TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Techniques, Tools, and Applications

TC：大型：协作研究：实用安全两方计算：技术、工具和应用

• 批准号: 1111781
• 负责人: David Evans
• 金额: $ 150万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-15 至 2018-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1111781&HistoricalAwards=false
• 关键词: TC; Large; Collaborative; Research; Practical

Many compelling applications involve computations that require sensitive data from two or more individuals. For example, as the cost of personal genome sequencing rapidly plummets many genetics applications will soon be within reach of individuals such as comparing one?s genome with the genomes of different groups of participants in a study to determine which treatment is likely to be most effective. Such comparisons could have tremendous value, but are currently infeasible because of the privacy concerns both for the individual and study participants. What is needed is a way to produce the result of the comparison without exposing either party's private inputs. The ultimate aim of this project is to make privacy-preserving computation practical and accessible enough to be used routinely in applications such as personalized genetics, medical research, and privacy-preserving biometrics.Theoretical solutions to this problem, known as secure multi-party computation, have been known for several decades, including a general solution developed by Andrew Yao based on garbled circuits. Because of its extensive memory use and computational cost, however, the garbled circuits approach has traditionally been considered more of a theoretical curiosity than a practical mechanism for building privacy-preserving applications. Recent developments in cryptographic techniques and new implementation approaches are beginning to change this, however, and admit the possibility of scalable, practical secure computation. This project is designing methods for avoiding the memory bottleneck associated with garbled circuit evaluation by aggressively pipelining circuit generation and evaluation, and exploring a variety of techniques for reducing the size of garbled circuits. Another issue the limits the use of secure computation in practice is the need for standard protocols to assume an honest-but-curious adversary who always follows the specified protocol. This project is developing new techniques for dealing with malicious adversaries, improving the standard cut-and-choose and commit-and-prove approaches by using new cryptographic tools and exploring an alternate model in which a verifiable trusted party generates the circuit but is not trusted with any private data. The project is also developing techniques to audit the information that can be inferred from the result of a secure computation. Another goal is to make secure computation more accessible to developers by developing programming tools for defining secure computations at a high level, based on information-flow analysis and program partitioning.

许多引人注目的应用程序涉及需要来自两个或更多个人的敏感数据的计算。例如，随着个人基因组测序的成本迅速下降，许多遗传学应用很快就会触手可及，例如将一个人的基因组与研究中不同参与者群体的基因组进行比较，以确定哪种治疗可能最有效。这种比较可能具有巨大的价值，但由于个人和研究参与者的隐私问题，目前还不可行。所需要的是一种在不暴露任何一方的私人输入的情况下产生比较结果的方法。该项目的最终目标是使隐私保护计算变得实用且易于访问，以便在个性化遗传学、医学研究和隐私保护生物识别等应用中常规使用。该问题的理论解决方案称为安全多方计算，已为人所知数十年，其中包括 Andrew Yao 开发的基于乱码电路的通用解决方案。然而，由于其大量的内存使用和计算成本，乱码电路方法传统上更多地被认为是一种理论上的好奇心，而不是构建隐私保护应用程序的实用机制。然而，密码技术和新实现方法的最新发展开始改变这一点，并承认可扩展、实用的安全计算的可能性。该项目正在设计方法，通过积极地流水线化电路生成和评估来避免与乱码电路评估相关的内存瓶颈，并探索各种减少乱码电路大小的技术。限制安全计算在实践中使用的另一个问题是标准协议需要假设一个诚实但好奇的对手始终遵循指定的协议。该项目正在开发处理恶意对手的新技术，通过使用新的加密工具改进标准的剪切和选择以及提交和证明方法，并探索一种替代模型，其中可验证的可信方生成电路但不受信任与任何私人数据。该项目还在开发技术来审核可以从安全计算结果推断出的信息。 另一个目标是通过开发基于信息流分析和程序分区的高级定义安全计算的编程工具，使开发人员更容易获得安全计算。