1. A Secure Protocol for Computing Dot-products in Clustered and Distributed Environments Ioannis Ioannidis, Ananth Grama and Mikhail Atallah Purdue University. Acknowledgements: National Science Foundation.

2. The Problem Dot-products are the basis of many important applications Scientific computations Data mining Transaction processing Biometrics Use of distributed environments creates security issues Data too valuable to expose Untrusted links or hosts Spoofing is very easy

3. The Problem Each party is honest-but-curious –They play by the rules, but if they can find out more, they will. Only one of the parties is interested in the result. We have a random number generator, which generates a uniformly distributed random integer, cast into a real.

4. Candidate Solution Use conventional cryptography –Secure tunneling can protect the links –More complex protocols offer protection against untrusted hosts Unfortunately, public-key crypto has a high complexity –Modular exponentiation computations can have a crippling effect on the overall performance

5. Security vs. Efficiency Ideally, no information should leak about the participating vectors during a secure dot- product protocol However, in the context of the given problem, in a clustered environment, security need not be so tight –Dot-products inherently leak data in the solution –Some leakage may be acceptable, since the same dot-product will not be computed multiple times –Small compromises in security can lead to large gains in efficiency

6. An Efficient Alternative Use linear algebraic properties to achieve a sufficient level of security –Hide a vector inside a matrix –Scramble the matrix –Multiply the matrix by the other vector –Retrieve the dot-product –A large part of the computation can be reused –Both parties must share a secret – a number – before the protocol

7. An Efficient Alternative Security is not perfect –A small number of equations will leak –Statistics can reveal information But is sufficient for a real-world setting –If you don’t need to execute the same instance many times, leaking a few equations is not a problem –Statistical attacks demand larges amounts of information –Not so easy to gather them in clustered environments

8. The Protocol

12. An Example:

13. Example (continued):

14. Proof of Correctness

17. Algorithmic Considerations Time overhead –How much more computation needs to be performed? –Public-key cryptography adds an unacceptable amount of overhead. –But it is the only solution if perfect secrecy is the goal. Communication overhead –Network latency prevails in larger networks. –Bit count is the decisive factor in tightly coupled networks.

18. Stability Considerations Algebraic manipulations of the data can introduce numerical errors in scientific computation data. Any protocol applied to real-valued vectors must be numerically stable to be of practical importance.

19. Experimental Results The protocol was executed on two PIII/450Mhz machines connected on a Gigabit Ethernet network Data was randomly generated vectors of length 10 6 We measured the total overhead (computation and communication) –Communication overhead is expected to be a factor of 4

20. Experimental Results Measured overhead showed a factor of 4.69 overhead –Communication overhead is the dominating factor, even on a fast network Average numerical error was measured to 4.5 x 10 -9

21. Conclusions and Ongoing Research It is possible to execute multiparty, real- valued dot-product computations efficiently and with satisfactory security Binary dot-products pose a different problem due to the sparsity of the vectors –Number theoretic techniques introduce large time and communication overheads