Periodic Reporting for period 3 - IMPaCT (Implementing Multi-Party Computation Technology)
Reporting period: 2019-07-01 to 2020-12-31
The goal of IMPaCT is to turn Multi-Party Computation (MPC) from the current stage of development, in which we are beginning to obtain practical feasibility results, to a stage in which we have fully practical systems. It has long been acknowledged that MPC has the potential to provide a transformative change in the way security solutions are enabled. As it presently stands this is currently only possible in some applications. Limited deployments are beginning to emerge; examples include a distributed database by Cybernetica (Estonia), a auction system by Partisia (Denmark), a threat mitigation system by Unbound Tech (Israel) and a datasystem by SAP (Germany). However, in turning MPC into a fully practical technology a number of key scientific challenges need to be solved; many of which have not yet even been considered in the theoretical literature. The IMPaCT project aims to address this scientific gap, bridge it, and so provide the tools for a future road-map in which MPC can be deployed as a widespread tool; as ubiquitous as encryption and digital signatures are today.
One can now claim that the practical feasibility of MPC has been established. The next task is to scale up the potential application areas, as well as the performance and data throughput of MPC systems. At the same time we need to be able to scientifically assess the performance of such systems without needing to deploy them; we need to understand how to improve performance for important practical problem; we need to be able to deal with more realistic run time environments such as asynchronous networks; we need to quantify the additional security obtained from utilizing MPC; and we need to examine how different (less stringent) adversary structures can enable a step change in performance. Thus whilst feasibility is established a lot of basic research still needs to be done.
Our scientific approach will be to investigate new MPC protocols and techniques which take into account practical constraints and issues which would arise in future application scenarios. Our work, despite being scientifically rigorous and driven from deep theoretical insight, will be grounded in practical considerations. All systems and protocols proposed will be prototyped so as to ensure that practical real world issues are taken into account. In addition we will use our extensive industrial linkages to ensure a two way dialogue between potential users and the developers of MPC technology; thus helping to embed future impact of the work in IMPaCT.
A major component of the work so far has been the development of the SCALE-MAMBA open source MPC system. We use this system to benchmark and validate a number of our results. This system derive from the earlier SPDZ system we developed at the University of Bristol. However, using work in IMPaCT this has been expanded to a number of other types of MPC protocol. In particular this has been used to develop our techniques related to different access structures, and in addition to look at combining different types of MPC application.
The system has been incorporated into a secure database system called Jana by some collaborators in the United States, and the Jana system has been demonstrated in a number of application domains relevant to the US governments activity in ""Evidenced based policy making"". We have also had a number of companies interested in using our system to investigate possible commercial application around MPC. These companies have come from around the globe including China, France, Japan, Switzerland and the United States.