Secure Function Evaluation – from Theory to Tools

One of its most impressive contributions of modern cryptography is secure multi-party computation, which allows multiple participants, each with its own private input, to compute any function of their joint inputs without revealing any information about the inputs except for the final output of the function. A classic example of such a computation is the “millionaires’ problem”, in which two millionaires want to find out which one of them is richer, without revealing their actual worth.

In spite of their appeal, secure computation techniques have rarely been applied in practice and were considered to have mostly theoretical significance. The SFEROT project aimed at building techniques to translate secure multi-party computation into practical tools.

The SFEROT project resulted both in an improved theoretical understanding of secure multi-party protocols, and in efficient constructions of secure protocols for specific high impact applications. The research covered generic protocols (that can be applied for computing any function), and specialized protocols for specific functions of interest.
In particular, the project resulted in improvements to the performance of generic secure two-party computation in the face of malicious adversaries. (This type of protocols was previously considered as totally impractical, and is now almost as efficient as protocols with lower levels of security.) Other results included the first efficient working demo for secure multi-party computation based on binary circuit representation (based on new protocols designed in the project); techniques for the reduction of the overhead of generic protocols by up to 50%; the design of secure protocols for settings with limited interaction; and new constructions of oblivious RAM, which resulted in renewed interest in this problem and many follow-up results.

With regards to protocols for specific applications, the project resulted in a new secure protocol for face recognition (that received the best paper award in the IEEE Oakland Security and Privacy conference, which is the most prestigious security conference); in protocols for computing the Hamming distance and document similarity; and in new protocols for set intersection which overachieve all existing protocols.