1 / 50

A Survey of MPC Offerings

Discover why MPC is crucial today for secure computation, balancing benefits and caveats while showcasing its historical evolution and vital software dimensions.

glennon
Download Presentation

A Survey of MPC Offerings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Survey of MPC Offerings Mayank Varia Boston University

  2. Why are people interested in MPC nowadays? Whatis it? How is MPC positively benefitting society? Caveats throughout This talk only subsamples the answer to each question! Descriptions + figures are reproduced from original works

  3. Why now? Mechanization Electricity Automation Data & knowledge Source: World Economic Forum 2016, https://www.weforum.org/centre-for-the-fourth-industrial-revolution

  4. “Data is the new oil” –Shivon Zilis, Bloomberg Beta “Data will become a currency” – David Kenny, IBM Watson

  5. “Data is a toxic asset” – Bruce Schneier, 2016

  6. Valuableshare data →new social insights Toxicsilo data → safeguard privacy Images: Facebook, Wikipedia

  7. s s Inputparties Computeparties f f Outputparties

  8. MPC’s role in secure computing

  9. Dimensions for 2/3/MPC Source: Perry, Gupta, Feigenbaum, Wright, Systematizing Secure Computation for Research and Decision Support

  10. Stages to realize MPC

  11. Stages to realize MPC s0 b OT s1 sb Secret sharing Garbled circuits Oblivious transfer Somewhat homenc

  12. MPC: the first 40 years Shamir secret sharing GMW BGW 1980s: Existence 1990s: Adolescence 2000s: Idealism 2010s: Pragmatism Yao’s garbled circuits

  13. MPC: the first 40 years Shamir secret sharing Beaver triples GMW BGW Packed SS 1980s: Existence 1990s: Adolescence 2000s: Idealism 2010s: Pragmatism Yao’s garbled circuits point & permute row reduction

  14. MPC: the first 40 years Shamir secret sharing Beaver triples Homomorphic secret sharing GMW BGW Packed SS 1980s: Existence 1990s: Adolescence 2000s: Idealism 2010s: Pragmatism Yao’s garbled circuits point & permute row reduction OT extension free XOR Fairplay

  15. MPC: the first 40 years Shamir secret sharing Beaver triples Homomorphic secret sharing Homomorphic Enc and MACs × via OT GMW BGW Packed SS 1980s: Existence 1990s: Adolescence 2000s: Idealism 2010s: Pragmatism Yao’s garbled circuits point & permute row reduction OT extension free XOR fleXOR half gates Fairplay

  16. Stages to realize MPC Source: Sharemind blog, Standardisationefforts on secure computing

  17. Stages to realize MPC

  18. Throughput: secret sharing MPC on AES

  19. Latency: 2PC garbled circuits Source: Mike Rosulek, A Brief History of Practical Garbled Circuit Optimizations

  20. Dimensions of MPC software Low-level control vs high-level abstraction of… Data types: bool, int, fixed-pt, float, date, string Data import, eg from external file or database Programming language to encode the desired functionality Native keywords, methods, pre-compiled routines Syntactic sugar to control execution of the computation Type system to validate proper data flow

  21. More control Linreg MPC Batched OPRF Fairplay Charm SCAPI Gazelle TASTY SEPIA Cryptographer controlled MASCOT libOTe SplitCommit APRICOT batch dual ex DUPLO TinyLEGO ABY VIFF Geppetri JustGarble TinyGarble LibGarble ABY3 MPyC SPDZ JIFF Cryptographer guided FlexSC FastGC Sharemind emp-toolkit ObliVM Obliv-C SCALE-MAMBA Ivory FRESCO Conclave Wysteria SCMQL Cryptographer simulated Passive Active More abstraction

  22. More control Linreg MPC Batched OPRF Fairplay Charm SCAPI Gazelle TASTY SEPIA Cryptographer controlled MASCOT libOTe SplitCommit APRICOT batch dual ex DUPLO TinyLEGO ABY VIFF Geppetri JustGarble TinyGarble LibGarble ABY3 MPyC SPDZ JIFF Cryptographer guided FlexSC FastGC Sharemind emp-toolkit ObliVM Obliv-C SCALE-MAMBA Ivory FRESCO Conclave Wysteria SCMQL Cryptographer simulated Passive Active More abstraction

  23. Conclave’s query specification # 3 parties each contribute inputs with the same schemadata = cc.defineTable(schema, at=[pA, pB, pC]) # compute the Herfindahl-Hirschman Index (HHI)rev = data.project(["companyID", "price"]) .sum("local_rev", group=[“companyID”], over="price") .project([0, "local_rev"]) market_size = rev.sum(“total_rev", over=“local_rev") share = rev.join(market_size, left=[“companyID"], right=[“companyID"]) .divide("m_share", "local_rev", by="total_rev") hhi = share.multiply(share, "ms_squared", "m_share") .sum(“hhi", on="ms_squared”)

  24. Conclave’s trust attestation 👨‍💼 👩‍💼 🏛 💳 💳 (ssn, zip) (ssn, assets) (ssn, assets) (ssn) # credit card companies trust the regulator to compute on SSNs bank_schema = [Column("ssn", cc.INTEGER, trust=[pA]), Column("assets", cc.INTEGER)]

  25. How is MPC being used for social good? Mechanization Electricity Automation Data & knowledge

  26. Financial markets: Partisia • Auctions (eg sugar beets) Source: Bogetoft, Christensen, Damgard, Geisler, Jakobsen, Krøigaard, Nielsen, Nielsen, Nielsen, Pagter, Schwartzbach, and Toft, Secure Multiparty Computation Goes Live

