Final Report Summary - LAST (Large Scale Privacy-Preserving Technology in the Digital World - Infrastructure and Applications)
The project LAST, or Large Scale Privacy-Preserving Technology in the Digital World: Infrastructure and Applications, focused on providing the scientific foundations needed to make secure two-party and multiparty computation a reality. Secure multiparty computation enables a set of mutually untrusting parties to carry out a joint computation on their private inputs, while revealing nothing but the output. This has many applications to privacy. For example, consider a service that provides genetic DNA testing for health, hereditary, information and so on. One example of such a service is 23 and me (www.23andme.com). Users who are concerned with the privacy ramifications of uploading their DNA to an Internet service would not wish to use such a service. Secure computation can be used to achieve this goal, without revealing the DNA. A similar example arose with a large project to take DNA from Alzheimer patients in an attempt to local common genetic defects. The lack of privacy guarantees may deter some from participating in the project. Beyond the health domain, there are applications of secure computation to auctions, elections, private database search, and more.
In LAST, we focused on making protocols for secure computation efficient enough to be useful in real-world applications. Needless to say, different applications require different response times, and many applications can still not be solved today using secure computation. This is due to the fact that computing on input without revealing it is actually very hard to do. This is especially the case when some of the participating parties may be maliciously corrupted, meaning that they can run any arbitrary strategy in an attempt to break the protocol. Despite this, over the last 5 years massive progress has been made on this problem, and we are today able to solve many problems that just 5 years ago looked out of reach for decades (if not impossible to ever make practical). A significant part of this development is due to results in LAST which focused on the Yao garbled-circuit approach. We made very significant progress in reducing the cost of this protocol. In addition, we studied additional models for making secure computation realistic in practical settings. One issue that arises in real uses of secure computation is that in almost all protocols, all parties have to be online at the same time to run the protocol. However, in Internet settings, this is rarely the case. Rather, different parties connect at different times to a single server. We considered this model from a theoretical and practical viewpoint, provided definitions of security that are unique to this setting, a general proof of feasibility that such secure computation is possible, and practically efficient protocols for a number of problems of specific interest.
There is still much work to be done on this question. However, LAST has made an impact on the theory and practice of secure computation, and has made critical contributions towards making secure computation a tool with practical applications.
In LAST, we focused on making protocols for secure computation efficient enough to be useful in real-world applications. Needless to say, different applications require different response times, and many applications can still not be solved today using secure computation. This is due to the fact that computing on input without revealing it is actually very hard to do. This is especially the case when some of the participating parties may be maliciously corrupted, meaning that they can run any arbitrary strategy in an attempt to break the protocol. Despite this, over the last 5 years massive progress has been made on this problem, and we are today able to solve many problems that just 5 years ago looked out of reach for decades (if not impossible to ever make practical). A significant part of this development is due to results in LAST which focused on the Yao garbled-circuit approach. We made very significant progress in reducing the cost of this protocol. In addition, we studied additional models for making secure computation realistic in practical settings. One issue that arises in real uses of secure computation is that in almost all protocols, all parties have to be online at the same time to run the protocol. However, in Internet settings, this is rarely the case. Rather, different parties connect at different times to a single server. We considered this model from a theoretical and practical viewpoint, provided definitions of security that are unique to this setting, a general proof of feasibility that such secure computation is possible, and practically efficient protocols for a number of problems of specific interest.
There is still much work to be done on this question. However, LAST has made an impact on the theory and practice of secure computation, and has made critical contributions towards making secure computation a tool with practical applications.