International Association
for Cryptologic Research

Many techniques for secure or private execution depend on executing programs in a data-oblivious way, where the same instructions execute independent of the private inputs which are kept in encrypted form

throughout the computation. Designers of such computations today must either put substantial effort into constructing a circuit representation of their algorithm, or use a high-level language and lose the opportunity to make important optimizations or experiment with protocol variations. We show how extensibility can be

improved by judiciously exposing the nature of data-oblivious computation. We introduce a new language that allows application developers to program secure computations without being experts in cryptography, while enabling programmers to create abstractions such as oblivious RAM and width-limited integers, or even new protocols without needing to modify the

compiler. This paper explains the key language features that safely enable such extensibility and describes the simple implementation approach we use to ensure security properties are preserved.