skip to main content
10.1145/3243734.3243801acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants

Published: 15 October 2018 Publication History

Abstract

Protocols for secure multiparty computation enable a set of parties to compute a joint function of their inputs, while preserving privacy, correctness and more. In theory, secure computation has broad applicability and can be used to solve many of the modern concerns around utilization of data and privacy. Huge steps have been made towards this vision in the past few years, and we now have protocols that can carry out large computations extremely efficiently, especially in the setting of an honest majority. However, in practice, there are still major barriers to widely deploying secure computation, especially in a decentralized manner. In this paper, we present the first end-to-end automated system for deploying large-scale MPC protocols between end users, called MPSaaS (for MPC system-as-a-service ). Our system enables parties to pre-enroll in an upcoming MPC computation, and then participate by either running software on a VM instance (e.g., in Amazon), or by running the protocol on a mobile app, in Javascript in their browser, or even on an IoT device. Our system includes an automation system for deploying MPC protocols, an administration component for setting up an MPC computation and inviting participants, and an end-user component for running the MPC protocol in realistic end-user environments. We demonstrate our system for a specific application of running secure polls and surveys, where the secure computation is run end-to-end with each party actually running the protocol (i.e., without relying on a set of servers to run the protocol for them). This is the first such system constructed, and is a big step forward to the goal of commoditizing MPC. One of the cryptographic difficulties that arise in this type of setting is due to the fact that end users may have low bandwidth connections, making it a challenge to run an MPC protocol with high bandwidth. We therefore present a protocol based on Beerliova-Trubiniova and Hirt (TCC 2008) with many optimizations, that has very low concrete communication, and the lowest published for small fields. Our protocol is secure as long as less than a third of the parties are malicious, and is well suited for computing both arithmetic and Boolean circuits. We call our protocol HyperMPC and show that it has impressive performance. In particular, 150 parties can compute statistics---mean, standard deviation and regression---on 4,000,000 inputs (with a circuit of size 16,000,000 gates of which 6,000,000 are multiplication) in just 45 seconds, and 150 parties can compute a circuit over GF[28] (which can be used for a Boolean computation) with 1,000,000 multiplication gates and depth-20 in just 2 seconds. Although our end-to-end system can be used to run any MPC protocol (and we have incorporated numerous protocols already), we demonstrate it for our new protocol that is optimized for end-users without~high~bandwidth.

Supplementary Material

MP4 File (p695-lindell.mp4)

