What is Multi-Party Computation (MPC)?
Let’s discuss what the multi-party computation is, how it works, its use cases, advantages, and disadvantages.
Multi-Party Computation (MPC), also known as secure computation, secure multi-party computation (SMPC), or privacy-preserved computation, is a cryptographic protocol founded in the late 1970s to simulate computational workflows without the use of any third parties for security hardening.
In other words, MPC provides cryptographic methods for parties to compute data jointly without having to reveal it to any party. Multi-party computation (MPC / SMPC) enables distributed computation of data in which each subject securely and privately handles different parts of the computation process.
Unlike traditional cryptographic techniques, which aim to secure the communication and data through encryption, MPC methods only encrypt partial information while computing from various sources to generate correct encrypted outputs.
In all the MPC techniques implemented for privacy, the participating parties’ inputs always stay secret. No subject can view the computation’s input or outcome to assure privacy between parties, even if a substantial proportion of the parties hold the secret keys.
MPC aims to secure online authentication, identification, and key management by protecting the participant’s privacy while delivering results that help make business-critical decisions.
Understanding Multi-Party Computation (MPC)
MPC computing considers scenarios where parties (or devices) want to carry out secure computation processes jointly. For example, these devices can be a distributed database system, where the computational process is a particular variable updating without exposing other critical variables.
Multi-party computation also assumes that subset parties may carry out malicious tasks in the form of machine crashes and other inadvertent faults. Thus every secure MPC technique always covers two of the most basic security requirements: privacy and correctness.
MPC privacy factors define that all the participating parties should only have access to outputs that are necessary for them. All the other variables should be kept private.
On the other hand, MPC correctness factors mention that every party should receive a correct output. The protocols should be defined so that malicious participating parties (or attackers) cannot manipulate the outcome.
To better understand these MPC factors, let’s first understand the concept of secret sharing and then look at some concrete examples.
Secret sharing divides and distributes secret values defined by the parties over several servers or users, so it is impossible to know where secret values are situated. To finally get the secret value, users’ data must be pooled together without knowing the private inputs to arrive at the computation outcome.
MPC Use Case Example
Consider a group of colleagues working at the same position in an organization who want to know the average salary hike for the job without revealing their salary hikes.
They can quickly execute this computation by providing information to a third party who would receive their information. Still, the privacy component is compromised as data gets shared with a third party.
To mitigate these privacy concerns, MPC implements a secret sharing algorithm that enables these workers to execute computation without any trusted third party.
How to implement MPC in a typical scenario?
Let’s say there are four colleagues. Colleague 1 received a $20k hike. Through secret sharing, $20k gets divided into four random secret shares. Colleague 1 holds one of these shares and provides other randomly divided shares to the remaining colleagues. Colleagues 2,3,4 do the same process and share their divided shares of the total salary hike.
Once this process gets completed, they do not know anything about each other’s salary hike, and the average salary hike information gets distributed in pieces between colleagues/parties.
To find the average salary hike, the distributed information between users of secret shares has to be computed, which will yield four different random numbers (participant-wise). Adding those numbers and dividing with the number of colleagues will output the final result.
In the above MPC example, participants do not have to provide the information (salary hike) to a trusted third party/colleagues, and computational processes yielded correct outputs in a manner that a subset of parties cannot manipulate.
There are many more examples, considering comparing a patient’s medical history with a distributed database containing many patients’ medical history. The aim is to find if that particular patient is at a high-risk for medical conditions.
In these contexts sharing medical data of the patient can breach the privacy guidelines of the organization. MPC can resolve the problem by implementing a cryptographic protocol in a database system, revealing the risk level for a particular patient.
Multi-Party Computation Use Cases
MPC is a 34-year old branch of computational science that has many use-cases and applications. But until the evolution of technology, examples were almost theoretical. However, the scenario has changed drastically.
In recent years, the implementation of MPC techniques has received quite a momentum. The protocols are becoming efficient and faster for use in public finance, medical, and IT sectors.
Here are some real-world use cases of multi-party computation:
Ad Optimization
Various organizations use MPC to compute correct conversion rates from advertisements to actual purchases securely. With MPC, companies monetizing ads or providing multiple online services do not have to share the data with third parties for ad revenue computations.
Organizations themselves analyze without revealing the algorithms, which increases accuracy and cost savings.
Machine Learning
The usage of Machine learning as a service is increasing rapidly in various sectors. Organizations can also use MPC in conjunction with machine learning models to perform inference on data without revealing the model details.
Additionally, data analyzed through MPC-based machine learning algorithms are usable between organizations for many purposes. For example, in the marketing sector, a service provider can run a machine learning model to secretly understand user data sentiment and share that result privately with the operations team.
There are many other notable applications of the MPC with machine learning like money laundering and risk detection systems, which keep shared data secret while detecting malicious activity from an encrypted data source.
Data Storage and Analysis
MPC techniques under data contexts can be helpful in two scenarios: secured sharing and storage of data. Data analysis happens without sharing sensitive information in secure data sharing, which is especially helpful in research and medical fields where departments share information to develop appropriate solutions and treatments.
With MPC technology, required data is made available to research institutions while keeping the sensitive information private.
On the other hand, secure storage of data using MPC requires the protection of cryptographic keys by breaking it into multiple pieces and storing it in various locations to enhance security. Placing the cryptographic keys in different places makes data inaccessible until all the key fragments/holders are present.
Real-world application for MPC secured data storage model is the signature generation protection for cryptocurrencies and digital assets where a digital transaction will only be considered valid when all the MPC group’s transaction holders are available.
Multi-party Computation Advantages
Data is not vulnerable to intelligence and third-parties
MPC decreases dependency on third-party service providers by keeping the data and computations safe inside organizations’ internal networks.
MPC maintains data usability and data privacy
MPC makes it easy to carry joint computations without masking any variables. The confidentiality of data stays completely preserved without compromising accuracy.
The inference gets made on encrypted data.
In MPC, the outcome or result is encrypted. The model never presents the actual data, which decreases the chances of leakages and misuses.
MPC meets regulatory and privacy compliances
In MPC, the data is broken into bits to enhance security and is never entirely moved across borders, making it compliant with various data protection regulations.
Multi-party Computation Disadvantages
High computational and communication costs
MPC techniques generate large amounts of random numbers that require computational resources. Server computers and storage devices vary broadly, which can decrease the performance of MPC protocols.
MPC stores data in pieces at various locations, which gets grouped for the final result. To group participants together requires communication devices, which can increase deployment costs.
Malicious participants have to be pre-assumed
Correct predictions are required regarding the proportions of malicious parties participating in joint computation to implement MPC securely.
The future of MPC technology
In the last few years, MPC has made it possible to link the most sensitive data in a secure and trustworthy manner. It has changed the way we think about sharing data and has opened doors to a wide variety of privacy based products and services.
MPC has provided techniques to gain insights into data without worrying about privacy and safety. Organizations must adopt MPC-based technologies to build a future that exercises personal data control and is free from security attacks and privacy thefts.
Check out Openware’s Cryptography Directory for open-source cryptography projects.
