MP-SPDZ icon indicating copy to clipboard operation
MP-SPDZ copied to clipboard
verified publisher icon data61

Report security issue in the truncpr protocols

Open GuopengLin opened this issue 1 year ago • 1 comments

Hello Keller,

In the paper "Efficient 3PC for Binary Circuits with Application to Maliciously-Secure DNN Inference" (Usenix Security 2023), the authors point out that the truncpr protocol proposed in several works [1][2][3] may have security vulnerabilities. I notice that the truncpr protocol in MP-SPDZ appears to be implemented based on these papers, and therefore, it may also be insecure.

[1] SecureML: A System for Scalable Privacy-Preserving Machine Learning [2] ABY3: A Mixed Protocol Framework for Machine Learning [3] Improved Primitives for Secure Multiparty Integer Computation

GuopengLin avatar Sep 09 '24 07:09 GuopengLin

Hi, in the paper "Efficient 3PC for Binary Circuits with Application to Maliciously-Secure DNN Inference" they showed the truncation does not securely realise the functionality they had defined. Recently, Santos et al. [1] have shown if the ideal functionality is modified to imitate the probabilistic behavior at the cost of an acceptable leak, it can be proved the protocol is secure.

[1] Santos, Manuel B., et al. "Curl: Private LLMs through Wavelet-Encoded Look-Up Tables." Cryptology ePrint Archive (2024).https://ia.cr/2024/1127

Maffo1408 avatar Sep 09 '24 11:09 Maffo1408

Thank you both for the discussion. You should find that 3319206ec39a116eff10f254bdf6ad350696d946 adds a warning referring to the latter paper.

mkskeller avatar Oct 08 '24 02:10 mkskeller