Secure Multi-Party Computing Series Notes 1 - Past and Present

The notes refer to a series of materials including the secure multi-party computing article of the NSFOCUS Technology Research Newsletter.

First look at the definition: Secure Multiparty Computing (SMPC or MPC) refers to allowing distributed participants to cooperate to calculate any function and output accurate calculation results without revealing the original input data of the participants.

origin

The secure multi-party computation problem and its solution were first proposed by Yao Qizhi (1982).

The problem can be interpreted as: two competitive rich men, Alice and Bob, each have x and y million (unit: knife) wealth, where 1<=x, y<10. How to compare who is richer without revealing his richness?

popular solution

Suppose x=4, y=6. So Alice has 4M and Bob has 6M. Wealth can be compared using the following steps:

1. Alice prepares 9 boxes and pastes 1-9 on the surface respectively.

   [1]	[2]	[3]	[4]	[5]	[6]	[7]	[8]	[9]
   

2. Alice puts apples (P) and bananas (X) in the box. The rule is: if the box number is less than x, put apples, otherwise put bananas.

   [1P]	[2P]	[3P]	[4X]	[5X]	[6X]	[7X]	[8X]	[9X]
   

3. Package the boxes and hand them over to Bob in order. At this point Bob knows the serial number of the box (posted on the outside), but he doesn't know what fruit is inside.
4. Bob picks the box [6X] whose serial number is equal to y, and tears off the serial number [X].
5. Witnessed by Alice and Bob, they opened the box. Find out what's in there.

serious solution

In fact, knowing the general process, there are many ways how to use mathematics to describe the solution and what kind of cryptographic tools (modules, one-time pads, asymmetric keys, etc.) are used to realize it.

Still assume x=4, y=6. Both Alice(a) and Bob(b) have their own public (p), private (s) key pair (respectively denoted as $pa,pb,s\_\_sb$ ), the encryption and decryption operations are recorded as:$E_k(\cdot )$/$D_k(\cdot )$ , wherek ∈ { pa , pb , sa , sb } k \in \{pa, pb, sa, sb\}k∈{ pa,pb,s _ _s b } . The specific steps are:

0. Bob makes a random number $r$ (for packaging boxes), calculate$m=E_{sb}(r)-y$ , put$m$ to Alice;
1. Alice got $m$ , sincerrWhat is$r$$y$ (property of the one-time pad). But because 1<=x,y<10, Alice can enumerate y, so he got$[m+1,...,m+9]$ , and then get$$Boxes=[D_{pb}(m+1),D_{pb}(m+2),...,D_{pb}(m+9)]$$ (generates 9 chests).
2. Alice takes a prime number $p$， p p The order of magnitude of$p$$r\; is$ small. ToB oxes Boxes9 boxes (9 numbers) in$B$$o$$x$$es$$p$，得到$$Boxe{s}_p=[D_{pb}(m+1)\mathrm{mod}p,D_{pb}(m+2)modp,...,D_{pb}(m+9)modp]$$ Reserve$Boxe{s}_p$ex $x$ items, +1 for other items (put in fruit, tear off labels). Get
   $$Boxe{s}_{pf}=[D_{pb}(m+1)\mathrm{mod}p+0,D_{pb}(m+2)modp+0,...,D_{pb}(m+9)modp+1]$$
3. Alice put $Boxe{s}_{pf}$Send it to Bob according to the serial number. At this point, Bob will check the $y$ number, see if it is equal to$rmodp$ (open the box to see what fruit is in it).

why mod $p$?

Readers may wish to write down the information Alice and Bob have mastered throughout the process. If you don't model a $p$ , directly toB oxes BoxesIf the item in$B$$o$$x$$es$$After\; Boxes$ , you can encrypt$Items\; in\; Boxes$ and sum$m+1,...,m+9$ to compare and get Alice's secret$x$。

Framework Model of Secure Multi-Party Computation

$The\; n$ computing participants respectively hold their own secret data
$$x_1,x_2,\dots ,x_n,$$
the purpose of the protocol is to use the secret data of all parties to calculate a pre-agreed consensus function
$$(y_1,y_2,...,y_n)=f(y_1,y_2,\dots ,y_n),$$
any party$i$ can get the corresponding result$y_i$, but cannot obtain any other information, including other $x$和$y$。

Under the traditional distributed computing model, in traditional distributed computing, the central node coordinates the computing process of each user and collects the plaintext input information of each participant. The original data of each participant is no secret to the third party. It is easy to cause data leakage.

In the MPC computing mode, there is no need for a trusted third party to collect the original plaintext data of all participating nodes, only the participating nodes need to exchange data with each other, and the exchange is after processing (such as homogeneous encryption, secret sharing and other processing methods) ) data to ensure that other participating nodes cannot reverse the original plaintext data after obtaining the data, ensuring the privacy of each participant's data.

Technical Architecture of Secure Multi-Party Computing

According to the computing tasks supported, secure multi-party computing can be divided into two categories: dedicated scenarios and general scenarios.

• General-purpose MPC: It is generally implemented by a confusion circuit (GC), which is complete and can theoretically support any computing task. The specific method is to compile the calculation logic into a circuit, and then confuse it for execution. However, for complex calculation logic, the efficiency of the confuse circuit will be reduced to varying degrees, and there will be a big gap in efficiency compared with the dedicated algorithm.

• Dedicated MPC: A special MPC protocol constructed to solve specific problems. Since it is constructed and optimized in a targeted manner, the efficiency of a dedicated algorithm will be much higher than that of a general framework based on confusing circuits. The current MPC dedicated algorithm includes four arithmetic operations and comparison operations , matrix operation, private set intersection, private data query, etc.

Although the special-purpose MPC is more efficient than the general-purpose MPC, it also has some disadvantages, such as only supporting a single calculation logic, and the scene cannot be used universally; in addition, the special-purpose algorithm design requires domain experts to carefully design specific problems, and the design cost is high.