Collaborative Research: SaTC: CORE: Medium: Hybridizing Trusted Execution Environments and Secure Multiparty Computation

协作研究：SaTC：核心：中：混合可信执行环境和安全多方计算

• 批准号: 2112751
• 负责人: Ari Juels
• 金额: $ 40万
• 依托单位: Cornell University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2112751&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

As sensitive digital information proliferates and concerns grow about its improper use by enterprises and governments, two major technical approaches have arisen to address the challenges of secure computation. Trusted execution environments (TEEs) and secure multiparty computation (MPC) both aim to make computation trustworthy in two senses: They ensure the integrity, i.e., correctness, of the computation, and they provide confidentiality for the data over which they compute. The two approaches differ starkly, however, in their security models and performance. TEEs rely on the properties of hardware for their security assurance. They offer high performance, in some cases close to native CPU speeds, but have proven vulnerable to a number of serious side-channel attacks. Conversely, MPC relies on a committee of cooperating nodes, with strong cryptographic security guarantees given an honest quorum. Its performance, however, is inadequate for regular use with conventional applications. The novelty of this project is to provide a general exploration of secure protocol design through a synthesis of TEEs and MPC that takes advantage of their respective strengths and weaknesses. The impacts of this project will include the design of new protocols that can be used in corporate and government use of sensitive consumer data, while mitigating the risk of data breaches or policy violations. It will also advance the usefulness of TEE-based computing which has been an industry recognized need.Mathematically modelling and devising principled, empirically grounded protocol designs for a combination of TEEs and MPC poses a range of technical research challenges. This project starts from a new protocol framework, "Knights and Knaves" (KN framework), that applies TEEs so as to limit the impact of TEE compromise and leverage MPC to achieve stronger systemic security. This project will explore techniques for rapid detection and broad notification of TEE compromise, constraining the impact of such compromise in relying applications, and enabling failover where needed to MPC. It will also explore ways that TEEs can conversely harden and improve the performance of MPC deployments. Finally, the project considers ways to scale the KN framework through the classic technique of sharding, with new techniques for concealing shard boundaries. The project builds on investigators’ prior experience in the Universal Composability (UC) framework as a basis for rigorous security modeling, and additionally uses a decentralized identity platform called CanDID as a testbed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着敏感数字信息的激增以及企业和政府对其不当使用的担忧日益增长，出现了两种主要的技术方法来解决安全计算的挑战。可信执行环境（tee）和安全多方计算（MPC）都旨在从两个方面使计算可信：它们确保计算的完整性，即正确性，并为它们所计算的数据提供机密性。然而，这两种方法在安全模型和性能方面存在明显差异。tee依赖于硬件的属性来保证其安全性。它们提供高性能，在某些情况下接近本机CPU速度，但已被证明容易受到许多严重的侧信道攻击。相反，MPC依赖于合作节点委员会，具有强大的加密安全保证，并提供诚实的法定人数。然而，它的性能对于常规应用来说是不够的。这个项目的新颖之处在于，通过综合tee和MPC，利用它们各自的优缺点，提供了对安全协议设计的一般探索。该项目的影响将包括设计可用于企业和政府使用敏感消费者数据的新协议，同时降低数据泄露或违反政策的风险。它还将提高基于tee的计算的实用性，这已经是业界公认的需求。数学建模和设计原则，经验为基础的协议设计的tee和MPC的组合提出了一系列的技术研究挑战。本项目从一个新的协议框架“骑士与骑士”（KN框架）开始，通过应用TEE来限制TEE妥协的影响，并利用MPC来实现更强的系统安全性。该项目将探索快速检测和广泛通知TEE泄漏的技术，限制此类泄漏对依赖应用程序的影响，并在需要时启用MPC故障转移。它还将探索tee反过来加强和提高MPC部署性能的方法。最后，该项目考虑了通过经典的分片技术扩展KN框架的方法，并使用隐藏分片边界的新技术。该项目以研究人员之前在通用可组合性（UC）框架方面的经验为基础，作为严格的安全建模的基础，并且还使用了一个名为CanDID的分散身份平台作为测试平台。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。