Skip to main content
SpringerLink
Log in

Brief Announcement: Federated Code Auditing and Delivery for MPC

  • Conference paper
  • First Online:
Book cover Stabilization, Safety, and Security of Distributed Systems (SSS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10616))

Abstract

Secure multi-party computation (MPC) is a cryptographic primitive that enables several parties to compute jointly over their collective private data sets. MPC’s objective is to federate trust over several computing entities such that a large threshold (e.g., a majority) must collude before sensitive or private input data can be breached. Over the past decade, several general and special-purpose software frameworks have been developed that provide data contributors with control over deciding whom to trust to perform the calculation and (separately) to receive the output. However, one crucial component remains centralized within all existing MPC frameworks: the distribution of the MPC software application itself. For desktop applications, trust in the code must be determined once at download time. For web-based JavaScript applications subject to trust on every use, all data contributors across several invocations of MPC must maintain centralized trust in a single code delivery service. In this work, we design and implement a federated code delivery mechanism for web-based MPC such that data contributors only execute code that has been accredited by several trusted auditors (the contributor aborts if consensus is not reached). Our client-side Chrome browser extension is independent of any MPC scheme and has a trusted computing base of fewer than 100 lines of code.

The original version of this chapter was revised: An acknowledgement has been added. The erratum to this chapter is available at https://doi.org/10.1007/978-3-319-69084-1_38

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    This work is in part supported by NSF Awards #1430145, #1414119, and #1718135.

  2. 2.

    While the scenario that motivates this work involves delivery of MPC software, the technique we present can be used for delivery of any web application.

  3. 3.

    The source code for the implemented Chrome browser extension is available online at https://github.com/multiparty/secure-code-delivery-extension.

References

  1. Signing Software with Netscape Signing Tool 1.1. https://docs.oracle.com/cd/E19957-01/816-6169-10/contents.htm. Accessed 13 July 2017

  2. Subresource Integrity. https://www.w3.org/TR/SRI/. Accessed 13 July 2017

  3. VIFF. http://viff.dk/. Accessed 20 June 2017

  4. Arcieri, T.: Whats wrong with in-browser cryptography?. https://tonyarcieri.com/whats-wrong-with-webcrypto. Accessed 11 July 2017

  5. Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: A system for secure multi-party computation. In: CCS, pp. 257–266. ACM (2008)

    Google Scholar 

  6. Bestavros, A., Lapets, A., Varia, M.: User-centric distributed solutions for privacy-preserving analytics. Commun. ACM 60(2), 37–39 (2017)

    Article  Google Scholar 

  7. Bogdanov, D., Jõemets, M., Siim, S., Vaht, M.: How the estonian tax and customs board evaluated a tax fraud detection system based on secure multi-party computation. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 227–234. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_14

    Chapter  Google Scholar 

  8. Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009). 10.1007/978-3-642-03549-4_20

    Chapter  Google Scholar 

  9. Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: Sepia: privacy-preserving aggregation of multi-domain network events and statistics. In: Usenix Security Symposium. Usenix (2010)

    Google Scholar 

  10. Ejgenberg, Y., Farbstein, M., Levy, M., Lindell, Y.: SCAPI: the secure computation application programming interface. Cryptology ePrint Archive 2012/629

    Google Scholar 

  11. Gilad-Bachrach, R., Laine, K., Lauter, K., Rindal, P., Rosulek, M.: Secure data exchange: a marketplace in the cloud. Technical report June 2016

    Google Scholar 

  12. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM (1987)

    Google Scholar 

  13. Jarrous, A., Pinkas, B.: Canon-mpc, a system for casual non-interactive secure multi-party computation using native client. In: Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, pp. 155–166. ACM (2013)

    Google Scholar 

  14. Keller, M., Scholl, P., Smart, N.P.: An architecture for practical actively secure mpc with dishonest majority. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 549–560. ACM (2013)

    Google Scholar 

  15. Lapets, A., Varia, M., Bestavros, A., Jansen, F.: Role-based ecosystem model for design, development, and deployment of secure multi-party data analytics applications. Cryptology ePrint Archive (2017)

    Google Scholar 

  16. Levy, A.: Fraudsters just stole $7M by hacking a cryptocoin offering. https://www.cnbc.com/2017/07/17/coindash-website-hacked-7-million-stolen-in-ico.html. Accessed 24 Aug 2017

  17. Morton, B.: Code Signing. https://casecurity.org/wp-content/uploads/2013/10/CASC-Code-Signing.pdf. Accessed 13 July 2017

  18. Ptacek, T.: Javascript Cryptography Considered Harmful. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/. Accessed 11 July 2017

  19. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  20. Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. IEEE Computer Society (1982)

    Google Scholar 

Download references

Acknowledgement

This material is based upon work partially supported by the NSF (under Grants #1414119, #1430145, #1718135, and #1739000) and the Honda Research Institutes.

Author information

Authors and Affiliations

  1. Boston University, Boston, MA, 02215, USA

    Frederick Jansen, Kinan Dak Albab, Andrei Lapets & Mayank Varia

Authors
  1. Frederick Jansen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kinan Dak Albab
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrei Lapets
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mayank Varia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Frederick Jansen .

Editor information

Editors and Affiliations

  1. University of Liverpool, Liverpool, United Kingdom

    Paul Spirakis

  2. Chalmers University of Technology, Gothenburg, Sweden

    Philippas Tsigas

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Jansen, F., Albab, K.D., Lapets, A., Varia, M. (2017). Brief Announcement: Federated Code Auditing and Delivery for MPC. In: Spirakis, P., Tsigas, P. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2017. Lecture Notes in Computer Science(), vol 10616. Springer, Cham. https://doi.org/10.1007/978-3-319-69084-1_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69084-1_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69083-4

  • Online ISBN: 978-3-319-69084-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation