Content deleted Content added
m Correct typo from my previous edit. |
This article has LOTS of references. Moved the "more citations" blocks to just the sections that needed them. |
||
Line 1:
{{short description|Subfield of cryptography}}
'''Secure multi-party computation''' (also known as '''secure computation''', '''multi-party computation''' ('''MPC''') or '''privacy-preserving computation''') is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private.<ref>{{cite web |last1=Evans |first1=David |last2=Kolesnikov |first2=Vladimir |last3=Rosulek |first3=Mike |title=A Pragmatic Introduction to Secure Multi-Party Computation |url=https://securecomputation.org/docs/pragmaticmpc.pdf |website=securecomputation.org |access-date=19 October 2024 |language=en-us |date=2018|archive-url=https://web.archive.org/web/20240812213844/https://securecomputation.org/docs/pragmaticmpc.pdf|archive-date=2024-08-12}}</ref> Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants (an eavesdropper on the sender and receiver), the cryptography in this model protects participants' [[privacy|privacy]] from each other.
Line 21 ⟶ 20:
== Definition and overview ==
{{unreferenced section|date=October 2024}}
In an MPC, a given number of participants, p<sub>1</sub>, p<sub>2</sub>, ..., p<sub>N</sub>, each have [[information privacy|private data]], respectively d<sub>1</sub>, d<sub>2</sub>, ..., d<sub>N</sub>. Participants want to compute the value of a public function on that private data: F(d<sub>1</sub>, d<sub>2</sub>, ..., d<sub>N</sub>) while keeping their own inputs secret.
Line 37 ⟶ 38:
== Security definitions ==
{{More citations needed section|date=October 2024}}
A multi-party computation protocol must be secure to be effective. In modern cryptography, the security of a protocol is related to a security proof. The security proof is a mathematical proof where the security of a protocol is reduced to that of the security of its underlying primitives. Nevertheless, it is not always possible to formalize the [[cryptographic protocol]] security verification based on the party knowledge and the protocol correctness. For MPC protocols, the environment in which the protocol operates is associated with the Real World/Ideal World Paradigm.<ref name="BPW">Michael Backes, Birgit Pfitzmann, and Michael Waidner. "[https://link.springer.com/chapter/10.1007/978-3-540-24638-1_19 A general composition theorem for secure reactive systems]." In Theory of Cryptography Conference, pp. 336-354. Springer, Berlin, Heidelberg, 2004.</ref> The parties can't be said to learn nothing, since they need to learn the output of the operation, and the output depends on the inputs. In addition, the output correctness is not guaranteed, since the correctness of the output depends on the parties’ inputs, and the inputs have to be assumed to be correct.
Line 62 ⟶ 63:
== Protocols ==
{{More citations needed section|date=October 2024}}
There are major differences between the protocols proposed for two party computation (2PC) and multi-party computation (MPC). Also, often for special purpose protocols of importance a specialized protocol that deviates from the generic ones has to be designed (voting, auctions, payments, etc.)
| |||