Periodic Reporting for period 4 - PSOTI (Privacy-preserving Services On The Internet)
Okres sprawozdawczy: 2024-08-01 do 2025-01-31
Privacy has always been an essential human right, but it is often overlooked in today's convenient Internet services, which have become an essential part of our lives. Some steps have been taken to legally limit the service providers' power over users' data, such as the EU General Data Protection Regulation (GDPR). However, providing privacy-preserving services while providing a rich set of functionalities is very challenging.
The primary objective of the PSOTI project was to showcase that certain Internet services can be realized while still preserving privacy. For this, we substantially improved protocols and built frameworks for Secure Multi-Party Computation (MPC), allowing the secure processing of data under encryption. Moreover, we proposed MPC-based solutions and built prototype implementations that allow users to privately send, store, or even process data using multiple service providers.
In conclusion, we have shown that we do not require a single service provider to have plaintext access to the data, but multiple service providers can jointly and privately provide functionalities.
One of our primary goals has been to create efficient private query protocols. We created and implemented several privacy-preserving search methods that can be used in combination with other queries. A fundamental technique for this is Private Function Evaluation (PFE) which allows to protect both data and functions and hence even the structure of the private query. As further building blocks, we designed Private Information Retrieval (PIR) protocols that allow to privately retrieve data from a database.
To improve usability, we designed and implemented MPC frameworks that allow to build privacy-preserving Internet services. Our MPC frameworks were implemented in C/C++ or even in Rust with focus on memory safety. Furthermore, we substantially improved the performance of MPC protocols for example using hardware acceleration and parallelization.
Finally, we showed how such technologies can be used to preserve privacy in several applications and demonstrated their practicality in various settings. Among many applications, we looked at securing email and provided a generalized method and demonstrator to communicate securely over multiple communication channels (e.g. email, SMS, WhatsApp, Signal), some of which might be compromised by backdoors or surveillance.
We have published and presented our research results at major conferences and journals in the area of applied cryptography and organized the 10. Theory and Practice of Multi-Party Computation Workshop (TPMPC'24).
Our implementations and tools were published as open source under liberal open source licenses such as MIT, allowing companies to turn them into products.
With multiple press releases that were picked up by the media, we also made our research accessible to the general public.
Overall, the project PSOTI has shown that advanced cryptographic techniques can provide practical privacy-preserving solutions for Internet services.