Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Practical Secure Aggregation by Combining Cryptography and Trusted Execution Environments

Romain de Laage, Peterson Yuhala, François-Xavier Wicht, Pascal Felber, Christian Cachin, Valerio Schiavoni

TL;DR

"Practical Secure Aggregation by Combining Cryptography and Trusted Execution Environments" investigates how to compute group aggregates from private inputs without leaking individual data. It analyzes six secure aggregation variants that combine threshold cryptography (FHE/ThFHE) with TEEs (e.g., Intel SGX) and, where needed, oblivious transfer, to balance privacy and performance. The study provides a detailed implementation and extensive evaluation, showing that TEEs can drastically reduce both communication (up to ~41x) and computation (up to ~785x) overheads compared to crypto-only approaches, and that heterogeneous deployments can adapt to hardware availability and policy constraints. These results demonstrate practical pathways for privacy-preserving data analytics and federated computations in environments with varying trust and hardware capabilities."

Abstract

Secure aggregation enables a group of mutually distrustful parties, each holding private inputs, to collaboratively compute an aggregate value while preserving the privacy of their individual inputs. However, a major challenge in adopting secure aggregation approaches for practical applications is the significant computational overhead of the underlying cryptographic protocols, e.g. fully homomorphic encryption. This overhead makes secure aggregation protocols impractical, especially for large datasets. In contrast, hardware-based security techniques such as trusted execution environments (TEEs) enable computation at near-native speeds, making them a promising alternative for reducing the computational burden typically associated with purely cryptographic techniques. Yet, in many scenarios, parties may opt for either cryptographic or hardware-based security mechanisms, highlighting the need for hybrid approaches. In this work, we introduce several secure aggregation architectures that integrate both cryptographic and TEE-based techniques, analyzing the trade-offs between security and performance.

Practical Secure Aggregation by Combining Cryptography and Trusted Execution Environments

TL;DR

"Practical Secure Aggregation by Combining Cryptography and Trusted Execution Environments" investigates how to compute group aggregates from private inputs without leaking individual data. It analyzes six secure aggregation variants that combine threshold cryptography (FHE/ThFHE) with TEEs (e.g., Intel SGX) and, where needed, oblivious transfer, to balance privacy and performance. The study provides a detailed implementation and extensive evaluation, showing that TEEs can drastically reduce both communication (up to ~41x) and computation (up to ~785x) overheads compared to crypto-only approaches, and that heterogeneous deployments can adapt to hardware availability and policy constraints. These results demonstrate practical pathways for privacy-preserving data analytics and federated computations in environments with varying trust and hardware capabilities."

Abstract

Secure aggregation enables a group of mutually distrustful parties, each holding private inputs, to collaboratively compute an aggregate value while preserving the privacy of their individual inputs. However, a major challenge in adopting secure aggregation approaches for practical applications is the significant computational overhead of the underlying cryptographic protocols, e.g. fully homomorphic encryption. This overhead makes secure aggregation protocols impractical, especially for large datasets. In contrast, hardware-based security techniques such as trusted execution environments (TEEs) enable computation at near-native speeds, making them a promising alternative for reducing the computational burden typically associated with purely cryptographic techniques. Yet, in many scenarios, parties may opt for either cryptographic or hardware-based security mechanisms, highlighting the need for hybrid approaches. In this work, we introduce several secure aggregation architectures that integrate both cryptographic and TEE-based techniques, analyzing the trade-offs between security and performance.

Paper Structure

This paper contains 26 sections, 11 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Secure aggregation
  4. Fully homomorphic encryption
  5. Trusted execution environments
  6. Adversarial model
  7. Architecture
  8. Protocol definition
  9. Description of primitives used
  10. Secure aggregation variants
  11. No TEE at P, no TEE at A, non-confidential query
  12. No TEE at P, TEE at A, non-confidential query
  13. No TEE at P, no TEE at A, confidential query
  14. No TEE at P, TEE at A, confidential query
  15. TEE at P, no TEE at A, confidential query
  16. ...and 11 more sections

Figures (11)

  • Figure 1: An overview of the generic secure aggregation architecture considered. We explore different variants of this architecture where the parties and aggregator adopt different mechanisms for ensuring data privacy.
  • Figure 2: No TEE at P, no TEE at A, non-confidential query
  • Figure 3: No TEE at P, TEE at A, non-confidential query
  • Figure 4: No TEE at P, no TEE at A, confidential query. The OT protocol involves multiple rounds of message exchanges and cryptographic operations between A and $P_i$. These details are omitted from the figure for simplicity.
  • Figure 5: No TEE at P, TEE at A, confidential query
  • ...and 6 more figures