What is secure multiparty computation (SMPC)?
Secure multiparty computation (SMPC) is a form of confidential computing that protects the privacy and security of systems and data sources, while maintaining the data's integrity. SMPC often falls under the broader category of privacy-enhancing technologies.
Sometimes referred to as multiparty computation, or MPC, SMPC is a branch of cryptography that enables multiple parties to compute a function across their respective inputs, while ensuring each party's inputs remain private. Each computation is distributed across systems and multiple encrypted data sources. The technique ensures no party sees the entire data set and limits the information any party can acquire.
The primary goal of SMPC is the accurate and secure computation of sensitive information without revealing private data. Common applications include financial analysis, medical research, voting systems and data sharing across organizations.
Andrew Yao, a researcher who proposed Yao's Garbled Circuits protocol, first introduced the concept of SMPC in the early 1980s. Yao's protocol lets two parties jointly compute a function, encoding the function as a circuit and encrypting the gates so the parties can evaluate the circuit without learning each other's inputs.
Researchers Yehuda Lindell and Benny Pinkas later proposed active security in two-party computation, using a combination of garbling techniques and the cut-and-choose paradigm and improving the garbled circuits approach and the overall efficiency of two-party computation constructs.
Oded Goldreich, Silvio Micali and Avi Wigderson further expanded the concept. The Goldreich-Micali-Wigderson protocol extends secure computation to multiple parties. GMW uses secret sharing and other cryptographic techniques to enable secure multiparty computation. SMPC also benefits from innovations such as Shamir's secret sharing, first developed by cryptographer Adi Shamir of Rivest-Shamir-Adleman algorithm, or RSA algorithm, fame.
How does secure multiparty computation work?
SMPC distributes the computation across multiple parties, using cryptographic techniques to ensure privacy and security. There are multiple steps in an SMPC operation. In order, they are the following:
- Defining the function and inputs. The first step in SMPC is to define the function that the parties want to compute jointly. Each party has private data, known as inputs, which need to remain private. For example, consider three co-workers -- Allison, Brian and Caroline -- who want to compute their average salary without revealing their salaries.
- Sharing secrets. The second step is secret sharing, or splitting private data into multiple shares that are distributed among the parties. Each share on its own reveals no information about the original data. A core element in this approach is Shamir's secret sharing, a scheme that uses polynomial interpolation to divide a secret in such a way that only a specific number of shares can reconstruct the secret. In this example, Allison's $80,000 salary is split into three randomly generated pieces, or secret shares. Allison's system keeps one share and distributes the others to Brian and Caroline for the computation.
- Using homomorphic encryption. Homomorphic encryption enables direct computation on encrypted data without the need to decrypt the data first. The resultant computation remains encrypted, preserving privacy.
- Performing the computation. Once the data is securely shared and encrypted, the distributed system then performs the computation. In the example, Allison, Brian and Caroline hold secret shares of the other participants' salaries. They can compute the sum of all secret shares to obtain the total salary, which can then be divided by the number of participants to calculate the average salary. During this process, no party learns anything about anyone else's input.
- Applying zero-knowledge proofs and oblivious transfer. Zero-knowledge proofs are cryptographic protocols that enable one party to prove to another that a statement is true without revealing any information beyond the validity of the statement. This technique is essential in SMPC for ensuring parties can verify the accuracy of computations without revealing their private inputs. Oblivious transfer is another cryptographic protocol that ensures a sender transfers one of potentially many pieces of information to a receiver but never knows which piece of information was transferred.
- Sharing the result. At the end of an SMPC operation, the parties obtain the result of the computation. In the example, the average salary is revealed to Allison, Brian and Caroline, but no individual salary is disclosed, ensuring accuracy while protecting privacy.
Advantages of secure multiparty computation
SMPC delivers numerous advantages that make it a valuable tool for privacy-preserving computations:
- Personal protection. SMPC ensures that private inputs remain confidential. Only the final result is revealed, never the individual inputs. This property is crucial for applications with sensitive personal information, from medical data to financial transactions and beyond.
- Data utility. Traditional data privacy techniques often involve data anonymization or data aggregation, which can reduce the utility of the data. In contrast, SMPC enables computations on the original data, preserving its utility while ensuring privacy.
- General security. Advanced cryptographic techniques, such as homomorphic encryption and zero-knowledge proofs, ensure SMPC protocols provide strong security.
- Regulatory compliance. SMPC helps organizations comply with data protection regulations, including the General Data Protection Regulation and Health Insurance Portability and Accountability Act. These regulations require organizations to install data protection measures to safeguard personal information.
- Collaboration. Researchers and organizations securely aggregate and analyze data from multiple sources without the need to sacrifice privacy. This capability is particularly valuable in a field such as healthcare, where SMPC's data sharing and collaborative research directly affect patient outcomes and advance medical knowledge.
Limitations of secure multiparty computation
SMPC includes some limitations that require consideration:
- Computational overhead. Cryptographic operations often introduce significant computational overhead, requiring more resources and impacting performance. Homomorphic encryption and zero-knowledge proofs are computationally intensive, requiring substantial processing power and time.
- High communication costs. SMPC protocols often require multiple rounds of bandwidth-intensive, time-consuming communication and data exchange.
- Vulnerability to collusion. SMPC protocols typically presume a semihonest majority, meaning a majority of the parties follow the protocol honestly. However, if multiple processing parties collude, they may be able to infer private inputs of other participants.
- Complexity. Implementing complex SMPC protocols requires expertise in cryptography and distributed computing.
Applications of secure multiparty computation
With its ability to enable accurate and secure computations, SMPC's applications span various industries and fields, including the following:
- Finance. SMPC securely computes financial metrics and risk assessments without revealing individual transaction details. For example, banks collaborate to assess the risk of a loan portfolio without sharing sensitive customer data.
- Healthcare. SMPC enables collaborative medical research and analysis on sensitive patient data without compromising privacy.
- Machine learning and artificial intelligence. SMPC affords training machine learning models on distributed data sets without exposing the underlying data -- particularly valuable for applications with sensitive data.
- Government. SMPC is used to secure voting and census data aggregation, while preserving individual privacy. Secure electronic voting systems ensure votes are counted accurately without revealing any voter's choice.
- Telecommunications. SMPC analyzes network usage patterns and user behavior without compromising individual privacy.
- Blockchain. SMPC enhances privacy and security in blockchain transactions and smart contracts, protecting users' financial information and transaction details.