References

[1]
T. Araki, J. Furukawa, Y. Lindell, A. Nof and K. Ohara. High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority. In the 23rd ACM CCS, pages 805--817, 2016.
[2]
T. Araki, A. Barak, J. Furukawa, T. Lichter, Y. Lindell, A. Nof, K. Ohara, A. Watzman and O. Weinstein.Optimized Honest-Majority MPC for Malicious Adversaries -- Breaking the 1 Billion-Gate Per Second Barrier. In the 38th IEEE Symposium on Security and Privacy, pages 843--862, 2017.
[3]
D. Beaver. Efficient Multiparty Protocols Using Circuit Randomization. In CRYPTO'91, Springer (LNCS 576), pages 420--432, 1991.
[4]
M. Ben-Or, S. Goldwasser and A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation. In the 20th STOC, pages 1--10, 1988.
[5]
Z. Beerliova-Trubiniova and M. Hirt. Perfectly-Secure MPC With Linear Communication Complexity. In TCC 2008, Springer (LNCS 4948), pages 213--230, 2008.
[6]
D. Bogdanov, S. Laur and J. Willemson. Sharemind: A Framework for Fast Privacy-Preserving Computations. In the 13th ESORICS, Springer (LNCS 5283), pages 192--206, 2008.
[7]
G. Bracha. An Asynchronous (n - 1)/3-Resilient Consensus Protocol. In the 3rd PODC, pages 154--162, 1984.
[8]
R. Canetti. Security and Composition of Multiparty Cryptographic Protocols. In the Journal of Cryptology, 13(1):143--202, 2000.
[9]
. Canetti. Universally Composable Security: A New Paradigm for CryptographicProtocols. In the 42nd FOCS, pages 136--145, 2001.
[10]
K. China, D. Genkin, K. Hamada, D. Ikarashi, R. Kikuchi, Y. Lindell and A. Nof. Fast Large-Scale Honest-Majority MPC for Malicious Adversaries. To appear at CRYPTO 2018.
[11]
I. Damgård, M. Geisler, M. Krøigaard and J.B. Nielsen. Asynchronous Multiparty Computation: Theory and implementation. In PKC 2009, Springer (LNCS 5443), pages 160--179, 2009.
[12]
I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl and N.P. Smart. Practical Covertly Secure MPC for Dishonest Majority -- Or: Breaking the SPDZ Limits. In the 18th ESORICS, Springer (LNCS 8134), pages 1--18, 2013.
[13]
I. Damgård and J.B. Nielsen. Scalable and Unconditionally Secure Multiparty Computation. In CRYPTO 2007, Springer (LNCS 4622), pages 572--590, 2007.
[14]
I. Damgård, V. Pastro, N.P. Smart and S. Zakarias. Multiparty Computation From Somewhat Homomorphic Encryption. In CRYPTO 2012, Springer (LNCS 7417), pages 643--662, 2012.
[15]
O. Goldreich, S. Micali and A. Wigderson. How to Play Any Mental Game -- a Completeness Theorem for Protocols With Honest Majority. In the 19th STOC, pages 218--229, 1987.
[16]
M. Hirt, U. Maurer and B. Przydatek. Efficient Secure Multi-Party Computation. In ASIACRYPT 2000, Springer (LNCS 1976), pages 143--161, 2000.
[17]
Y. Huang, P. Chapman and D. Evans.Secure Computation on Mobile Devices. In IEEE S&P Poster Session, 2011.
[18]
M. Keller, E. Orsini and P. Scholl. MASCOT: Faster Malicious Arithmetic Secure Computation With Oblivious Transfer. In the 23rd ACM CCS, pages 830--842, 2016.
[19]
E. Kushilevitz, Y. Lindell and T. Rabin. Information-Theoretically Secure Protocols and Security UnderComposition. In the 38th STOC, pages 109--118, 2006.
[20]
A. Lapets, E. Dunton, K. Holzinger, F. Jansen and A. Bestavros. Web-Based Multi-Party Computation With Application to Anonymous Aggregate Compensation Analytics. http://www.bu.edu/today/2016/gender-pay-equity/, 2017. See also http://www.cs.bu.edu/techreports/pdf/2015-009-mpc-compensation.pdf.
[21]
Y. Lindell and A. Nof. A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority. In the 24th ACM CCS, pages 259--276, 2017.
[22]
Y. Lindell and B. Riva. Blazing Fast 2PC in the Offline/online Setting With Security for Malicious Adversaries. In 22nd ACM CCS, pages 579--590, 2015.
[23]
P. Mohassel, M. Rosulek and Y. Zhang. Fast and Secure Three-Party Computation: The Garbled Circuit Approach. In the 22nd ACM CCS, pages 591--602, 2015.
[24]
J.B. Nielsen, P.S. Nordholt, C. Orlandi and S.S. Burra. A New Approach to Practical Active-Secure Two-Party Computation. In CRYPTO 2012, Springer (LNCS 7417), pages 681--700, 2012.
[25]
J.B. Nielsen, T. Schneider and R. Trifiletti. Constant Round Maliciously Secure 2PC With Function-Independent Preprocessing Using LEGO. IACR Cryptology ePrint Archive, 2016.
[26]
T. Rabin and M. Ben-Or. Verifiable Secret Sharing and Multiparty Protocols With Honest Majority. In the 21st STOC, pages 73--85, 1989.
[27]
A. Shamir. How to Share a Secret. Communications of the ACM, 22:612--613, 1979.
[28]
X. Wang, A.J. Malozemoff and J. Katz. Faster Secure Two-Party Computation in the Single-Execution Setting. In EUROCRYPT 2017, Springer (LNCS 10210), pages 399--424, 2017.
[29]
WebAssembly, https://developer.mozilla.org/en-US/docs/WebAssembly.
[30]
Web Cryptography API, https://www.w3.org/TR/WebCryptoAPI/.
[31]
Web Sockets, https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API.
[32]
Web Workers, https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers.
[33]
A. Yao. How to Generate and Exchange Secrets. In the 27th FOCS, pages 162--167, 1986.

Cited By

View all
  • (2024)Leakage-Resilient Circuit GarblingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690204(780-794)Online publication date: 2-Dec-2024
  • (2024)Helium: Scalable MPC among Lightweight Participants and under ChurnProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670346(3038-3052)Online publication date: 2-Dec-2024
  • (2024)Ratel: MPC-extensions for Smart ContractsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3661142(336-352)Online publication date: 1-Jul-2024
  • Show More Cited By

Index Terms

  1. An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
      October 2018
      2359 pages
      ISBN:9781450356930
      DOI:10.1145/3243734
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 15 October 2018

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Research-article

      Funding Sources

      • European Research Council

      Conference

      CCS '18
      Sponsor:

      Acceptance Rates

      CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;
      Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)46
      • Downloads (Last 6 weeks)8
      Reflects downloads up to 20 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Leakage-Resilient Circuit GarblingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690204(780-794)Online publication date: 2-Dec-2024
      • (2024)Helium: Scalable MPC among Lightweight Participants and under ChurnProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670346(3038-3052)Online publication date: 2-Dec-2024
      • (2024)Ratel: MPC-extensions for Smart ContractsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3661142(336-352)Online publication date: 1-Jul-2024
      • (2024)Asynchronous Threshold ECDSA With Batch ProcessingIEEE Transactions on Computational Social Systems10.1109/TCSS.2022.323090311:1(566-575)Online publication date: Feb-2024
      • (2024)RetrORAM: Oblivious Random Access Machines in Retrospect2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT61001.2024.10724915(1-9)Online publication date: 24-Jun-2024
      • (2023)Angler: Dark Pool Resource AllocationProceedings of the Eighth ACM/IEEE Symposium on Edge Computing10.1145/3583740.3628440(108-120)Online publication date: 6-Dec-2023
      • (2023)Scalable Multiparty GarblingProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623132(2158-2172)Online publication date: 15-Nov-2023
      • (2023)Secure Key Management for Multi-Party Computation in MOZAIK2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00020(133-140)Online publication date: Jul-2023
      • (2023)General-Purpose Secure Conflict-free Replicated Data Types2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00030(521-536)Online publication date: Jul-2023
      • (2023)Collusion-Deterrent Threshold Information Escrow2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00010(584-599)Online publication date: Jul-2023
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media