Hi everybody, here is the initial proposal, comments are very welcome!
Privacy: Multi-party computation
Background: Since computation is replicated on many nodes, users risk one of the nodes leaking information. Cryptographic protocols for multi-party computation enable several nodes to jointly compute a function on confidential data without revealing the input or intermediate data. In theory, any function can be securely evaluated with MPC but users pay a significant performance overhead. This research will provide MPC functionality on the IC for users who need strong privacy guarantees.
Objective: Deploy multi-party computation techniques to enable computation on private data
Discussion leads: Victor Shoup, Jens Groth
Research questions:
- How can users submit confidential data? Are there optimizations in bulk submission?
- Are there distributed backup mechanisms that enable an MPC protocol to hold long-term confidential state at reasonable cost?
- What is the best way to integrate MPC functionality and the rest of the IC?
- Which language should developers use to specify their MPC functionality, and how can such a specification be realized with general purpose MPC protocols?
- Can high importance tasks, e.g. key management, be solved efficiently with special purpose MPC?
- How can developers specify certain data to be confidential and how will the interaction with public data work? How can users verify an MPC protocol will keep data confidential?
- Are there additional features, e.g., differential privacy that can complement MPC functionality?
- Do the MPC protocols offer post-quantum confidentiality? (see post-quantum initiative)
Related work and initiatives: The IC already uses a few MPC protocols, e.g., threshold BLS signatures. As part of Bitcoin integration, the Foundation has developed a threshold ECDSA signing protocol. Functionality used in the threshold ECDSA protocol could be used more broadly to do MPC relating to cryptographic operations in cyclic groups. The Security Proofs and Post-Quantum Security initiatives are also closely aligned.
Expertise and skills: Cryptography to construct MPC protocols and prove they are secure, PL for domain specific MPC-friendly languages, perhaps Coding Theory for storage solutions. The Research team (chain key technology, formal security), Crypto Library team, and Consensus team will be among the contributors.
How the community can contribute: The project is suitable for collaboration with researchers in academia and elsewhere to find solutions to the research questions. Community input will be helpful on e.g. which type of confidential data are more common and the confidentiality requirements for processing them, e.g., GDPR compliance concerns.
What we are asking the community:
- Review comments, ask questions, give feedback
- Vote accept or reject on NNS Motion
- Participate in technical discussions as the motion moves forward