Over the last two decades, our personal and professional lives have become increasingly digital. On the one hand, this has enabled us to communicate, collaborate, and be entertained in ways we could never have imagined. On the other hand, however, it has also made us more vulnerable to data misuse and theft, especially when those data and the underlying security keys are maintained centrally. Enter multi-party computation (MPC).
A tale of four bankers
MPC has been a topic of research since the 1980s, with the first real-world application of it dating back to a Danish sugar beet auction in 2008. In the auction, MPC was used to protect information on the price multiple buyers were willing to pay and the price multiple sellers were willing to accept. It then matched the winning bids without disclosing details of those bids, except the final price agreed to by the buyer and seller.
Another example often used to illustrate what MPC is about is the ‘tale of the four bankers.’
Imagine four bankers going for lunch, agreeing that the one with the biggest bonus should pay the bill. Important caveat: their common understanding is that none of them should reveal how much money they actually received. In other words: they all have secret inputs (the size of their bonuses) yet need to be able to compare their inputs to find out who should pay. This is where the concept of multi-party computation kicks in—performing necessary calculations while keeping each banker’s inputs private and secure.
MPC use cases: from splitting up sensitive data to data ‘marriage counseling’
MPC technology typically supports two types of use cases. It is either used to split up sensitive data, or to engage in some sort of data ‘marriage counseling.’
An example of the former scenario would be a company with a signing key to manage its wallet of cryptocurrencies or to execute software updates. Instead of holding the key in one place, the company could significantly reinforce its system’s security by using multi-party computation technology. In this case, MPC splits up the signing key and does not require bringing the two parts together to execute control afterward.
The second MPC use case involves different organizations, or parts of an organization, wanting to bring their data together while keeping the inputs private. Think of the tale of the four bankers. Another well-known example includes the Boston wage survey, which compared the average wages of men and women in the Boston area based upon the HR information of more than 200 companies. Here as well, MPC technology was used to extract all useful statistics while making sure no private details were revealed.
Today’s believers in multi-party computation: Facebook and Google
Multi-party computation is currently best suited when combined with applications that perform descriptive statistics. Think of the Boston wage survey, where you want to work out the average pay in a given sector. Another example includes the analysis of sensor data. In each of those cases, MPC will help you do so in a secure manner.
Companies such as Facebook and Google are already resorting to MPC technology as well – be it for point solutions. Google, for instance, uses MPC to gain insights on the correlation between (Google) ad viewership and an advertiser’s customer acquisition – without requiring any of the parties to share data.
And Facebook researchers say that MPC helps them build privacy-preserving contextual bandit models – which are a cornerstone of the company’s powerful recommendation and ranking engines. Dubbed CrypTen, Facebook’s technology is said to be aware that different parties possess contextual information (‘secrets’ – as we called them before) that they are unwilling to share with other parties. Based upon that understanding, Facebook claims CrypTen allows them to train learning models that respect people’s privacy concerns.
Moving beyond today’s point applications
It is clear that the concept of multi-party computation holds great potential, with a gazillion – primarily European – start-ups working on this topic. Yet, so far, it is merely being used in point solutions in the finance, cryptocurrency, and code signing domains. A true commercial sweet spot has so far been lacking – as MPC is a very complex technology that requires highly IT-literate organizations' insights and financial commitment.
Let us take healthcare, and hospitals, as an example. With the world having been hit by the subsequent waves of the coronavirus pandemic, exchanging hospital data without revealing personal information seems more relevant than ever. In practice, however, hospitals’ IT departments are simply not up to that challenge. Moreover, the many different types of hospital data – from blood pressure measurements to scans and doctors’ illegible notes – add even more to this case’s complexity.
We often see as well that companies start looking into multi-party computation’s potential to protect their applications’ privacy-sensitive data. At first sight, that seems a logical thing to do. But upon further investigation, it often becomes clear that the application itself breaks privacy rules.
For example, to optimize its business processes, a company may want to ‘secure’ the private information it wants to extract from its users’ private data. But the process of extracting that private information is itself the privacy concern, and no amount of additional security technology can mitigate this privacy loss for the customer.
In fact, this is one of the underlying challenges as well of our ‘tale of the four bankers’: by making the outcome public (everybody sees banker X paying for lunch), the application – by default – is no longer privacy-friendly. In other words: in such scenarios, MPC’s secure computations do not add much value.
So far, the technology’s inherent complexity and the lack of a clear commercial sweet spot have been major barriers to MPC’s widespread adoption. That sweet spot in terms of performance is to be found in low-depth functions, which excludes many modern algorithms such as those found in machine learning.
SCALE-MAMBA – an open invitation to start experimenting with MPC
COSIC, an imec research group at the University of Leuven (Belgium), is renowned for its research into multi-party computation, thereby focusing on three key aspects:
The first aspect is feasibility analysis, with COSIC researchers looking into the potential of possible high-value MPC applications. For example, following an informal contact from the European Central Bank, they investigated different algorithms for liquidity matching in financial systems without revealing any sensitive info on the related banks’ positions.
Secondly, they build improved protocols to develop new secure MPC systems. This involves researching the underlying cryptographic protocols, developing new ones, optimizing existing ones, or tailoring them to new situations.
And last but not least, they have developed SCALE-MAMBA – a programming language and support system that allows MPC enthusiasts to experiment with the technology. Downloadable from Github, it gives fellow researchers and IT specialists a feel for computing with encrypted data without disclosing valuable or sensitive information. What sets SCALE-MAMBA apart is that its design comes pretty close to a commercial system, whereas other academic systems just tend to focus on speed.
Today, however, there are no plans to go commercial with SCALE-MAMBA. As a matter of fact, it has specifically been made open source so that companies and other researchers can experiment with it. Several companies have started to use the SCALE-MAMBA building blocks in their products already. In return, they typically give some of their knowledge or developments back to the open-source community. That way, this becomes a win-win for everyone; the whole point is that people need to play with MPC technology.
More info about SCALE-MAMBA:
- https://github.com/KULeuven-COSIC/SCALE-MAMBA
- https://homes.esat.kuleuven.be/~nsmart/SCALE/
Nigel Smart is a professor at COSIC, an imec research group at the University of Leuven (Belgium). Nigel is a cryptographer with expertise in the theory of cryptography and its application in practice. He was previously vice-president of the IACR, and is co-founder of the Real World Cryptography conference and also co-founder of Unbound Security.
Published on:
18 March 2022
