NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

By Byron V. Acohido

Encryption is a cornerstone of digital commerce. But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things.

Related: A ‘homomorphic-like’ encryption solution

We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it.

Math geniuses and data scientists have been trying to solve this problem for more than half a century. It has only been in the past 10 years or so that commercial versions of homomorphic encryption, which I’ve written about, have slowly gained traction. Another solution is something called Multi Party Computation, or MPC, which I was unfamiliar with when heading to RSA 2020 recently.

I had the chance to visit with Nigel Smart, co-founder of Unbound Tech, a company which uses MPC technology to solve the problem of private key protection and key management. The company, based in Petach Tikvah, Israel, addresses the problem via a “virtual Hardware Security Module” as opposed to the traditional method of using physical infrastructure. Smart told me about how MPC has attracted the attention of the cryptocurrency community, in particular the purveyors of crypto currency exchanges and the suppliers of digital wallets.

And he explained how advanced encryption technologies, like MPC and homomorphic encryption, are on the cusp of enabling much higher use of the mountains of data hoarded in cloud storage by companies and governments. For a full drill down on our discussion, give the accompanying podcast a listen. My big takeaways:

MPC 101

Computational theorist Andrew Chi-Chih Yao, of China, dreamed up multiparty computation in 1986, but it wasn’t until the early 2000s that algorithm advances and computing costs made MPC practical. Put simply, MPC is a computing protocol that allows two or more parties to jointly compute a function — without ever decrypting any data supplied by any of the parties. Smart, a computer science professor at KU Leuven, in Flanders, Belgium, explained it to me this way:

Smart

“Imagine that I’ve split the secret number seven into four plus three, and I’ve put the number three in Washington and the number four in Berlin. The person at the computer in Washington and the person at the computer in Berlin engage in a protocol to evaluate a cryptographic function — as if the number seven existed. But no one ever sees the number seven. It’s magic; it’s like the number seven disappeared from reality.”

One practical use of MPC is to improve the Public Key Infrastructure (PKI). PKI is the authentication and encryption framework on which the Internet is built. PKI revolves around the distribution of digital certificates, and the associated use of public and private encryption keys.

For example, when you click to Amazon.com, two different cryptographic keys are used: a public key and a private key. The public key assures you, the user, that you’re clicking to the authentic, certified Amazon site; and it also encrypts any data you transmit to, and receive from, Amazon. The corresponding unique private key is used by Amazon to decrypt data incoming from you, thus assuring that your data has not been tampered with.

Pain points

The trouble with this arrangement is that private keys have become cumbersome to manage, not to mention they can be stolen or spoofed. Amazon might do a great job with key management. But encryption keys are used everywhere, to authenticate websites transmission, and also to authenticate all types of human-to-machine, as well as machine-to-machine, connections.

MPC provides a much more efficient and scalable way to disperse private keys, by scattering the computations that invoke any given key. Smart described for me how an “entwined protocol”  allows the compute function to take place this way. “It’s counter intuitive,” he says. “It’s weird, weird stuff.”

So how, exactly, does MPC improve the use of PKI? Smart pointed to early adopters in the crypto currency sector. When buying or trading Bitcoin, or any other crypto currency, certificates and keys come into play, authenticating and encrypting communications between any two parties.

Two big pain points invariably come into play: to ensure security crypto exchanges often use so-called cold storage wallets, where the keys are not kept live within a system, making transactions agonizingly slow to execute; and losing the key to such a cold storage wallet, can mean a total loss.

MPC streamlines the process, while also making crypto transactions more secure and resilient, Smart told me.

“For the crypto currency exchanges, if you want to change your Bitcoin into dollars, this can often take hours or days,” Smart says. “Using secure MPC instantiations, many of these crypto exchanges have speeded up the transaction times from days to minutes, allowing for a higher volume of transactions.”

Securing private data

Improving crypto currency services is just one of many potential uses for MPC. In fact, there is a potential for advanced encryption systems, in general, to crack open a whole new world of cloud computing and IoT-enabled services.

Companies and governments have spent the past two decades amassing oceans of personal and operational data, much of it now stored via Amazon Web Service, Microsoft Azure and Google Cloud. More data is coming as 5G and IoT usage climbs. Right now cloud-stored data has to be downloaded and decrypted in order to conduct a search or do any sort of analytics.

But what if searches and data analytics could be done in the cloud, without ever decrypting – and, thus, exposing the underlying data? This would comply with data privacy regulations, like Europe’s GDPR and California’s CPPA. And it would open up new areas of data mining.

There is thus the potential to address global concerns. I can imagine a day when medical researchers are able to query HIPAA-protected data sets to help reign in a global pandemic, for instance, or share scientific findings and demographic data across borders to capture criminals or solve hunger.

At the moment, MPC and Homomorphic Encryption vendors are pursuing solutions relating to financial auctions and compliance with data handling regulations. Meanwhile, Unbound is pursuing partnerships to explore hybrid solutions.

“The buzz is ‘How do we secure private data?’ ” Smart says. “There are a lot of drivers for use of MPC across the entire spectrum, not just with cryptographic keys, but with anything to do with data.”

It’s true, encryption can be a very dense topic. But it is also a bellwether. These advances could signal the coming of disruptive change for the greater good. I’ll keep watch.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone