Scientists in Bristol and Denmark have made a cryptography breakthrough that may boost the security of cloud computing environments.
Multi-party computation (MPC) is a subset of cryptography that enables two or more people to compute any function choosing secret inputs, without actually revealing the contents of those inputs to either party.
The idea was developed by a team of researchers from the Department of Computer Science at University of Bristol and Aarhus University in Denmark. The teams are working on developing a practical implementation protocol for MPC called SPDZ (pronounced “speeds”).
Using the SPDZ protocol, the team can now compute complex functions in a secure manner, enabling possible applications in the finance, drugs and chemical industries where computation often needs to be performed on secret data.
The protocol uses what is called a message authentication code (MAC) on sensitive data. This data is shared among all parties on either end of a transaction. This MAC can only be verified when all parties reveal information that can only be known to others.
In cloud computing, a customer could divide sensitive data among several cloud providers. As long as there was no collusion between them, those providers could not glean any information about the customer’s data. When data eventually needs processing, MPC could be run to carry out secure computation and send the data back to the customer to rebuild.
“We have demonstrated our protocol to various groups and organisations across the world, and everyone is impressed by how fast we can actually perform secure computations,” said Nigel Smart, Professor of Cryptology in the University of Bristol’s Department of Computer Science and leader on the project, via a statement.
“Only a few years ago such a theoretical idea becoming reality was considered Alice in Wonderland style over ambitious hope. However, we in Bristol realised around five years ago that a number of advances in different areas would enable the pipe dream to be achieved. It is great that we have been able to demonstrate our foresight was correct.”
Bristol PhD student Peter Scholl from the Department of Computer Science will present the research paper at the 18th European Symposium on Research in Computer Security (ESORICS 2013).
The University of Bristol is now starting to consider commercialising the protocol via a company Dyadic Security, co-founded by Professor Smart and Professor Yehuda Lindell from Bar-Ilan University in Israel.
