by Nigel Smart
Cryptography is the technology one turns to if you want to keep data private; a concern which is becoming more important in today’s digital world. Legislators are even getting more involved in insisting data is kept provide; as evidence by the European Union’s GDPR regulations. But cryptography has traditionally only been used to solve two problems: securing data in transit, and securing data at rest. However, data is useless unless you actually process it, so we are seeing an increasing interest in methodologies to secure data whilst it is being processed. In some sense completing the third edge of the data triangle….
Securing data at rest is relatively straight forward, we just need to encrypt the storage medium (be it hard drive, or USB stick), to secure data in transit we need to deploy well known cryptographic protocols such as TLS or IPSec. But to secure data whilst it is being processed we need something a bit more ingenious.
One way of doing this is to use so-called secure enclaves (such as Intel’s SGX technology). Here data is decrypted when it enters and enclave, and encrypted when it leaves. But recent research has shown that this technology does not offer the really strong security guarantees one would want in the real world. Another technique would be to employ something called Fully Homomorphic Encryption (FHE), which enables a computer to operate on encrypted data as if it was in the clear. However, despite considerable advances in the last decade the efficiency of FHE is still many orders of magnitude away from being practical.
A technology which is increasingly seeing traction, and a growing number of start-ups in the area, is that of Multi-Party Computation (MPC). This is a technology which was originally invented in the 1980s but which only now is becoming deployed in applications. MPC solves the problem of computing on data in encrypted form by utilizing many parties. The data to be computed on is “encrypted” by splitting it into shares, via a cryptographic technique called secret sharing. Each share is then given to a separate computer. Then, using special protocols, any function can be computed on the shares to obtain a secret shared result.
For example imagine an auction with a number of buyers and a single seller. The seller would like to sell his item for the highest price, but the buyers may not want their unsuccessful bids to be known to the seller. Using MPC the buyers can share their bids, using secret sharing between a set of MPC engines, and then the winning bid can be computed; without any other information leaking even to the servers conducting the operation. The protocol can remain secure as long as one MPC engine is honest. In this example the buyers can guarantee that one MPC engine is honest by each buyer providing one MPC engine itself.
Governments and companies have shown considerable interest in MPC for various applications. For example in a recent DARPA funded program MPC was used to ensure that two satellites orbiting the earth would not collide; even when the agencies controlling them do not want to reveal their position or trajectory. In another application, being investigated by various governments, MPC is used to provide simple queries on national datasets, such as census records. Other applications range from securing efficient financial markets (by extending the auction example above), to simple machine learning algorithms, through to combining cyber-defence statistics between organizations in a privacy-sensitive manner.
An interesting aspect has been that much of the case-studies have involved around bringing different parties data together to obtain some added value. This has been because the name “Multi-Party” computation has led people to look at cases where multiple parties come together to compute a function on their joint input. However, we are increasingly seeing applications in which we turn the technology on its head. We take a single organization, and then split its data into various shares. We then compute on these shares using MPC, without ever bringing them back together. Thus we use MPC as a means of removing single points of failure in the security architecture of organizations, where valuable data residing in a single point creates an attractive target for an attacker.
Whilst MPC currently does not allow in practice all computations to be secured in this way, it does in theory. Thus at the moment one is limited to applications for which efficient solutions currently exist. However, performance is being stretched all the time, with many magnitudes of performance improvement being accomplished in the last five years.