Application-Scale Secure Multiparty Computation

Secure multiparty computation MPC permits a collection of parties to compute a collaborative result without any of the parties or compute servers gaining any knowledge about the inputs provided by other parties, except what can be determined from the output of the computation. In the form of MPC known as linear or additive sharing, computation proceeds on data that appears entirely random. Operations such as addition or logical-XOR can be performed purely locally, but operations such as multiplication or logical-AND require a network communication between the parties. Consequently, the computational overhead of MPC is large, and the cost is still measured in orders of magnitude slowdown with respect to computing in the clear. However, efficiency improvements over the last few years have shifted the potential applicability of MPC from just micro benchmarks to user-level applications. To assess how close MPC is to real world use we implement and assess two very different MPC-based applications--secure email filtering and secure teleconference VoIP. Because the computation cost model is very different from traditional machines, the implementations required a significantly different set of algorithmic and compiler techniques. We describe a collection of the techniques we found to be important, including SAT-based circuit optimization and an optimized table lookup primitive.

[1]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[2]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[3]  Philip Wadler,et al.  A practical subtyping system for Erlang , 1997, ICFP '97.

[4]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[5]  Thomas Wilke,et al.  A play on regular expressions: functional pearl , 2010, ICFP '10.

[6]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[7]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[8]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[9]  Armin Biere,et al.  DepQBF: A Dependency-Aware QBF Solver , 2010, J. Satisf. Boolean Model. Comput..

[10]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[11]  Christoph Böhm,et al.  The Basic Applications , 2013 .

[12]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[13]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[14]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[15]  John Launchbury,et al.  Efficient lookup-table protocol in secure multiparty computation , 2012, ICFP.

[16]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .