The first session of the second day of Real World Crypto was on Multi-Party Computation. It is a great test of cryptographic development that this once theoretical topic now fills a full session at an event such as Real World Crypto.
The first talk was given by Dyadic’s co-founder Yehuda Lindell. Yehuda stressed the importance of protocols which are fully secure against malicious adversaries; all of Dyadic’s protocols are secure in this very strong model of security. The key issue is how to achieve this strong level of security in a very efficient manner. Yehuda talked about three party computation with an honest majority. Yehuda mentioned applications such as processing biometric information for logins, processing medical information, and processing database information.
In the semi-honest case Yehuda discussed work on splitting a cryptographic key between three servers and using MPC to evaluate AES. Much like Dyadic’s vHSM product works. The MPC evaluation of AES could be done at a rate of 1 million AES operations per second. Integrating this into a Kerberos ticking server, a throughput of over 41000 logins per second with a latency of 200ms. This is because the protocol can evaluate 7 billion AND gates per second using twenty cores on each machine.
The surprise in the talk was what happens when one moves to the malicious model. In this more stronger model over one billion AND gates could be evaluated per second. This translates to over 200,000 AES evaluations in MPC per second, if using in an pre-processing model over 400,000 AES operations can be done per second.
The second talk was by Benjamin Kreuter of Google. He discussed how Googles uses MPC, and the differences between how academic and practical MPC differ. He pointed out that network bandwidth is often more of a restricted resource than computation. This is particularly true of the mobile devices, (note Dyadic has a particularly novel solution for the mobile environment in our authentication solution).
The first Google application which Ben talked about was a set-intersection protocol for use in a B2B setting. For example a store knows who buys a product, and Google knows who saw an advert. Thus a set intersection gives the answer as to which adverts resulted in sales; without the two businesses revealing information to each other. Google uses a special protocol for just doing set-intersection, rather than a true MPC protocol, as the problem is simple to solve.
In the second application Ben talked about merging user behaviour models obtained on a phone (for example), without revealing the individual local models. Basically the concept is to obtain a linear combination of models without revealing the individual local models, using differential privacy to protect users individual models. The addition is just done using linear secret sharing. This work is moving towards deployment by Google in a production environment.
The third and final talk of the session was on privacy preserving classification on deep neural networks. The problem discussed in the talk was how to perform the classification on a server without revealing information about the input data, or the final trained neural network. The technology used was Fully Homomorphic Encryption.
This meant that polynomial approximations are needed for the functions used in the neural network.