By Daniel Demmler, Thomas Schneider and Michael Zohner (ENCRYPTO, TU Darmstadt)
in Network and Distributed System Security Symposium (NDSS’15). Paper available here.
ABY efficiently combines secure computation schemes based on Arithmetic sharing, Boolean sharing, and Yao’s garbled circuits and makes available best-practice solutions in secure two-party computation.
It allows to pre-compute almost all cryptographic operations and provides novel, highly efficient conversions between secure computation schemes based on pre-computed oblivious transfer extensions using our OT extension library available on GitHub.
ABY supports several standard operations and provides example applications.
This code is provided as a experimental implementation for testing purposes and should not be used in a productive environment. We cannot guarantee security and correctness.
A Linux distribution of your choice (ABY was developed and tested with recent versions of Debian and Ubuntu).
Required packages for ABY:
g++
(version >=8)make
cmake
libgmp-dev
libssl-dev
libboost-all-dev
(version >= 1.66)Install these packages with your favorite package manager, e.g, sudo apt-get install
.
Optional packages: doxygen
and graphviz
to create your own Doxygen documentation of the code.
bin/circ/
- Circuits in the ABY format.cmake/
- CMake helper files.extern/
- External dependencies as Git submodules.src/
- Source code.src/abycore/
- Source of the internal ABY functions.src/examples/
- Example applications. Each application has a /common
directory that holds the functionality (circuit). The idea is to re-use this circuit even outside of the application. The application’s root directory contains a .cpp
file with a main method that runs the circuit and is used to verify correctness.src/test/
- Currently one application to test internal ABY functions as well as example applications and print debug information.Clone the ABY git repository by running:
git clone https://github.com/encryptogroup/ABY.git
Enter the Framework directory: cd ABY/
Create and enter the build directory: mkdir build && cd build
Use CMake configure the build:
cmake ..
This also initializes and updates the Git submodules of the dependencies
located in extern/
. If you plan to work without a network connection,
you should to a --recursive
clone in Step 1.
Call make
in the build directory.
You can find the build executables and libraries in the directories bin/
and lib/
, respectively.
ABY depends on the OTExtension
and ENCRYPTO_utils
libraries, which are referenced using the Git submodules in the extern/
directory.
During configure phase of the build (calling cmake ..
) CMake searches your
system for these libraries.
/usr
or/usr/local
, CMake should find these automatically.~/some/path/
,CMAKE_PREFIX_PATH
cmake .. -DCMAKE_PREFIX_PATH=~/some/path/
extern/
(ifTo build the ABY test and benchmark executables as well as the bundled example
applications, you use the ABY_BUILD_EXE
option:
cmake .. -DABY_BUILD_EXE=On
You can choose the build type, e.g. Release
or Debug
using
CMAKE_BUILD_TYPE
:
cmake .. -DCMAKE_BUILD_TYPE=Release
# or
cmake .. -DCMAKE_BUILD_TYPE=Debug
Release
will enable optimizations whereas Debug
includes debug symbols.
To choose a different compiler, use the CXX
environment variable:
CXX=/usr/bin/clang++ cmake ..
Executing make clean
in the build directory removes all build artifacts.
This includes built dependencies and examples.
To clean only parts of the build, either invoke make clean
in the specific
subdirectory or use make -C
:
make clean
- clean everythingmake -C src/abycore clean
- clean only the ABY librarymake -C src/examples clean
- clean only the examplesmake -C src/test clean
- clean only the test applicationmake -C extern clean
- clean only the built dependenciesIn case you plan to use ABY for your own application, you might want to install
the ABY library to some place, for example system-wide (e.g. at /usr/local
)
or somewhere in your workspace (e.g. /path/to/aby
).
There are two relevant options:
CMAKE_INSTALL_PREFIX
/usr/local
and is preprended by CMake to all installation pathslib/
and include/
for library and header files, respectively,/usr/local/lib
and usr/local/include
).DESTDIR
Example:
If you want to install ABY to ~/path/to/aby/prefix/{include,lib}
you can use:
cmake .. -DCMAKE_INSTALL_PREFIX=""
make
make DESTDIR=~/path/to/aby/prefix install
or
cmake .. -DCMAKE_INSTALL_PREFIX=~/path/to/aby/prefix
make
make install
We provide an extensive developer guide with many examples and explanations of how to use ABY.
Also, see the online doxygen documentation of ABY for further information and comments on the code.
-DABY_BUILD_EXE=On
option and the application’s binary was created inbin/
inside the build directory.localhost
). You can run them on two different machines by specifying IP addresses and ports as parameters../millionaire_prob.exe -r 0
and ./millionaire_prob.exe -r 1
, each in a separate terminal.#define PRINT_PERFORMANCE_STATS 1
in src/abycore/ABY_utils/ABYconstants.h
in line 32.To get an idea how to create a simple ABY application, you can follow the
comments in the Millionaire’s Problem example.
If you are using CMake, install ABY somewhere it can be found and use
find_package(ABY)
or add the ABY repository as subdirectory via
add_subdirectory(path/to/ABY)
, e.g.
find_package(ABY QUIET)
if(ABY_FOUND)
message(STATUS "Found ABY")
elseif (NOT ABY_FOUND AND NOT TARGET ABY::aby)
message("ABY was not found: add ABY subdirectory")
add_subdirectory(extern/ABY)
endif()
Then define your executable and link it to the ABY::aby
target:
add_executable(my_application my_application.cpp)
target_link_libraries(my_application ABY::aby)
Otherwise, setup the include path such that the headers of ABY and its
dependencies can be found and link your application to the libaby.a
library and the other dependencies (see above).