Show simple item record

dc.contributor.authorMarcedone, Antonio
dc.identifier.otherbibid: 11050406
dc.description.abstractSecure multiparty computation protocols allow multiple distrustful parties to jointly compute a function of their private data while both ensuring correctness of the results and maintaining maximum privacy. Recent progress in concretely efficient implementations has shown that these once theoretical tools are becoming mature enough to secure a variety of applications from cryptocurrencies and auctions to machine learning and medical diagnosis. However, there is still a gap between the requirements of many real world scenarios and the guarantees and performance offered by generic protocols. In this dissertation, I demonstrate how tailoring secure computation protocols to the requirements of specific applications can allow for efficient solutions that can be deployed today. In particular, I focus and improve upon the scalability and practicality of the following concrete applications: 1. Hardware wallets are small special purpose devices that are used to store the secret keys that allow users to control their cryptocurrency funds. Surprisingly, hardware wallets currently on the market provide little guarantees against an adversarial (malicious) manufacturer (or equivalently a compromised supply chain). This puts user funds at risk. Current solutions either provide vague and ad hoc security guarantees or rely on generic secure computation protocols that are not practical to use. We introduce a formal security model for hardware wallets that adequately captures the capability of an arbitrary adversary and design a concretely efficient solution by constructing a special purpose threshold signature scheme that meets this definition. 2. I investigate how to perform large-scale machine learning training on data held by thousands of mobile phones in a privacy-preserving way. Referred to as federated learning, this scenario presents unique challenges where mobile phones coordinate through a central server and have limited bandwidth and computational resources. Crucially, the situation demands that the computation proceeds to completion even if users drop out anytime due to network or other issues. To allow training models in this distributed scenario without leaking sensitive user data, we design and implement a new efficient Secure Aggregation protocol that provides strong privacy guarantees while less than doubling the communication necessary for training. Google is currently evaluating this scheme in the context of next-word prediction in their Android keyboard app. 3. I look at the more general problem of how to securely compute arithmetic functionalities. These include many tasks such as statistics, machine learning computations, and cryptographic primitives (e.g., threshold ECDSA operations which are useful for cryptocurrencies). While a lot of progress has been made in the context of securely evaluating boolean functions, significant bottlenecks remain for arithmetic functions. We design and implement a new protocol which can evaluate any arithmetic circuit with active security (i.e. secure against parties who can deviate from the protocol arbitrarily). The protocol can be built generically (black-box) using any passive (i.e. secure against an adversary who follows the protocol but tries to extract information from it) instantiation of a simpler building block referred to as the OLE functionality. Furthermore, it requires as little as two times more OLE invocations over what is currently needed by protocols that only achieve passive security. In contrast, previous works have either focused only on passive security or relied on concrete implementations of the OLE functionality (often using not-well-known assumptions). Our experiments demonstrate that for a wide range of applications, our protocol outperforms the state of the art (TinyOLE and Overdrive) while relying on standard assumptions.
dc.subjectComputer science
dc.titleSecure Computation in the Real World
dc.typedissertation or thesis Science University of Philosophy, Computer Science
dc.contributor.chairPass, Rafael N.
dc.contributor.committeeMemberMichaely, Roni
dc.contributor.committeeMemberJuels, Ari

Files in this item


This item appears in the following Collection(s)

Show simple item record