On the Performance of a Trustworthy Remote Entity in Comparison to Secure Multi-party Computation

Novel trusted hardware extensions such as Intel's SGX enable user-space applications to be protected against potentially malicious operating systems. Moreover, SGX supports strong attestation guarantees, whereby remote parties can be convinced of the trustworthy nature of the executing user-space application. These developments are particularly interesting in the context of large-scale privacy-preserving data mining. In a typical data mining scenario, mutually distrustful parties have to share potentially sensitive data with an untrusted server, which in turn computes a data mining operation and returns the result to the clients. Generally, such collaborative tasks are referred to as secure multi-party computation (MPC) problems. Privacy-preserving distributed data mining has the additional requirement of (output) privacy preservation (which typically is achieved by the addition of random noise to the function output); additionally, it limits the general purpose functionality to distinct data mining operations. To solve these problems in a scalable and efficient manner, the concept of a Trustworthy Remote Entity (TRE) was recently introduced. We report upon the performance of a SGX-based TRE and compare our results to popular secure MPC frameworks. Due to limitations of the MPC frameworks, we benchmarked only simple operations (and argue that more complex data mining operations can be established by composing several basic operations). We consider both a two-party setting (where we iterate over the number of operations) and a multi-party setting (where we iterate over the number of participants).