What Will Be the Early Privacy Impact of Secure Multiparty Computation?
Currently, one of the most rigorously examined corners of the surging cryptography space, secure multiparty computation, or sMPC, is widely considered a viable solution to many practical situations in the real world. The concept has some promising implications ranging from privacy to scalability and efficiency, and it’s lasting impact lay outside the purview of only blockchain technology.
However, many crypto and blockchain platforms are among the early pioneers in actively applying the technology to finance, advertising, insurance and other industries.
“The beauty of multi-party protocols is that they use a rich body of tools and sub-protocols, some of which have been developed especially for MPC and others previously developed for the cryptographic non-distributed setting,” detailed Dragos Rotaru, a researcher for the Advanced Research Projects Agency, or ARPA, in the team’s white paper.
The rich feature-set of tools includes the lauded protocols of zero-knowledge proofs, message authentication codes, commitment schemes and secret sharing models, like Shamir’s Secret Sharing. The compatibility of sMPC with such blossoming cryptography subfields, along with its recent development that surpassed many of its performance limitations, is poised to unleash a new suite of features for many public blockchains, financial applications and data sharing.
Related: Secure Encryption Key Management Modules, Explained
A brief history and introduction of sMPCs
The concept of sMPCs gained traction in the early 1980s as a solution to “Yao’s Millionaire Problem.” The problem is a classic example of two parties, Alice and Bob, wishing to determine which party is wealthier without revealing their explicit wealth value.
The goal of sMPC is to enable both Alice and Bob to compute a function over the shared inputs — e.g., their wealth — without revealing the value of the inputs. As a result, the counterparties can discern which is wealthier without exposing private financial data. Contrary to most cryptographic goals, sMPC protects participating user privacy from one another and is not explicitly created to protect a communication channel from third-party snooping.
The applications of sMPC are numerous, but its early potential was handcuffed by its performance limitations. Those handcuffs have been removed. As the ARPA white paper details:
“With theoretical constructions going back 35 years, there are substantial improvements in algorithmic and engineering designs over the past decade to improve performance.”
ARPA references that the overall performance of sMPCs has increased by four to five orders of magnitude in the last decade alone — which are drastic improvements. As a result, the applications of sMPCs are no longer relegated to theoretical designs and are now firmly planted in the practical world.
For example, sMPCs can play the primary role in mitigating one of crypto’s most endemic problems — exchange transparency. Endeavors like Blockstream’s Bitcoin proof-of-reserves attempt to self-regulate exchange treasuries to ensure customers that their deposits are fully-backed by the exchange. Instances like the QuadrigaCX debacle would fade away, and exchanges would garner more regulatory trust in the process.
The sentiment for better exchange reserve transparency is also consistently touted by Castle Island Ventures’s Nic Carter, who views the progression as inevitable. And while PoR protocols like the one from Blockstream still need to improve privacy, others, such as ARPA’s, are on the cusp of bolstering the prospects of PoR significantly. The ARPA MPC network is in its pre-Alpha mainnet stage. Users can stake their tokens, join the privacy-preserving computation network, complete tasks and get computation rewards.
In addition, institutional and personal account key management requirements stimulated by distributed ledgers have also spawned many wallet applications, and this change has also affected traditional enterprises. No matter in the blockchain or traditional financial institutions, the threshold signature scheme enabled by sMPC can bring security and privacy improvements in various scenarios.
Wallets based on a threshold signature are more secure because the private key doesn’t need to be rebuilt. Also, without all signatures posted publicly, anonymity can be achieved. Compared to the multi-signature, a threshold signature needs lower transaction fees. Similar to key management applications, the administration of digital asset accounts can also be more flexible. Furthermore, a threshold signature wallet can support various blockchains that do not natively support multi-signature, which reduces the risk of smart contract bugs.
The remaining barriers to the proliferation of sMPC hinge on education and making the technology more accessible. For example, developers are working on abstracting away the underlying complexity of the technology and building “plug-and-play” setups for businesses to tap into the technology. As Rotaru continued:
“Our goal is to build an MPC network with high availability for the first time where any business needs for secure computation can be conducted on the network or by using smart contracts on existing blockchains such as Ethereum or EOS.”
By reducing the costs and barriers to access sMPCs, businesses can leverage one of cryptography’s most venerated achievements. However, the direct impact on sMPCs extends beyond PoR for exchanges well into the depths of the battle for digital privacy.
Privacy advantages of sMPC
Applications can be layered on top of sMPC protocols, masking the exceptional complexity that underscores them — something businesses do not want to pay for to implement themselves. Once the barriers to accessing sMPC protocols are reduced, the practical applications for privacy become pretty obvious.
The primary target area? Privacy.
For example, outside the scope of blockchains, imagine any scenario where two or more parties want to come together; they do not explicitly trust each other and would like to determine an outcome without revealing sensitive internal details about each other.
Situations like data sharing, such as calculating the average age of a group of web users visiting a website without exposing other (non-pertinent) personal user data, immediately come to mind. Others, like insurance providers analyzing risk without having to control vast quantities of data (no more Equifax hacks), are also enticing. And some, like secure monetization for user data by renting personal data to advertisers, might be the tip of the privacy spear that shatters the glass ceiling of user privacy abuse.
ARPA views sMPC as also playing a critical role in health care, an industry rife with data privacy and security problems.
“Individual medical data contains sensitive information that is risky to run a diagnosis using third-party models or tools,” says Rotaru. He added:
“With sMPC protocols, such as ARPA’s, medical data for diagnoses can be computed without leaking data to third-party model providers, specifically AI specialists that are prevailing as pivotal algorithmic providers to medical institutions.”
Related: What Are zk-SNARKs and How Do They Affect Digital Privacy?
It’s unlikely that enterprises will recognize the advent of sMPCs to their advantage in the short-term. Their incorporation of the technology will likely follow its proven accolades among public blockchains, and specifically, financial applications running on those networks. Enterprises that have been investing in both researching and implementation of sMPC have also come together to form an alliance to bring global awareness to this technology. The MPC Alliance now has over a dozen members.
Yet, the question is whether or not the technology will become more sophisticated from this point forward:
Should the technology become a ubiquitous, accessible tool on the web, expect an entire generation of companies to provide privacy services to web surfers, advertisers and companies with data-intensive requirements?
The trajectory of sMPC’s impact on privacy appears inevitably fruitful in the long-term. Now, the onus is on crypto companies and blockchains to tinker and promote the technology that has cryptographers so excited about the future of privacy.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Andrew Rossow is a millennial attorney, law professor, entrepreneur, writer and speaker on privacy, cybersecurity, AI, AR/VR, blockchain and digital currencies. He has written for many outlets and contributed to cybersecurity and technology publications. Utilizing his millennial background to its fullest potential, Rossow provides a well-rounded perspective on social media crime, technology and privacy implications.