Business Cloud News
Scholl says that the research team has developed a practical implementation of the SPDZ 2.0 protocol

Scholl says that the research team has developed a practical implementation of the SPDZ 2.0 protocol

A recent breakthrough in multi-party computation (MPC) cryptography may result in a “sea change” in computing security according to Peter Scholl, a researcher in the Cryptography and Information Security group at the University of Bristol.

The essential idea behind MPC, a subset of cryptography, is that it should enable two or more people to compute any function choosing secret inputs, without actually revealing the contents of those inputs to either party.

Scholl is among a team of researchers from the Department of Computer Science at University of Bristol and Aarhus University in Denmark who are jointly developing a practical implementation protocol for MPC called SPDZ (pronounced “speeds”).

The protocol employs a message authentication code (MAC – not to be confused with Media Access Control) on secret data which is shared between each party on both ends of a computer transaction. The MAC is verified when both parties reveal a piece of information that can only be known by the other party (like a piece of that MAC).

But it also uses homomorphic encryption techniques that are computationally burdensome – the encryption keys constantly need recalculating, one of the reasons why the first iteration of the SPDZ protocol encountered roadblocks towards practical implementation.

“In the latest work we improved, optimized and implemented the entire protocol, with the goal of making it truly practical for real-world computations. The main innovations are a new way of checking MACs on secret data that avoids the need for recalculating encryption keys, and faster methods for ensuring that potentially dishonest players follow the protocol,” Scholl told Business Cloud News.

The technique also uses distributed key generation and decryption, so if one machine is compromised the integrity of the cryptographic key is preserved. The innovation may hold promise in the datacentres of cloud service providers and bare-metal hosting companies keen to ensure hackers can’t spread from machine to machine – or provider to provider, but it’s likely that the performance of the protocol will need to be improved before it takes hold.

“For a cloud scenario, for example, a customer could split their data into several parts and give each part to a separate cloud provider (the clouds then play the role of the ‘parties’). Provided they don’t collude, no single cloud provider can find out any information on the customer data. When the data needs to be processed, the clouds run an MPC protocol to perform the computation securely, and send each part of the result to the user to reconstruct,” Scholl says.

Scholl says that the research team is very much on top of the speed issue with SPDZ 2.0, and that the protocol can be practically implemented given the new innovations embedded in the most recent version of the protocol.

“We compared secure computation speed with clear computation speed using our implementation and historical CPU data. Currently the online phase of our protocol has roughly the same performance (in multiplications/second) as an Intel 386, which is around 20 “computing years” ahead of where we were with things 2 years ago,” Scholl says. “Unfortunately the technology is currently only practical for small-scale scenarios – the volumes of data and types of algorithms used in most cloud services seem difficult to handle with MPC right now.”

The University says it has shopped SPDZ 2.0 around to numerous vendors and after a reasonably warm reception, particularly from the IT security and finance sectors, it is now in the process of considering commercialisation via Dyadic Security Limited, a company co-founded by Dr. Nigel Smart and Dr. Yehuda Lindell, both computer science professors.

Scholl will be presenting the team’s work in a paper entitled  Practical covertly secure MPC for dishonest majority – or: Breaking the SPDZ limits at the European Symposium on Research in Computer Security this week in Egham, UK.