Advertisement

Brief Announcement: Federated Code Auditing and Delivery for MPC

  • Frederick Jansen
  • Kinan Dak Albab
  • Andrei Lapets
  • Mayank Varia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10616)

Abstract

Secure multi-party computation (MPC) is a cryptographic primitive that enables several parties to compute jointly over their collective private data sets. MPC’s objective is to federate trust over several computing entities such that a large threshold (e.g., a majority) must collude before sensitive or private input data can be breached. Over the past decade, several general and special-purpose software frameworks have been developed that provide data contributors with control over deciding whom to trust to perform the calculation and (separately) to receive the output. However, one crucial component remains centralized within all existing MPC frameworks: the distribution of the MPC software application itself. For desktop applications, trust in the code must be determined once at download time. For web-based JavaScript applications subject to trust on every use, all data contributors across several invocations of MPC must maintain centralized trust in a single code delivery service. In this work, we design and implement a federated code delivery mechanism for web-based MPC such that data contributors only execute code that has been accredited by several trusted auditors (the contributor aborts if consensus is not reached). Our client-side Chrome browser extension is independent of any MPC scheme and has a trusted computing base of fewer than 100 lines of code.

Keywords

Secure multi-party computation Web security Content delivery 

Notes

Acknowledgement

This material is based upon work partially supported by the NSF (under Grants #1414119, #1430145, #1718135, and #1739000) and the Honda Research Institutes.

References

  1. 1.
    Signing Software with Netscape Signing Tool 1.1. https://docs.oracle.com/cd/E19957-01/816-6169-10/contents.htm. Accessed 13 July 2017
  2. 2.
    Subresource Integrity. https://www.w3.org/TR/SRI/. Accessed 13 July 2017
  3. 3.
    VIFF. http://viff.dk/. Accessed 20 June 2017
  4. 4.
    Arcieri, T.: Whats wrong with in-browser cryptography?. https://tonyarcieri.com/whats-wrong-with-webcrypto. Accessed 11 July 2017
  5. 5.
    Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: A system for secure multi-party computation. In: CCS, pp. 257–266. ACM (2008)Google Scholar
  6. 6.
    Bestavros, A., Lapets, A., Varia, M.: User-centric distributed solutions for privacy-preserving analytics. Commun. ACM 60(2), 37–39 (2017)CrossRefGoogle Scholar
  7. 7.
    Bogdanov, D., Jõemets, M., Siim, S., Vaht, M.: How the estonian tax and customs board evaluated a tax fraud detection system based on secure multi-party computation. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 227–234. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47854-7_14CrossRefGoogle Scholar
  8. 8.
    Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009).  10.1007/978-3-642-03549-4_20CrossRefGoogle Scholar
  9. 9.
    Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: Sepia: privacy-preserving aggregation of multi-domain network events and statistics. In: Usenix Security Symposium. Usenix (2010)Google Scholar
  10. 10.
    Ejgenberg, Y., Farbstein, M., Levy, M., Lindell, Y.: SCAPI: the secure computation application programming interface. Cryptology ePrint Archive 2012/629Google Scholar
  11. 11.
    Gilad-Bachrach, R., Laine, K., Lauter, K., Rindal, P., Rosulek, M.: Secure data exchange: a marketplace in the cloud. Technical report June 2016Google Scholar
  12. 12.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM (1987)Google Scholar
  13. 13.
    Jarrous, A., Pinkas, B.: Canon-mpc, a system for casual non-interactive secure multi-party computation using native client. In: Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, pp. 155–166. ACM (2013)Google Scholar
  14. 14.
    Keller, M., Scholl, P., Smart, N.P.: An architecture for practical actively secure mpc with dishonest majority. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 549–560. ACM (2013)Google Scholar
  15. 15.
    Lapets, A., Varia, M., Bestavros, A., Jansen, F.: Role-based ecosystem model for design, development, and deployment of secure multi-party data analytics applications. Cryptology ePrint Archive (2017)Google Scholar
  16. 16.
    Levy, A.: Fraudsters just stole $7M by hacking a cryptocoin offering. https://www.cnbc.com/2017/07/17/coindash-website-hacked-7-million-stolen-in-ico.html. Accessed 24 Aug 2017
  17. 17.
    Morton, B.: Code Signing. https://casecurity.org/wp-content/uploads/2013/10/CASC-Code-Signing.pdf. Accessed 13 July 2017
  18. 18.
  19. 19.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. IEEE Computer Society (1982)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Frederick Jansen
    • 1
  • Kinan Dak Albab
    • 1
  • Andrei Lapets
    • 1
  • Mayank Varia
    • 1
  1. 1.Boston UniversityBostonUSA

Personalised recommendations