Confidential Benchmarking Based on Multiparty Computation

We report on the design and implementation of a system that uses multiparty computation to enable banks to benchmark their customers’ confidential performance data against a large representative set of confidential performance data from a consultancy house. The system ensures that both the banks’ and the consultancy house’s data stays confidential, the banks as clients learn nothing but the computed benchmarking score. In the concrete business application, the developed prototype helps Danish banks to find the most efficient customers among a large and challenging group of agricultural customers with too much debt. We propose a model based on linear programming for doing the benchmarking and implement it using the SPDZ protocol by Damgard et al., which we modify using a new idea that allows clients to supply data and get output without having to participate in the preprocessing phase and without keeping state during the computation. We ran the system with two servers doing the secure computation using a database with information on about 2500 users. Answers arrived in about 25 s.

[1]  A. U.S.,et al.  Measuring the efficiency of decision making units , 2003 .

[2]  Tomas Toft,et al.  Constant-Rounds, Almost-Linear Bit-Decomposition of Secret Shared Values , 2009, CT-RSA.

[3]  Florian Kerschbaum,et al.  Filtering for Private Collaborative Benchmarking , 2006, ETRICS.

[4]  Koen Vanhoof,et al.  Bankruptcy prediction using a data envelopment analysis , 2004, Eur. J. Oper. Res..

[5]  Ali Emrouznejad,et al.  Evaluation of research in efficiency and productivity: A survey and analysis of the first 30 years , 2008 .

[6]  Florian Kerschbaum Building a privacy-preserving benchmarking enterprise system , 2008, Enterp. Inf. Syst..

[7]  Florian Kerschbaum,et al.  Practical Privacy-Preserving Benchmarking , 2008, SEC.

[8]  Tomas Toft Solving Linear Programs Using Multiparty Computation , 2009, Financial Cryptography.

[9]  Octavian Catrina,et al.  Secure Multiparty Linear Programming Using Fixed-Point Arithmetic , 2010, ESORICS.

[10]  Per J. Agrell,et al.  DEA and Dynamic Yardstick Competition in Scandinavian Electricity Distribution , 2005 .

[11]  P. Bogetoft,et al.  Benchmarking with DEA, SFA, and R , 2011 .

[12]  M. Asmild,et al.  Using DEA and Worst Practice DEA in Credit Risk Evaluation , 2004 .

[13]  Mette Asmild,et al.  Are high labour costs destroying the competitiveness of Danish dairy farmers? Evidence from an international benchmarking analysis , 2012 .

[14]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[15]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[16]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[17]  Tomas Toft,et al.  Secure Relative Performance Scheme , 2007, WINE.

[18]  A. Charnes,et al.  Some Models for Estimating Technical and Scale Inefficiencies in Data Envelopment Analysis , 1984 .

[19]  Claudio Orlandi,et al.  A Framework for Outsourcing of Secure Computation , 2014, CCSW.

[20]  Octavian Catrina,et al.  Secure Collaborative Supply-Chain Management , 2011, Computer.

[21]  Loretta J. Mester What's the point of credit scoring? , 1997 .

[22]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[23]  W. Cooper,et al.  A Comprehensive Text with Models , Applications , References and DEA-Solver Software , 2000 .

[24]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[25]  Abraham Charnes,et al.  Measuring the efficiency of decision making units , 1978 .

[26]  Toshiyuki Sueyoshi,et al.  DEA as a tool for bankruptcy assessment: A comparative study with logistic regression technique , 2009, Eur. J. Oper. Res..

[27]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[28]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[29]  Peter Bogetoft,et al.  DEA based auctions , 2008, Eur. J. Oper. Res..

[30]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[31]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.