Secure Multi-Party Computation (SMPC) is an important subset of cryptography. It has the potential to enable real data privacy. SMPC seeks to find ways for parties to jointly compute a function using their inputs, while keeping these inputs private.
Shamir’s Secret Sharing Scheme:
To understand SMPC, we must first understand Shamir’s Secret Sharing Scheme. The Scheme’s purpose is to divide and distribute one secret value over several nodes or users, so that no one knows anything about the secret value. To retrieve the secret value, a minimum quorum of users must pool their data together.
Shamir’s Secret Sharing Scheme can also be used to perform computations on a secret shared value. When we group together the results of each user’s computations on their respective pieces of data, we arrive at the outcome of the computation — without knowing the secret inputs.
To better understand this concept, let’s use a simple example: a secret number that is larger than 1000, a hundred users within a system, and a quorum of 10 users.
Each user is given a unique number between 100 and 199.
Since the minimum quorum requirement is 10 users, any time a group of 10 or more people come together, their combined numbers, x, will reveal the secret ( x > 1,000 ) without revealing any person’s individual number.
Secure Multi-Party Computation on Personal Data
Now, instead of using a number, let’s say the ‘secret’ is a user’s personal data.
SMPC works in much the same way: the personal data is split into several, smaller parts, each of which is masked using cryptographic techniques. Next, each small, encrypted piece of data is sent to a separate, independent server, so that each server only contains a small part of the data.
An individual or organization looking to discover the ‘secret’ (i.e., uncover the personal data) will need to aggregate the encoded data. Additionally, it will be possible to perform computations based on the personal data, by requiring each server to perform computations on its small part of the data, without disclosing the data.
Implications for Privacy
People have recently started demanding that governments and companies safeguard their personal information more proactively, especially financial, health, demographic, or other sensitive information. Large organizations are now looking to maintain their customers’ trust by being responsible guardians of their personal data.
In these circumstances, SMPC’s combination of encryption, distribution, and distributed computation can have a profound impact on data privacy and security.