Cryptology ePrint Archive: Report 2018/751

An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants

Assi Barak and Martin Hirt and Lior Koskas and Yehuda Lindell

Abstract: Protocols for secure multiparty computation enable a set of parties to compute a joint function of their inputs, while preserving \emph{privacy}, \emph{correctness} and more. In theory, secure computation has broad applicability and can be used to solve many of the modern concerns around utilization of data and privacy. Huge steps have been made towards this vision in the past few years, and we now have protocols that can carry out large computations extremely efficiently, especially in the setting of an honest majority. However, in practice, there are still major barriers to widely deploying secure computation, especially in a decentralized manner.

In this paper, we present the first end-to-end automated system for deploying large-scale MPC protocols between end users, called MPSaaS (for \textit{MPC system-as-a-service}). Our system enables parties to pre-enroll in an upcoming MPC computation, and then participate by either running software on a VM instance (e.g., in Amazon), or by running the protocol on a mobile app, in Javascript in their browser, or even on an IoT device. Our system includes an automation system for deploying MPC protocols, an administration component for setting up an MPC computation and inviting participants, and an end-user component for running the MPC protocol in realistic end-user environments. We demonstrate our system for a specific application of running secure polls and surveys, where the secure computation is run end-to-end with each party actually running the protocol (i.e., without relying on a set of servers to run the protocol for them). This is the first such system constructed, and is a big step forward to the goal of commoditizing MPC.

One of the cryptographic difficulties that arise in this type of setting is due to the fact that end users may have low bandwidth connections, making it a challenge to run an MPC protocol with high bandwidth. We therefore present a protocol based on Beerliova-Trubiniova and Hirt (TCC 2008) with many optimizations, that has very low concrete communication, and the lowest published for small fields. Our protocol is secure as long as less than a third of the parties are \textit{malicious}, and is well suited for computing both arithmetic and Boolean circuits. We call our protocol HyperMPC and show that it has impressive performance. In particular, 150 parties can compute statistics---mean, standard deviation and regression---on 4,000,000 inputs (with a circuit of size 16,000,000 gates of which 6,000,000 are multiplication) in five minutes, and 10 parties can compute the same circuit in 30 seconds. Although our end-to-end system can be used to run any MPC protocol (and we have incorporated numerous protocols already), we demonstrate it for our new protocol that is optimized for end-users without high bandwidth.

Category / Keywords: cryptographic protocols / secure multiparty computation

Original Publication (with minor differences): ACM CCS 2018
DOI:
10.1145/3243734.3243801

Date: received 11 Aug 2018, last revised 22 Aug 2018

Contact author: lindell at biu ac il

Available format(s): PDF | BibTeX Citation

Version: 20180822:214403 (All versions of this report)

Short URL: ia.cr/2018/751


[ Cryptology ePrint archive ]