Putting the P(privacy, practicality) in MPC(secure multiparty computation)
Secure Multiparty Computation (MPC) is a powerful technique that allows mutually distrusting parties to securely compute a desired function over their sensitive inputs while keeping these inputs private. MPC has transformative potential but realizing its full promise is hindered by several challenges:
- Executing a function under MPC is often a lot slower than executing the same function "in the clear" (i.e. without security).
- MPC requires oblivious execution, which makes traditionally non-oblivious algorithms and programs unnatural to write or inefficient to execute. This includes many sorting and shuffling algorithms, relational joins, and even binary search.
- MPC is often executed in the outsourced model or by relying on sampled committees, to keep the number of active parties low and to boost reliability.
This line of work aims to resolve these issues, making MPC practical, ergonomic, and efficient, while also ensuring its uses are well-aligned with end-user privacy expectations.
BU is a world-renowned hub for this kind of work. BU's CASP Systems Lab builds scalable MPC systems for complex analytics. BUSec does incredible work on practical and theoretical cryptographic protocols and systems, and Mayank Varia and I, along with other co-authors at BU built and deployed one of the first successful real-world use cases of MPC in the US.
Active Projects
Outsourced MPC outsources execution of secure functionality to a handful of servers. This improves performance but comes at a loss of control: when end-users secret share their data with the servers, they lose the ability to control how their data is used or influence which functions to run or not.
We are building a system that bridges MPC with policy enforcement ideas (e.g. from Sesame). End-users secret share their data along with a policy that describes their privacy preferences. The servers run our system to (1) execute functions they select using MPC, and (2) ensure that each function satisfies the end-users policies prior to revealing the function's outputs.
Future Ideas
Effective MPC code must correctly compute the desired output, exhibit good performance, and ensures no information leakage (or minimize it). However, writing such effective code is challenging, especially for novices. MPC enforces an unituitive programming paradigm, as imposes an oblivious control flow, and high-level MPC frameworks have opaque abstractions that make it hard for developers to reason about the performance or behavior of MPC programs.
We are interested in building developer tools that simplify this process. This includes automatic tools for resource and performance estimation, statically analyzing leakage, or rewriting and optimizing programs automatically.
These tasks are conceptually undecidable and practically difficult to realize with good precision in general purpose programs. However, we believe they are possible in MPC programs due to their oblivious nature. This is supported by some of our earlier work in this area, e.g. in Carousels.
Past Projects
JIFF is an MPC framework aimed at the web. It supports computing arbitrary functions securely in flexible settings, including peer-to-peer, server-assisted, and outsourced models. JIFF was used as a backend for many of our real-world MPC deployments and by other researchers to implement secure protocols, e.g., https://www.usenix.org/conference/usenixsecurity18/presentation/frankie and https://ieeexplore.ieee.org/document/9519474.