Protecting Privacy with Secure Multi-Party Computation

Photo: Shutterstock

Strong encryption is a pillar of data privacy. However, while encryption can secure data in transit and at rest, to put data to use at some point it needs to be decrypted, and in that moment it becomes vulnerable. Enter Secure Multi-Party Computation (MPC), which provides the ability to compute values of interest from multiple encrypted data sources without any party having to reveal their private data. MPC is often conceptually thought of as the equivalent of sending encrypted data to a trusted third-party who would return the desired result. As third-party trust is not high these days (if it ever was), with a stream of recent news stories alerting us to data breaches at various institutions, MPC could be the key to providing access to  data while providing strong privacy protection.

MPC is a general concept that can be implemented using different protocols, such as secret sharing, in which sensitive data from each party is divided and distributed as random, encrypted “shares” among the parties, that when ultimately combined, provide the desired statistical result. The underlying data of any of the parties, if intercepted, would prove useless. While it may sound like magic, MPC has been a theoretical possibility for some time, and has been in real-world use for nearly a decade since its first practical application in—of all places—the calculation of prices for the Danish sugar beet market. In this instance, farmers didn’t want to reveal the price they were willing to sell beets at, as this would disclose too much about their economic position. As a solution, through an application, each farmer privately submits the price at which they were willing to sell, and an MPC protocol calculates the final market-clearing price. At no time is any sensitive data exposed. The past few years have seen the most significant advances in making MPC’s use more wide-scale. Since 2015, MPC has been used to evaluate gender pay disparities in Boston, detect tax fraud in Estonia, and prevent satellite collisions.

MPC could have a large impact in a number of areas, from strengthening online protection of personal data, to unlocking the volumes of health data that are currently inaccessible for study due to privacy concerns. Being able to bring together sensitive data that the government holds among dispersed sources also presents enormous analytic opportunities. As taxpayers, we all have an interest in government working more effectively and efficiently. A recent Commission on Evidence-Based Policymaking report highlights the need for better data in that effort, but with more attention payed to privacy protection than in the past. The report calls for an end to traditional, centralized databases, instead moving to temporary links of data for statistical purposes—something that would be possible with a high level of privacy-protection using MPC. Government-funded DARPA research into MPC has been ongoing, and the recently introduced Student Right to Know Before You Go Act proposes the use of MPC to provide higher education outcome metrics while protecting student privacy.

Depending on the MPC protocol design and the number of parties involved, computing power and bandwidth use can still be potential constraints, but efficiency gains in those areas will likely continue. A larger issue with MPC’s more widespread use is that it is not something easily developable by non-experts. However, initiatives such as IARPA’s HECTOR program could eventually put cryptographic advances like MPC in the hands of end users as a coding language or toolkit, potentially making MPC the next stage in privacy protection.


Christopher Sadler is the Education Data and Privacy Fellow at New America’s Open Technology Institute.