierEnc(...) extends EncInt // addition case class ElGamalEnc(...) extends EncInt // multiplication case class AesEnc(...) extends EncInt // equality case class OpeEnc(...) extends EncInt // ordering Markus Hauck - SecureScala: Scala Embedding of Secure Computations 6
EncInt, rhs: EncInt): EncInt = (lhs,rhs) match { case (x@PaillierEnc(...),y@PaillierEnc(...)) => x + y case (_,_) => convert(lhs) + convert(rhs) } both operands encrypted under same scheme = easy just use homomorphic property of Paillier different schemes? We need to convert conversion = decryption + encryption Markus Hauck - SecureScala: Scala Embedding of Secure Computations 7
EncInt, rhs: EncInt): EncInt = (lhs,rhs) match { case (x@PaillierEnc(...),y@PaillierEnc(...)) => x + y case (_,_) => convert(lhs) + convert(rhs) } both operands encrypted under same scheme = easy just use homomorphic property of Paillier different schemes? We need to convert conversion = decryption + encryption decryption in the cloud? Markus Hauck - SecureScala: Scala Embedding of Secure Computations 7
EncInt, rhs: EncInt): EncInt = (lhs,rhs) match { case (x@PaillierEnc(...),y@PaillierEnc(...)) => x + y case (_,_) => convert(lhs) + convert(rhs) } both operands encrypted under same scheme = easy just use homomorphic property of Paillier different schemes? We need to convert conversion = decryption + encryption decryption in the cloud? bad! Markus Hauck - SecureScala: Scala Embedding of Secure Computations 7
Haskell for DSLs define base functor for operations get a monad for free to sequence them programs are first class, write interpreter Markus Hauck - SecureScala: Scala Embedding of Secure Computations 9
programs without caring about encryption schemes programs are first class, interpreter used to execute them swap interpreters adds flexibility Markus Hauck - SecureScala: Scala Embedding of Secure Computations 14
programs without caring about encryption schemes programs are first class, interpreter used to execute them swap interpreters adds flexibility free monads have drawbacks no static analysis forced sequential execution Markus Hauck - SecureScala: Scala Embedding of Secure Computations 14
7 + 7 + 7 + 7 + 7 convert operand, exploit homomorphic property, and so on . . . Problem we cannot look ahead, the continuation needs an argument Markus Hauck - SecureScala: Scala Embedding of Secure Computations 15
functor are less expressive than free monads applicative functors: “lifting” of pure functions over effectful arguments can not depend on effectful results (this is the essence of (>>=)/flatMap) Markus Hauck - SecureScala: Scala Embedding of Secure Computations 16
functor are less expressive than free monads applicative functors: “lifting” of pure functions over effectful arguments can not depend on effectful results (this is the essence of (>>=)/flatMap) Why switch? implicit parallel execution static analysis Markus Hauck - SecureScala: Scala Embedding of Secure Computations 16
7 + 7 + 7 + 7 + 7 done different to monadic version: parallel conversion structure of the computation is known = static analysis Markus Hauck - SecureScala: Scala Embedding of Secure Computations 17
free applicative functors, inspect and transform programs count number of different schemes count number of conversions needed perform conversion (might involve network) in a separate phase batch conversion requests for huge number of requests Markus Hauck - SecureScala: Scala Embedding of Secure Computations 18
depend on previous effects free applicative functors: implicit parallelism + static analysis solution: use monads on the outside, applicative where possible Markus Hauck - SecureScala: Scala Embedding of Secure Computations 19
depend on previous effects free applicative functors: implicit parallelism + static analysis solution: use monads on the outside, applicative where possible different types for programs: type Crypto[A] = FreeAp[CryptoF, A] type CryptoM[A] = Free[Coproduct[CryptoF,Embed,?], A] Markus Hauck - SecureScala: Scala Embedding of Secure Computations 19
for the two program types by default applicative programs can be executed like monadic programs we can specialize applicative interpretation trait CryptoInterpreter[F[_]] { def interpret[A](p: CryptoM[A]): F[A] def interpretA[A](p: Crypto[A]): F[A] = interpret(embed(p)) } Markus Hauck - SecureScala: Scala Embedding of Secure Computations 20
provide a lot of functionality for free effectful mapping (traverse) monadic folding (foldLeftM,foldRightM) lifting functions (Applicative) and many more (Scalaz, Cats) Markus Hauck - SecureScala: Scala Embedding of Secure Computations 23
trait LicensePlateEvent { def car: EncString def speed: EncInt def time: Long } case class CarStart(...) extends LicensePlateEvent case class CheckPoint(...) extends LicensePlateEvent case class CarGoal(...) extends LicensePlateEvent Markus Hauck - SecureScala: Scala Embedding of Secure Computations 26
car AS license, number, speed FROM CheckPoint WHERE Interp.isTooFast(speed) object Interp { val keyRing: KeyRing = KeyRing.create val interpret = LocalInterpreter(keyRing) val speedLimit: EncInt = encrypt(keyRing)(130) def isTooFast(s: EncInt): Boolean = interpret(s > speedLimit) } Markus Hauck - SecureScala: Scala Embedding of Secure Computations 27
Scala write programs working over encrypted data significant overhead, but still usable can be used in combination with libraries Markus Hauck - SecureScala: Scala Embedding of Secure Computations 30
Scala write programs working over encrypted data significant overhead, but still usable can be used in combination with libraries Thank you for your attention Markus Hauck - SecureScala: Scala Embedding of Secure Computations 30
scenario: collection of bank accounts events: transfer random amount of money between random accounts colorize in GUI based on balance Markus Hauck - SecureScala: Scala Embedding of Secure Computations 34
markus1189
hanetsuki
tomokusaba
oskmr
lewuathe
free_world21
bkuhlmann
polamjag
gotok365
kentaroutakeda
shinden
pyama86
hannesfritz
reverentgeek
jonyablonski
jnunemaker
jakevdp
jacobian
addyosmani
keathley
pedronauck
paigeccino
samlambert
aleyda
(p: Crypto[A]): A = p.resume match](https://files.speakerdeck.com/presentations/b84f36ed7c3a4f0286379477b149ce20/slide_51.jpg){kind=link}
