Secure Computation in the Real World

Other Titles


Secure multiparty computation protocols allow multiple distrustful parties to jointly compute a function of their private data while both ensuring correctness of the results and maintaining maximum privacy. Recent progress in concretely efficient implementations has shown that these once theoretical tools are becoming mature enough to secure a variety of applications from cryptocurrencies and auctions to machine learning and medical diagnosis. However, there is still a gap between the requirements of many real world scenarios and the guarantees and performance offered by generic protocols. In this dissertation, I demonstrate how tailoring secure computation protocols to the requirements of specific applications can allow for efficient solutions that can be deployed today. In particular, I focus and improve upon the scalability and practicality of the following concrete applications: 1. Hardware wallets are small special purpose devices that are used to store the secret keys that allow users to control their cryptocurrency funds. Surprisingly, hardware wallets currently on the market provide little guarantees against an adversarial (malicious) manufacturer (or equivalently a compromised supply chain). This puts user funds at risk. Current solutions either provide vague and ad hoc security guarantees or rely on generic secure computation protocols that are not practical to use. We introduce a formal security model for hardware wallets that adequately captures the capability of an arbitrary adversary and design a concretely efficient solution by constructing a special purpose threshold signature scheme that meets this definition. 2. I investigate how to perform large-scale machine learning training on data held by thousands of mobile phones in a privacy-preserving way. Referred to as federated learning, this scenario presents unique challenges where mobile phones coordinate through a central server and have limited bandwidth and computational resources. Crucially, the situation demands that the computation proceeds to completion even if users drop out anytime due to network or other issues. To allow training models in this distributed scenario without leaking sensitive user data, we design and implement a new efficient Secure Aggregation protocol that provides strong privacy guarantees while less than doubling the communication necessary for training. Google is currently evaluating this scheme in the context of next-word prediction in their Android keyboard app. 3. I look at the more general problem of how to securely compute arithmetic functionalities. These include many tasks such as statistics, machine learning computations, and cryptographic primitives (e.g., threshold ECDSA operations which are useful for cryptocurrencies). While a lot of progress has been made in the context of securely evaluating boolean functions, significant bottlenecks remain for arithmetic functions. We design and implement a new protocol which can evaluate any arithmetic circuit with active security (i.e. secure against parties who can deviate from the protocol arbitrarily). The protocol can be built generically (black-box) using any passive (i.e. secure against an adversary who follows the protocol but tries to extract information from it) instantiation of a simpler building block referred to as the OLE functionality. Furthermore, it requires as little as two times more OLE invocations over what is currently needed by protocols that only achieve passive security. In contrast, previous works have either focused only on passive security or relied on concrete implementations of the OLE functionality (often using not-well-known assumptions). Our experiments demonstrate that for a wide range of applications, our protocol outperforms the state of the art (TinyOLE and Overdrive) while relying on standard assumptions.

Journal / Series

Volume & Issue



Date Issued




Computer science


Effective Date

Expiration Date




Union Local


Number of Workers

Committee Chair

Pass, Rafael N.

Committee Co-Chair

Committee Member

Michaely, Roni
Juels, Ari

Degree Discipline

Computer Science

Degree Name

Ph.D., Computer Science

Degree Level

Doctor of Philosophy

Related Version

Related DOI

Related To

Related Part

Based on Related Item

Has Other Format(s)

Part of Related Item

Related To

Related Publication(s)

Link(s) to Related Publication(s)


Link(s) to Reference(s)

Previously Published As

Government Document




Other Identifiers


Rights URI


dissertation or thesis

Accessibility Feature

Accessibility Hazard

Accessibility Summary

Link(s) to Catalog Record