Lib.rs

Cryptography
#garbled-circuits #smpc #circuit-description #secure-computation #crypto

tandem

Cryptographic Engine for Secure Multi-Party Computation using Garbled Circuits

Owned by Martin Pompéry, sine-fdn.

4 releases (2 breaking)

0.3.0 Nov 30, 2022
0.2.1 Nov 30, 2022
0.2.0 Nov 30, 2022
0.1.0 Nov 28, 2022

#616 in Cryptography

Download history 5/week @ 2024-02-16 20/week @ 2024-02-23 8/week @ 2024-03-01 10/week @ 2024-03-08 12/week @ 2024-03-15 9/week @ 2024-03-22 28/week @ 2024-03-29

60 downloads per month
Used in 3 crates

MIT license

115KB
2.5K SLoC

Tandem

Tandem is an SMPC engine implementing the WRK17[^1] protocol as a non-blocking FSM, with an OT extension and optimizations based on ALSZ13[^2] and a base OT implementation based on ABKLX21[^3].

For the time being, Tandem only supports two-party computation.

Please note:

The present is still an alpha release. Caution is therefore recommended when using it. Although the engine is secure, no highly-sensitive data should yet depend on it.

If you find any bugs, encounter unexpected behavior or have suggestions on how to improve Tandem, please let us know by opening an issue.

High-Level Description of the Engine

The following is a very high-level description of how the Tandem engine works. For a more detailed approach, please refer to the code-level documentation, starting here.

The protocol implemented by the Tandem engine rests on the exchange of encrypted messages between two parties: the Contributor and the Evaluator. The Contributor provides an input to the MPC protocol and always sends the first message. The Evaluator evaluates the circuit (together with its input) and decrypts the output.

Both Contributor and Evaluator need three arguments to be initialized: a Garbled Circuit, input gates (an array of bools) and an RNG (in this case ChaCha20Rng). When the Contributor is initialized, its original state is determined and an encrypted message is generated. The Evaluator is initialized with an original state but no message. Rather, it awaits a message from the Contributor.

The protocol starts when the Contributor sends its initial message to the Evaluator. Based on the received message, the Evaluator sends another encrypted message to the Contributor and transitions into a new state. Receiving the message from the Evaluator, the Contributor sends a new message and transitions into a new state. This back-and-forth communication takes place a total of six times. When the final message is received by the Evaluator, the output is decrypted and the protocol ends.

[^1]: Wang, Ranellucci, and Katz (2017). [^2]: Asharov, Lindell, Schneider, and Zohner (2013) [^3]: Abdalla, Barbosa, Katz, Loss, and Xu (2021)

Dependencies

~3.5–4.5MB
~108K SLoC