Multi-party computation (MPC) deals with the problem of jointly computing a function with input obtained from a set of distinct (possibly mutually distrusting) parties. It has a long story in the cryptographic literature, with the origins being found way back in the early 1980s, with the work of Yao. The basic scenario is that a group of parties wish to compute a given function on their private inputs. For example, suppose we have four parties Alice, Bob, Charlie and David. Alice has input x, Bob has input y, Charlie has input z, David has input w. They want to compute the value of the function F(x,y,z) = max(x,y,z,w). For example the values could represent their wealth, and they want to work out who is the richest. To do so the parties engage in a protocol, by exchanging messages, and thus obtain the output of the desired function. The goal is that the output of the protocol is just the value of the function. All that the parties can learn is what they can learn from the output and their own input. So in the above example, if the output is z, then Charlie learns that his z is the maximum value, whereas Alice, Bob and David learn (if x, y, z and w are distinct), that their input is not equal to the maximum, and that the maximum held is equal to z. The basic scenario can be easily generalised to where the parties have several inputs and outputs, and the function outputs different values to different parties.
The goal of IMPaCT was to turn Multi-Party Computation (MPC) from its stage of development in 2016, in which we were beginning to obtain practical feasibility results, to a stage in which we have fully practical systems. It has long been acknowledged that MPC has the potential to provide a transformative change in the way security solutions are enabled. As it stood in 2016 this was only possible in some applications. Limited deployments were beginning to emerge; examples include a distributed database by Cybernetica (Estonia), a auction system by Partisia (Denmark), a threat mitigation system by Unbound Security (Israel) and a datasystem by SAP (Germany). However, in turning MPC into a fully practical technology a number of key scientific challenges need to be solved; many of which have not yet even been considered in the theoretical literature. The IMPaCT project aimed to address this scientific gap, bridge it, and so provide the tools for a future road-map in which MPC can be deployed as a widespread tool; as ubiquitous as encryption and digital signatures are today.
One can now claim that the practical feasibility of MPC has been established. The next task is to scale up the potential application areas, as well as the performance and data throughput of MPC systems. At the same time we need to be able to scientifically assess the performance of such systems without needing to deploy them; we need to understand how to improve performance for important practical problem; we need to be able to deal with more realistic run time environments such as asynchronous networks; we need to quantify the additional security obtained from utilizing MPC; and we need to examine how different (less stringent) adversary structures can enable a step change in performance. Thus whilst feasibility is established a lot of basic research still needs to be done.
The scientific approach in IMPaCT was to investigate new MPC protocols and techniques which take into account practical constraints and issues which would arise in future application scenarios. Our work, despite being scientifically rigorous and driven from deep theoretical insight, was grounded in practical considerations. Almost all systems and protocols proposed were prototyped, so as to ensure that practical real world issues are taken into account. In addition we used our extensive industrial linkages to ensure a two way dialogue between potential users and the developers of MPC technology; thus helping to embed future impact of the work in IMPaCT.
