Implementing Support for Pointers to Private Data in a General-Purpose Secure Multi-Party Compiler

Recent compilers allow a general-purpose program (written in a conventional programming language) that handles private data to be translated into secure distributed implementation of the corresponding functionality. The resulting program is then guaranteed to provably protect private data using secure multi-party computation techniques. The goals of such compilers are generality, usability, and efficiency, but the complete set of features of a modern programming language has not been supported to date by the existing compilers. In particular, recent compilers PICCO and the two-party ANSI C compiler strive to translate any C program into its secure multi-party implementation, but currently lack support for pointers and dynamic memory allocation, which are important components of many C programs. In this work, we mitigate the limitation and add support for pointers to private data and consequently dynamic memory allocation to the PICCO compiler, enabling it to handle a more diverse set of programs over private data. Because doing so opens up a new design space, we investigate the use of pointers to private data (with known as well as private locations stored in them) in programs and report our findings. Besides dynamic memory allocation, we examine other important topics associated with common pointer use such as reference by pointer/address, casting, and building various data structures in the context of secure multi-party computation. This results in enabling the compiler to automatically translate a user program that uses pointers to private data into its distributed implementation that provably protects private data throughout the computation. We empirically evaluate the constructions and report on performance of representative programs.

💡 Research Summary

This paper addresses a critical limitation of existing secure multi‑party computation (SMC) compilers: the lack of support for pointers and dynamic memory allocation, which are essential features of the C programming language. The authors extend the PICCO compiler—a source‑to‑source translator that converts C programs annotated with private/public qualifiers into secret‑shared arithmetic code—by introducing “private pointers” and a secure malloc/free mechanism.

The design distinguishes between pointers whose target address is publicly known and those whose address is itself private. Public pointers are handled as ordinary indices into a simulated memory array. Private pointers are represented as a set of possible locations together with a secret‑shared selection bit; all pointer arithmetic, dereferencing, and comparison are expressed as linear operations on these secret‑shared structures. This representation avoids leaking any address information while allowing the compiler to generate code that works with the underlying linear secret‑sharing scheme (Shamir’s (n, t) threshold sharing).

Dynamic memory allocation is realized through secure versions of malloc and free. Allocation creates a fresh memory cell and returns its index as a secret‑shared pointer; deallocation inserts the index into a secret‑shared free‑list. All memory accesses, including those to private locations, are performed on secret‑shared data, ensuring that the access pattern does not reveal which cell is being used. The authors also handle related language constructs such as pointer casting, array indexing, and address‑of operations by translating them into appropriate secret‑shared arithmetic.

Security is proved by showing that every pointer operation can be simulated using only the secret shares, so no party learns any concrete address. The paper provides a formal argument that the extended compiler preserves the same information‑theoretic privacy guarantees as the original PICCO system.

To evaluate practicality, the authors implement a suite of pointer‑heavy data structures—singly and doubly linked lists, stacks, queues, binary search trees, and heaps—and benchmark representative programs (e.g., list insertion/deletion, tree traversal, a stack‑based shift‑reduce parser). Experiments on a three‑party setting reveal that the overhead introduced by private pointers is modest: typical programs incur a 20‑50 % increase in runtime compared with equivalent programs that avoid pointers, and the secure malloc/free operations add virtually no extra communication rounds. For small to medium data sizes, the linear‑access approach outperforms ORAM‑based solutions; only for very large data sets or highly irregular access patterns does ORAM become competitive.

The paper situates its contribution among prior SMC compilers (Fairplay, TinyGarble, SCVM, Oblivm, etc.), noting that while many of those rely on custom domain‑specific languages or ORAM for private memory, PICCO’s extension offers a generic, C‑compatible way to build arbitrary data structures without requiring the programmer to manage oblivious memory manually.

In conclusion, by integrating private pointers and dynamic memory management into PICCO, the authors substantially broaden the class of C programs that can be securely compiled and executed in an SMC setting. The work demonstrates that pointer‑based programming can be made compatible with secret‑sharing based SMC at a low performance cost, opening avenues for more natural and expressive secure applications. Future directions include hybrid ORAM‑pointer schemes, automated optimization of pointer operations, and support for concurrent or asynchronous secure computation.