Generic Secure Multi-Party Computation in Centralised Cloud-based Environments
Comparing business KPIs with other market participants through benchmarking as well as joint calculations of generic arithmetic functions is a means for companies to optimize costs. Those collaborative optimizations require data of all participating actors that might include business secrets, and therefore must be kept private in many cases. This demonstrates the demand for privacy-preserving collaborative optimisation techniques. Over the last decades, a variety of mechanisms and protocols that enable privacy-preserving collaborative computations have been presented such as trusted third party (TTP) approaches or secure multi-party computation (MPC). The idea of secure MPC is to emulate a TTP by jointly computing a public function. Such a protocol is secure in the sense that each participant only knows its own input, the computation’s output, and what can be inferred from that.
Existing solutions for privacy-preserving benchmarking compute only a fixed set of arithmetic functions. In contrast, generic secure multi-party computation systems like FairplayMP enable the secure computation of arbitrary functions. However, these usually follow a decentralised communication scheme. The main objective of the master’s thesis therefore is (1) to design, implement, and evaluate a generic secure computation system that can compute arbitrary functions in a centralised communication scheme and (2) to determine the class of arithmetic functions that the selected secure computation mechanism can compute feasibly in practice.
To achieve this, the thesis will encompass mechanisms for compiling a given arbitrary function into a secure MPC protocol as well as for compiling this protocol into a runnable cloud-based implementation. This includes literature research of the current research state with a focus on suitable protocols for privacy-preserving addition and multiplication. The chosen mechanisms will be implemented in a proof of concept prototype, which will be evaluated regarding security, performance, and other criteria.