Cryptology ePrint Archive: Report 2017/803

Role-Based Ecosystem for Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications

Andrei Lapets and Kinan Dak Albab and Rawane Issa and Lucy Qin and Mayank Varia and Azer Bestavros and Frederick Jansen

Abstract: Software applications that employ secure multi-party computation (MPC) can empower individuals and organizations to benefit from privacy-preserving data analyses when data sharing is encumbered by confidentiality concerns, legal constraints, or corporate policies. MPC is already being incorporated into software solutions in some domains; however, individual use cases do not fully convey the variety, extent, and complexity of the opportunities of MPC. This position paper articulates a role-based perspective that can provide some insight into how future research directions, infrastructure development and evaluation approaches, and deployment practices for MPC may evolve.

Drawing on our own lessons from existing real-world deployments and the fundamental characteristics of MPC that make it a compelling technology, we propose a role-based conceptual framework for describing MPC deployment scenarios. Our framework acknowledges and leverages a novel assortment of roles that emerge from the fundamental ways in which MPC protocols support federation of functionalities and responsibilities. Defining these roles using the new opportunities for federation that MPC enables in turn can help identify and organize the capabilities, concerns, incentives, and trade-offs that affect the entities (software engineers, government regulators, corporate executives, end-users, and others) that participate in an MPC deployment scenario. This framework can not only guide the development of an ecosystem of modular and composable MPC tools, but can make explicit some of the opportunities that researchers and software engineers (and any organizations they form) have to differentiate and specialize the artifacts and services they choose to design, develop, and deploy. We demonstrate how this framework can be used to describe existing MPC deployment scenarios, how new opportunities in a scenario can be observed by disentangling roles inhabited by the involved parties, and how this can motivate the development of MPC libraries and software tools that specialize not by application domain but by role.

Category / Keywords: implementation / secure multi-party computation, implementation, applications

Original Publication (in the same form): IEEE Proceedings

Date: received 25 Aug 2017, last revised 24 Sep 2019

Contact author: lapets at bu edu

Available format(s): PDF | BibTeX Citation

Version: 20190924:185855 (All versions of this report)

Short URL: ia.cr/2017/803


[ Cryptology ePrint archive ]