Final Report Summary - LAST (Large Scale Privacy-Preserving Technology in the Digital World - Infrastructure and Applications)
In LAST, we focused on making protocols for secure computation efficient enough to be useful in real-world applications. Needless to say, different applications require different response times, and many applications can still not be solved today using secure computation. This is due to the fact that computing on input without revealing it is actually very hard to do. This is especially the case when some of the participating parties may be maliciously corrupted, meaning that they can run any arbitrary strategy in an attempt to break the protocol. Despite this, over the last 5 years massive progress has been made on this problem, and we are today able to solve many problems that just 5 years ago looked out of reach for decades (if not impossible to ever make practical). A significant part of this development is due to results in LAST which focused on the Yao garbled-circuit approach. We made very significant progress in reducing the cost of this protocol. In addition, we studied additional models for making secure computation realistic in practical settings. One issue that arises in real uses of secure computation is that in almost all protocols, all parties have to be online at the same time to run the protocol. However, in Internet settings, this is rarely the case. Rather, different parties connect at different times to a single server. We considered this model from a theoretical and practical viewpoint, provided definitions of security that are unique to this setting, a general proof of feasibility that such secure computation is possible, and practically efficient protocols for a number of problems of specific interest.
There is still much work to be done on this question. However, LAST has made an impact on the theory and practice of secure computation, and has made critical contributions towards making secure computation a tool with practical applications.