## Cryptology ePrint Archive: Report 2019/178

LucidiTEE: Policy-Compliant Fair Computing at Scale

Rohit Sinha and Sivanarayana Gaddam and Ranjit Kumaresan

Abstract: We seek a system that provides transparency and control to users by 1) enforcing agreed-upon policies on what functions can be evaluated over private data (even when the users are offline), and 2) enforcing the set of parties with whom the results are shared. For this level of control, the system must ensure policy compliance, and we demonstrate, using modern applications, the need for history-based policies, where any decision to compute on users' data depends on prior use of that data. Moreover, the system must algorithmically ensure fairness: if any party gets the output, then so do all honest parties. It is an open research challenge to construct a system that ensures these properties in a malicious setting.

While trusted execution environments (TEEs), such as Intel SGX and Sanctum enclaves, offer partial solutions, they are at the mercy of an untrusted host software for storage and network I/O, and are therefore incapable of enforcing history-dependent policies or fairness. This paper presents LucidiTEE, the first system to enable multiple parties to jointly compute on large-scale private data, while guaranteeing policy-compliance even when the input providers are offline, and fairness to all output recipients. A key contribution is our protocol (with a formal proof of security) for fair n-party information exchange, which tolerates an arbitrary corruption threshold $t < n$, and requires only $t$ parties to possess a TEE node (an improvement over prior result that requires TEEs from all $n$ parties) --- in our case studies, this result provides a practical benefit as end users on commodity devices can enjoy fairness when engaging with service providers. We define an ideal functionality for policy-compliant fair computing, $\mathcal{F}_{PCFC}$, which is the first to study history-based policies, and we develop novel protocols based on a network of TEEs and a shared ledger to enforce history-based policies.

LucidiTEE realizes $\mathcal{F}_{PCFC}$ with a heavy focus on efficiency. It uses the ledger only to enforce policies; i.e., it does not store inputs, outputs, or state on the ledger, which allows it to scale to large data and large number of parties. We demonstrate several policy-based applications including a personal finance app, federated machine learning, and policy-based surveys amongst unknown participants.

Category / Keywords: cryptographic protocols / privacy, policy, fair exchange, trusted execution environment, blockchain

Date: received 18 Feb 2019, last revised 16 May 2019

Contact author: rsinha at berkeley edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2019/178

[ Cryptology ePrint archive ]