dc.description.abstract | As an alternative to performing analytics in the clear, there is an increasing demand for developing privacy-preserving solutions that aim to protect sensitive data while still allowing for its efficient analysis. Among the various privacy-enhancing technologies, secure multiparty computation (MPC) is a promising approach that enables multiple parties (n) to jointly process their private inputs while ensuring that no coalition of at most t<n parties, under the control of an adversary, learns any information other than the intended output. In this thesis, we identify various such real-world applications that demand privacy-preserving solutions and address these via MPC. We consider a broad range of applications that span across healthcare, finance and even social sectors. For each application under consideration, we identify the desirable MPC setting (e.g., number of computing parties n) and security notion to be achieved when designing the solution. Based on this, we either design new MPC frameworks that provide improved security guarantees and efficiency or enhance the existing frameworks.
Although we make application-specific design choices, the common theme while designing secure protocols for all is to design as efficient a solution as possible. In this regard, we make the following common design choices across all applications. First, we consider an honest majority among the computing parties (i.e., t<n/2), which is known to render efficient protocols in comparison to the dishonest majority (i.e., t<n). Second, we focus on designing secure protocols in the preprocessing paradigm, where expensive input-independent computations are pushed onto a preprocessing phase, thereby making way for a fast and efficient input-dependent online phase. Finally, our protocols are designed to operate on the ring algebraic structure to capitalize on the efficiency gains obtained from utilizing the CPU architecture. We next elaborate on the specific applications considered in the thesis and the contributions therein.
Secure computation over graphs via traditional security notion:
Operating on graph-structured data is ubiquitous due to the modelling capabilities of graphs, and this finds use in analysing various systems like social networks, biological networks, transportation networks, etc. However, privacy concerns arise when analysing graphs that model sensitive data. To address this, we design privacy-preserving solutions for two popular graph algorithms---local clustering and graph convolutional networks.
-- Secure local clustering: Identifying a cluster around a target node in a graph, termed local clustering, finds use in several applications, including fraud detection, targeted advertising, community detection, etc. We design solutions for privacy-preserving local clustering, which is done for the first time in the literature. Keeping efficiency in mind for large graphs, we build over the best-known honest-majority 3-party framework of SWIFT (USENIX'21) and enhance it with some of the necessary yet missing primitives. To further enhance efficiency, we design the protocols using the GraphSC paradigm, which provides a generic secure framework for efficiently evaluating graph algorithms. Since this paradigm relies on a secure shuffle primitive, we also design an efficient secure 3-party shuffle protocol.
We note that secure shuffle is a versatile primitive that finds widespread use in various other applications as well (which may not involve computations over a graph), such as electronic voting, oblivious RAM, and anonymous broadcast, to name a few. Hence, as a by-product of our shuffle protocol, we are also able to securely realise an anonymous broadcast system. As the name suggests, anonymous broadcast enables a set of N clients to anonymously broadcast their messages while guaranteeing that none learns about the association between a message and the identity of its sender. Hence, while anonymous broadcast may not be inherently associated with graph computations, we diverge slightly to demonstrate how our shuffle protocol can be employed to realize anonymous broadcast in the 3-party setting, as considered in prior works. In the process, not only do we design a more efficient anonymous broadcast system compared to the state-of-the-art, but our system also provides improved security guarantees and properties such as censorship resistance that were missing in the prior solution.
-- Secure graph convolutional networks: Graph convolutional networks (GCNs) are gaining popularity due to their ability to effectively model and learn from complex graph-structured data. We put forth Entrada, a framework for securely evaluating GCNs. For efficiency and accuracy reasons, Entrada builds over the 4-party framework of Tetrad (NDSS'22) and enhances the same by providing the necessary primitives. Moreover, Entrada leverages the GraphSC paradigm to further enhance efficiency and entails designing a secure and efficient shuffle protocol specifically in the 4-party setting. This, to the best of our knowledge, is done for the first time and may be of independent interest.
Stepping beyond traditional security for financially and socially relevant problems:
Most protocols in the small-party setting that are designed to attain the strongest security notion of guaranteed output delivery (GOD), rely on entrusting an honest party, identified as the trusted third party (TTP), with inputs in the clear to carry out the computation. However, this may not be desirable for certain applications that deal with highly sensitive data. Another drawback of traditional MPC protocols is the view leakage attack, where a malicious adversary may send its view to an honest party, thereby enabling the latter to obtain the underlying secret information. To address these drawbacks in the traditional MPC definition, Alon et al. (CRYPTO'20) propose the notion of MPC with Friends and Foes (FaF). Thus, departing from the traditional MPC model, we identify the need to design FaF-secure MPC protocols for applications that deal with highly sensitive information, where information leakage must be prevented even against quorums of honest parties. Specifically, we consider the applications of secure dark pools and secure allegation escrow systems. Keeping efficiency at the centre stage, we design FaF-secure 5-party computation protocols (5PC) that consider one malicious and one semi-honest corruption and constitute the optimal setting for attaining an honest majority.
-- Secure dark pools: Dark pools are private security exchanges that allow investors to trade financial instruments outside of the prying eyes of the public and ensure the trade remains unexposed until it is completed. Dark pools are traditionally operated by centralized trusted brokers, who, in the past, have been known to misuse insider information. This necessitates designing solutions that guarantee privacy even against the dark pool operator. Hence, given the sensitive nature of financial data that is involved in the computation and the drawbacks present in the traditional MPC solutions, we design FaF secure solutions for the same in the 5PC setting. We design improved solutions for the continuous double auction (CDA) and volume-based matching algorithms that are used in dark pools. We benchmark the performance of these secure matching algorithms and observe improvements in comparison to the prior works.
-- Secure allegation escrow system: The rising issues of malpractices have led victims to seek comfort by acting in unison against common perpetrators (e.g., the #MeToo movement). To increase trust in the system, cryptographic solutions are being designed to realize secure allegation escrow (SAE) systems. In this regard, we identify privacy issues present in prior works and put forth an SAE system to arrest all these breaches. Given the highly sensitive nature of allegation data, we choose to realise the system under FaF security as opposed to traditional security notions. We also provide additional features which were absent in the state of the art. We benchmark the proposed system with the FaF secure 5PC protocols to showcase the practicality of our solution.
Secure computation with a constant number of parties:
Unlike the applications considered above that demanded operating with a specific number of parties, the latter may vary depending on the application. Hence, we provide a generalization which allows instantiating the MPC protocol with an arbitrary (constant) number of parties (n). Our generalized protocols continue to operate in the honest majority setting to capitalize on the efficiency benefits that this setting provides over the dishonest majority, which thereby facilitates attaining an efficient solution for the end application. We design two different protocols that are secure against a semi-honest and a malicious adversary, respectively. We also design a wide range of building blocks that facilitate the secure realization of various applications, including but not limited to genome sequence matching, biometric matching, and even deep neural networks, and showcase the practicality of the designed protocols by benchmarking these applications.
In this way, we design a range of building blocks in various MPC settings that can facilitate secure realizations for the above-mentioned privacy-conscious applications. | en_US |