Abstract
We report on the design and implementation of a system that uses multiparty computation to enable banks to benchmark their customers’ confidential performance data against a large representative set of confidential performance data from a consultancy house. The system ensures that both the banks’ and the consultancy house’s data stays confidential, the banks as clients learn nothing but the computed benchmarking score. In the concrete business application, the developed prototype helps Danish banks to find the most efficient customers among a large and challenging group of agricultural customers with too much debt. We propose a model based on linear programming for doing the benchmarking and implement it using the SPDZ protocol by Damgård et al., which we modify using a new idea that allows clients to supply data and get output without having to participate in the preprocessing phase and without keeping state during the computation. We ran the system with two servers doing the secure computation using a database with information on about 2500 users. Answers arrived in about 25 s.
We gratefully acknowledge financial support from the Center for research in the Foundations of Electronic Markets (CFEM) funded by the Danish Council for Strategic Research, the FP7 EU-project PRACTICE, the MPCPRO project supported by ERC and the CTIC center, supported by the Danish National Research Foundation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The banks are typically the lenders with the utmost priority in case of default.
- 2.
An early stage demo version of the software has been tested and resulted in valuable feedback for the development of the prototype.
- 3.
In [JNO14], a generic client solution was proposed that works for any MPC protocol, but it requires the client to keep state. In principle, one can always store client state info on the servers, but since our servers are malicious it needs to be authenticated and secret shared or encrypted, and this adds further complications to the implementation.
- 4.
This is actually the notion of a strong AMD code [CDF+08], the construction we give here is slightly different from previous ones, though, and fits better into our protocol.
- 5.
This problem does not occur in the original SPDZ protocol, since there the values that are opened are public.
- 6.
In theory, Danzig’s rule can lead to a cycle, so that the algorithm will not terminate, but this is rare in practice, and never occurred in our testing.
- 7.
Alternatively, one could let each bank control their own secure computation server communicating directly with the consultancy house controlled server. This setup up was used for the initial demo system, but the current setup was deemed more scalable as it only requires two secure computation servers.
- 8.
References
Agrell, P.J., Bogetoft, P., Tind, J.: DEA and dynamic yardstick competition in Scandinavian electricity distribution. J. Prod. Anal. 23(2), 173–201 (2005)
Asmild, M., Nielsen, K., Bogetoft, P.: Are high labour costs destroying the competitiveness of Danish dairy farmers? Evidence from an international benchmarking analysis. MSAP Working Paper Series (2012)
Banker, R.D., Charnes, A., Cooper, W.W.: Some models for estimating technical and scale inefficiencies in data envelopment analysis. Manage. Sci. 30, 1078–1092 (1984)
Bogetoft, P., Nielsen, K.: DEA based auctions. Eur. J. Oper. Res. 184, 685–700 (2008)
Bogetoft, P., Otto, L.: Benchmarking with DEA, SFA, and R. Springer, New York (2011)
Ben-Or, M., Goldwasser, S., Wigderson, A.:. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 20th ACM STOC, Chicago, Illinois, USA, 2–4 May, pp. 1–10. ACM Press (1988)
Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: Proceedings of the 20th ACM STOC, Chicago, Illinois, USA, 2–4 May, pp. 11–19. ACM Press (1988)
Charnes, A., Cooper, W.W., Rhodes, E.: Measuring the efficiency of decision making units. Eur. J. Oper. Res. 2, 429–444 (1978)
Charnes, A., Cooper, W.W., Rhodes, E.: Short communication: measuring the efficiency of decision making units. Eur. J. Oper. Res. 3, 339 (1979)
Catrina, O., de Hoogh, S.: Secure multiparty linear programming using fixed-point arithmetic. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 134–150. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15497-3_9
Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_27
Cielen, A., Peeters, L., Vanhoof, K.: Bankruptcy prediction using a data envelopment analysis. Eur. J. Oper. Res. 154(2), 526–532 (2004)
Cooper, W.W., Seiford, L.M., Tone, K.: Data Envelopment Analysis: A Comprehensive Text with Models, Applications, References and DEA-Solver Software, 2nd edn. Springer, New York (2007)
Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 285–304. Springer, Heidelberg (2006). doi:10.1007/11681878_15
Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40203-6_1
Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_38
Emrouznejad, A., Parker, B.R., Tavares, G.: Evaluation of research in efficiency and productivity: a survey and analysis of the first 30 years of scholarly literature in DEA. Socio-Econ. Plann. Sci. 42, 151–157 (2008)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A., (ed.) Proceedings of the 19th ACM STOC, New York City, New York, USA, 25–27 May, pp. 218–229. ACM Press (1987)
Jakobsen, T.P., Nielsen, J.B., Orlandi, C.: A framework for outsourcing of secure computation. In: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security, pp. 81–92. ACM (2014)
Kerschbaum, F.: Building a privacy-preserving benchmarking enterprise system. Enterp. IS 2(4), 421–441 (2008)
Kerschbaum, F.: Practical privacy-preserving benchmarking. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) SEC 2008. ITIFIP, vol. 278, pp. 17–31. Springer, Boston, MA (2008). doi:10.1007/978-0-387-09699-5_2
Kerschbaum, F., Schröpfer, A., Zilli, A., Pibernik, R., Catrina, O., de Hoogh, S., Schoenmakers, B., Cimato, S., Damiani, E.: Secure collaborative supply-chain management. IEEE Comput. 44(9), 38–43 (2011)
Kerschbaum, F., Terzidis, O.: Filtering for private collaborative benchmarking. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 409–422. Springer, Heidelberg (2006). doi:10.1007/11766155_29
Mester, L.J.: What’s the point of credit scoring? Bus. Rev. 3, 3–16 (1997)
Nielsen, K., Toft, T.: Secure relative performance scheme. In: Deng, X., Graham, F.C. (eds.) WINE 2007. LNCS, vol. 4858, pp. 396–403. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77105-0_44
Paradi, J.C., Asmild, M., Simak, P.C.: Using DEA and worst practice DEA in credit risk evaluation. J. Prod. Anal. 21(2), 153–165 (2004)
Premachandra, I.M., Bhabra, G.S., Sueyoshi, T.: DEA as a tool for bankruptcy assessment: a comparative study with logistic regression technique. Eur. J. Oper. Res. 193(2), 412–424 (2009)
Toft, T.: Constant-rounds, almost-linear bit-decomposition of secret shared values. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 357–371. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00862-7_24
Toft, T.: Solving linear programs using multiparty computation. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 90–107. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03549-4_6
Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: Proceedings of the 23rd FOCS, Chicago, Illinois, 3–5 November, pp. 160–164. IEEE Computer Society Press (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Damgård, I., Damgård, K., Nielsen, K., Nordholt, P.S., Toft, T. (2017). Confidential Benchmarking Based on Multiparty Computation. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-662-54970-4_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-54969-8
Online ISBN: 978-3-662-54970-4
eBook Packages: Computer ScienceComputer Science (R0)