Secure, Private, Efficient Multiparty Computation

The goal of the SPEC project is to develop novel techniques and methods for secure multiparty computation protocols (MPC), which will in turn enable large scale MPC applications by providing more realistic security, privacy and efficiency properties. The main idea behind the project is that in order to design the next generation of MPC protocols we have to take a step back and rethink the entire “MPC Stack” i.e.: The System Layer, The Cryptographic Layer and The Application Layer.

MPC is a cryptographic technique that allows a set of mutually distrusting parties to compute any joint function of their private inputs in a way that preserves the confidentiality of the inputs and the correctness of the result. Examples of MPC applications include secure auctions, benchmarking, privacy-preserving data mining, etc. In the last decade, the efficiency of MPC has improved significantly, especially with respect to evaluating functions
expressed as Boolean and arithmetic circuits. These advances have allowed several companies worldwide to implement and include MPC solutions in their products. Unfortunately, it now appears (and it’s partially confirmed by theoretical lower bounds) that we have reached a wall with respect to possible optimizations of current building blocks of MPC, which prevents MPC to be used in critical large-scale applications. We therefore believe that a radical paradigm-shift in MPC research is needed in order to make MPC truly practical.

With this project, we intend to take a step back, challenge current assumptions in MPC research and design novel MPC solutions. Our hypothesis is that taking MPC to the next level requires more realistic modelling of the way that security, privacy and efficiency are defined and measured. By combining classic MPC techniques with research in neighbouring areas of computer science we will fulfill the aim of the project and in particular:

1) Understand the limitations of current abstract models for MPC and refine them to more precisely capture real world requirements in terms of security, privacy and efficiency.
2) Use the new models to guide the developments of the next generation of MPC protocols, going beyond current performances and therefore enabling large-scale applications.
3) Investigate the necessary privacy-utility trade-offs that parties undertake when participating in distributed computations and define MPC functionalities that encourage cooperation for rational parties.

The first period of the project has achieved the planned goals to a sufficient degree, and in particular the project has already produced a significant number of scientific publications, some of which have been published at the top venues for cryptographic research. Here is a brief overview of some of the most significant publications:

• Sharing Information with Competitors, Simina Brânzei, Claudio Orlandi, Guang Yang, SAGT 2019: Here we investigate game-theoretic aspects of different agents exchanging information using private protocols.
• Security of Hedged Fiat-Shamir Signatures under Fault Attacks, Diego F. Aranha, Claudio Orlandi, Akira Takahashi, Greg Zaverucha, EUROCRYPT 2020: Here we investigate the security provided by certain kind of signature schemes, including those based on MPC techniques, against tampering attacks.
• Optimal Transport Layer for Secure Computation, Markus Brandt, Claudio Orlandi, Kris Shrishak, Haya Shulman, SECRYPT 2020: Here we investigate the impact of using different kind of transport layers on the performances of MPC protocols.
• Black-Box Transformations from Passive to Covert Security with Public Verifiability, Ivan Damgård, Claudio Orlandi, Mark Simkin, CRYPTO 2020: Here we propose novel methods to increase the security of MPC protocols at a limited cost.
• Securing DNSSEC Keys via Threshold ECDSA From Generic MPC, Anders Dalskov, Marcel Keller, Claudio Orlandi, Kris Shrishak, Haya Shulman, ESORICS 2020: Here we propose novel MPC protocols with applications to the security of internet infrastructure.
• Improved Primitives for MPC over Mixed Arithmetic-Binary Circuits, Daniel Escudero, Satrajit Ghosh, Marcel Keller, Rahul Rachuri, Peter Scholl, CRYPTO 2020: Here we propose novel techniques to increase the efficiency of MPC protocols when using mixed models of computation.
• Lattice-Based Zero-Knowledge SNARGs for Arithmetic Circuits, Anca Nitulescu, LATINCRYPT 2019: Here we propose novel zero-knowledge protocols with post-quantum security.

The main highlights of the second period are:
- A large number of team members joined the project.
- A very significant scientific output, most of which has been disseminated at very prestigious venues, including 8 in absolutely top-tier venues and 10 at high-quality venues.

The second period has been very fruitful, with significant progress. A few highlights:
1. The Rise of Paillier: Homomorphic Secret Sharing and Public-Key Silent OT Claudio Orlandi, Peter Scholl, Sophia Yakoubov. EUROCRYPT 2021. In this result we show new techniques that allow two parties to jointly compute a “distributed discrete logarithm” in for Paillier ciphertexts.
2. Refresh When You Wake Up: Proactive Threshold Wallets with Offline Devices Yashvanth Kondi, Bernardo Magri, Claudio Orlandi, Omer Shlomovits IEEE Symposium on Security and Privacy 2021. In this work we present a protocol for threshold ECDSA which guarantees privacy even if *all* devices are corrupted by the adversary over time, by performing period resharing of the keys. While previous works in this area required all devices to be online for the resharing (which is quite impractical in real-world applications), we present the first protocol that allow to do so even if some devices are “asleep” during the refreshing phase.
3. LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage. Diego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi and Yuval Yarom. ACM CCS 2020. This work presents which result into practical breacks of ECDSA. This work has had wide impact, and has been picked up by technical media.

Many of the project results have advanced the field significantly beyond the state of the art, as documented by the fact that they have been accepted for publication at top-tier conferences for the field of security and cryptography (as opposed to many other fields in natural science where journals are more prestigious, in computer science highranked conferences are the most prestigious mean of dissemination).

I believe that the results "The Rise of Paillier: Homomorphic Secret Sharing and Public-Key Silent OT" will have long term repercussion on the field of secure computation. The applications presented in the paper have great potential and, perhaps most importantly, the technical mathematical insight that lead to the new results was quite surprising, both to us and to the reviewers, given the incredibly positive feedback that we received. The main technical insight is that in certain groups of composite order it is possible to perform a non-interactive "distributed discrete logarithm" computation with perfect correctness. This is quite surprising since usually computing discrete logarithms is computationally expensive. I believe that more results will be achieved using the same or similar techniques.