2. Cryptography for secure computation
⮚ Traditional Solution: Decrypt data and process it; extended trust to all collaborating parties.
⮚ Cryptography can however be used securely (and correctly) perform data perform processing and, minimize trust
assumptions.
3. PPT: Privacy Preserving
Technology
Scenario: doing statistics on big data.
• Machine Learning Technologies have increased the utility of data
• But we would like to process it while preserving privacy of data sources
Privacy preserving technologies
• To provide input privacy: protect against access to sources private input data.
• To provide output privacy: protect from adversaries reverse engineering sources private input data from
statistical inputs
4. Output privacy protection: differential privacy
Most popular technique: differential privacy
• Mathematical (not cryptographic) technique to protect against reconstructing (private) input data from output data.
•Main idea add noise in a careful, way so that one can carefully select a trade-off between privacy and utility of data.
Via the notion of k anonymity.
• Used in the wild, e.g. Apple to collect usage statistics, US Census Bureau, etc
• Ps: the input privacy techniques we discuss next typically don’t provide output privacy protection.
• i.e.. differential privacy may need to be used on conjunction, to provide input/output privacy
5. Input privacy
protection
The main cryptographic, techniques to provide input privacy
• Secure Multi-Party Computation (MPC)
• Homomorphic Encryption (HE)
• Zero-Knowledge Proofs (ZKP)
6. Multi-Party Computation (MPC)
MPC: Cryptographic protocols that allow the secure computation of a function with multiple
inputs
• Parties p1, p2, p n
• Each pi has a private input xi
• Parties wish to jointly compute F (X1, x2,…., xn)
• Secure parties want to perform this computation privately and securely
• Security parties want to perform this computation privately and correctly
• psI: there are other security requirements.
• Ps2: a dedicated security paradigm is used to prove security of MPC protocols
7. MPC: How it
started
• 2nd Party protocol introduced by Yao in 1986
• Multiparty cases by Goldreich, Micali and Wigderson in 1987
• One can show that any function is computable securely via MPC
Main tools:
• Yao’s Grabbled Circuits
• Shamir Secret Sharing
• Theoretical aspects have been known for 3 decades .. Main problem was efficiency.
8. MPC: how is it
going?
• After 2-3 decades of research , MPC is a mature cryptographic technique.
• Overheads are now acceptable for several applications
• Although one can use general purpose MPC protocols for any computation, specific functions (e.g. private set intersection) very
efficient protocol now exist.
• Many real world applications
9. More MPC
Examples
• Private auction several parties want to execute a private auction
• Highest bid winners and only their bid is revealed to the other parties
• Traditional solution use a trusted, auctioneer
• MPC solution replaces trusted auctioneer by an MPC protocol
Private intersection two organisations hold proprietary databases
They would like to find out the intersection and any other information must remain
private
Traditional solution use a third-party
10. More & more (MPC)
applications
• Several other practical applications
• threshold cryptography
• digital asset custody
• privacy preserving database (private queries, e.g. Jana DB)
• Information sharing and collaborative statistics
• secure analysis (e.g. Sharemind)
• private marketplace
11. Multi-Party Computation (MPC)
Other aspects of the protocol to be considered
include:
• functionality
• adversarial model
• communication model
12. Private Set
Intersection
• Private set intersection protocols are now very efficient
• Wide range of real-world applications:
• Collaboration between parties who do not trust each other
• Mobile phone applications
• Financial crime fighting
13. Homomorphic Encryption
• Not protocols, primitives providing an attractive functionally: we can process ciphertext that will decrypt into processed plaintext (see
‘homomorphism’ in mathematics
• Does not require interaction between parties- processing is on the ciphertext
• Adversarial model is tricker than (MPC)
• Not very efficient
• Main current application: privacy preserving machine learning
14. Zero-knowledge
proofs
• Protocols that allow computation of a proof of some statement in a correct, sound and private manner
• Can be interactive or non-interactive
• Complex implementations and proofs of security
• Main current application: privacy preserving blockchain applications
• More generally (ZKP) could provide a secure auditing mechanism, but probably not efficient enough
• A lot of ZNP research and development is in the blockchain arena ... Because of high incentives
15. Secure Computation: the
future
• Research deployment and deployment of privacy preserving technologies will continue to
grow.
• Acceptance is growing
• Solutions are becoming more efficient
• Range of application is growing
Interesting research problem:
• Quantum setting: different adversarial and computational models