IEEE 2842:2021 pdf free download – IEEE Recommended Practice forSecure Multi-Party Computation
4. MPC overview
MPC is a technology that allows a set of parties to jointly compute on their data without any informationleakage beyond the computation result. It reduces information leakage and enhances trust and security in bigdata analysis effectively and can be used for data protection in many kinds of data collaboration scenarios. Itis a kind of technology that could build confidence and security in data collaboration and big data analysis.lt solves a data protection problem if implemented properly with proper security controls and proper trustmodels.
Figure l shows the schematic of MPC.The“MPC Protocol”in the center is developed per specific applicationscenario, such as auction scenario in which every bidder does not want others to know his/her bid price.Everybidder inputs their own price to MPC protocol,MPC protocol outputs the result who win the auction to everyparticipant individually after the computation is finished but does not reveal anybody’s price.Compared tothe traditional solutions, there is no need to tell a third party every bidder’s price,which protects bidders’information security effectively.MPC is decentralized, and no single trusted third party is required. In thisway, trust and security are established between peer-to-peer parties, because no one has privilege.
In practice,MPCparticipants need to decide the proper adversary model based on the application scenario, andfurther choose an applicative MPC protocol which shall satisfy the two fundamental requirements specified in5.1 when facing these adversaries.
An alternative adversary model is the covert adversary model.A covert adversary has the property that maydeviate arbitrarily from the protocol (just like the malicious adversaries), but do not wish to be “caught” bycertain probability.That is, a covert adversary has a desire to deviate from the protocol, but if the probabilitythat malicious actions will get caught exceeds a certain threshold, then the adversary will follow the protocolfor fear of being caught. The reason to introduce the covert model is that in many applications, there existparticipants that could not be expected to act semi-honestly but defending against malicious adversaries willincur too much performance overhead that is unacceptable.In practice, extra work is needed to decide a properthreshold.
In this simple application, A and B agree on some cryptographic mask functions such as scalar multiplicationon some elliptic curve, and each deploys a machine at their own domain, acting as the computing node.A firstmasks A’s user accounts and send them to B, who then masks B’s accounts and A’s masked accounts.Note thatin order to make the results unlinkable, B must shuffe the results randomly before sending them back to A.Aslong as the two mask functions F and G are swappable,A could find the number of mutual users by computingthe intersection of F(G(b)) and G(F(a)). Since the order of the lists have been randomly shuffled by B,Acannot know who the mutual users are.
The book vendor A and movie vendor B in Figure B.l play the roles of both data provider and computingprovider in the MPC reference architecture of Figure A.1.