Recent academic research is advancing the development of an information security technique aimed at enhancing data protection for various types of online interactions.
The method, called secure multi-party computation (SMC), involves the use of cryptography and enables two or more participants to conduct transactions or make computations while keeping certain information, such as competing bids, secret from each other.
Experts say SMC will provide solutions for applications such as private bidding and auctions, distributed voting, sharing of signature or decryption functions and private information retrieval.
"I'm convinced that SMC will be very significant in information security in the future," says Ivan Damgård, professor at the computer science department of Aarhus University in Denmark. "It will not solve the problems we have with viruses, phishing and the like," Damgård says. But it will enable "a whole new range of applications related to electronic implementations of trading, negotiations, auctions, procurement, database management, etc.," he says.
Such applications require that confidential data from several parties — for example, bidders for a contract — be combined to compute some result, such as who wins the contract, Damgård says. "Conventional approaches to implementing such mechanisms [require] you to rely on a trusted third party, which is often an expensive or infeasible solution," he says. "SMC allows us to dispense with this altogether and do the whole thing automatically in software."
Damgård and his research group in 2008 conducted what it calls the first large-scale and practical application of SMC, creating a secure system used by Danish farmers to trade contracts for sugar beet production on a nationwide market.
The system "allowed us to ensure that each bid submitted to the auction was kept encrypted from the time it left the bidder's computer, [that] no single party had access to the bids at any time," according to a paper the group submitted at the 2010 Financial Cryptography and Data Security conference. "Nevertheless the system could efficiently compute the price at which contracts should be traded."
Damgård says he thinks the technology can be developed commercially, and he is part of a group that formed a company in Denmark called Partisia with the aim of commercializing the SMC approach.
Researchers at the University of Bristol in the United Kingdom are also working on the development of SMC, and at the Asiacrypt 2009 security and cryptology conference in Tokyo in December they presented a paper describing new advances they've made.
"Our work took a very old protocol from the 1980's called the Yao Protocol and we implemented it, tuned it and improved the performance a lot," says Nigel Smart, a professor in the Department of Computer Science at the University of Bristol. "The Yao Protocol is a 'classical' result in theoretical cryptography, and theoretical computer science in general, hence doing it for real is quite a big thing."
The Bristol group in its research demonstrates that securing two-party computation against malicious adversaries is practical, and makes several technical improvements over earlier SMC techniques that will ultimately make SMC more effective and less costly, Smart says.
Smart sees applications of the technology in areas such as searching encrypted databases. "You split the database into parts and then perform the search using [multi-party computation]," he says. "This would enable companies to outsource databases to cloud providers without introducing security risk by using third parties."
Bob Violino is a writer based in Massapequa Park, NY, who covers business and technology.
No entries found