  27. Financial markets: Partisia • Auctions (eg sugar beets) • Market clearinghouse • Match incoming orders • Compare with price signals from realized trades Source: Archer, Bogdanov, Lindell, Kamm, Nielsen, Pagter, Smart, and Wright,From Keys to Databases – Real-World Applications of Secure MPC

  28. Financial markets: Partisia • Auctions (eg sugar beets) • Market clearinghouse • Match incoming orders • Compare with price signals from realized trades • Credit rating • Uses linear programming • Input: farmers of all banks Source: Damgard, Damgard, Nielsen, Nordholt, and Toft, Confidential Benchmarking based on Multiparty Computation

  29. Financial markets (1): Sharemind • ITL economic benchmarks • Collection of Estonian companies • Aggregate economic indicators:profit, # employees, salaries Source: Talviste, Practical Applications of Secure Multiparty Computation

  30. Financial markets (2): Sharemind • ITL economic benchmarks • Collection of Estonian companies • Aggregate economic indicators:profit, # employees, salaries • VAT tax revenue • Worked with Estonian Tax and Customs Board • Test if Company A’s VAT credit == Company B’s VAT reported Source: https://sharemind.cyber.ee/tax-vat-fraud/

  31. Electricity markets Energy trading with smart meters • Handles 2500 bids in ~5 min • Auction run every 30 min Source: Abidin, Aly, Cleemput, and Mustafa, An MPC-based Privacy-Preserving Protocol for a Local Electricity Trading Market

  32. Automation (1): avoiding satellite collisions Sources: Kamm and Willemson, Secure Floating-Point Arithmetic and Private Satellite Collision Analysis Sources: Hemenway, Lu, Ostrovsky, and Welser, High-precision Secure Computation of Satellite Collision Probabilities

  33. Automation (2): VoIP • Mix audio streams in 1 ms • VoIP packets have 90 ms of call data • Use SWHE + LSS Source: Archer and Rohloff, Computing with Data Privacy: Steps toward Realization

  34. Automation (3): map routing MPC for shortest path, implemented via series of ‘next hop’ queries Source: Wu, Zimmerman, Planul, and Mitchell, Privacy-Preserving Shortest Path Computation

  35. Automation (4): location services Source: https://sharemind.cyber.ee/location-services/

  36. Data (1): search Multi-party computation Symmetric searchable encryption Property preserving encryption No server protections (encrypt data at rest) Risk of data compromise Return whole dataset encrypted Utility of stored data

  37. Data (1): search Multi-party computation No server protections (encrypt data at rest) Risk of data compromise Return whole dataset encrypted Utility of stored data

  38. Data (2): protecting cryptographic keys Unbound tech Source: Archeret al, From Keys to Databases –Real-World Applications of Secure MPC

  39. Data (2): protecting cryptographic keys Unbound tech Preveil “IT can still access encrypted corporate information and recover user keys using Approval Groups. They are the cryptographic equivalent of giving fragmentsof your house key to yourneighbors. No singleneighbor can accessyourhouse, but if youlose your key, yourneighbors can getyou back in.” Source: Archeret al, From Keys to Databases –Real-World Applications of Secure MPC Source: www.preveil.com

  40. Data (3): stable matching • Input • Proposers: ordered list of reviewers • Reviewers: ordered list of proposers • Algorithm by [Gale Shapley 1962] • MPC algorithm uses GC, ORAM, oblivious queues Source: Doerner, Evans, and shelat, Secure Stable Matching at Scale

  41. Data (4): machine learning • Train a deep neural network for keyboard typing predictions • Stochastic gradient descent over high-dimensional vectors • Many input parties, may drop out • One semi-honest online server Source: Bonawitz, Ivanov, Kreuter, Marcedone, McMahan, Patel, Ramage, Segal, and Seth, Practical Secure Aggregation for Privacy-Preserving Machine Learning

  42. Data (5): anonymous web browsing Cloudflare’s Privacy Pass • Goal: anonymous authentication • Primitive: verifiable oblivious PRF Image: Wikipedia Source: Davidson, Goldberg, Sullivan, Tankersley, and Valsorda, Privacy Pass: Bypassing Internet Challenges Anonymously

  43. Public good (1): CRA Taulbee Survey • Measure faculty salaries in computer science departments • Input data for each department • # people at each faculty rank: full, associate, assistant, non-tenure • Min, median, mean, and max salary at each rank • Output: aggregate results at each tier Source: Feigenbaum, Pinkas, Ryger, Saint Jean, Secure Computation of Surveys

  44. Public good (2): Wage (dis)parity

  45. Public good (2): Wage (dis)parity Goal 3: Evaluating Success Employers agree to contribute data to a report compiled by a third party on the Compact’s success to date. Employer-level data would not be identified in the report.

  46. Public good (2): Wage (dis)parity

  47. Public good (3): education outcomes Source: Bogdanov, Kamm, Kubo, Rebane, Sokk, and Talviste, Students and Taxes: a Privacy-Preserving Social Study Using Secure Computation Questions Effect of work on graduation rate? Diff between CS & other students? Data size 600k education records 10m tax payment records Performance 384.5 hours during live study 5 hours after optimizations

  48. “in designing, establishing, and maintaining the higher education data system, … the Commissioner shall use secure multiparty computation technologies” “establishment of a shared service to facilitate data sharing, enable data linkage, and develop privacy enhancing techniques”

More Related