Brief Announcement: Federated Code Auditing and Delivery for MPC

• Published in: Stabilization, Safety, and Security of Distributed Systems Vol. 10616; pp. 298 - 302
• Main Authors: Jansen, Frederick, Albab, Kinan Dak, Lapets, Andrei, Varia, Mayank
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2017; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Content delivery; Secure multi-party computation; Web security
• ISBN: 9783319690834; 3319690833
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-69084-1_20

Secure multi-party computation (MPC) is a cryptographic primitive that enables several parties to compute jointly over their collective private data sets. MPC’s objective is to federate trust over several computing entities such that a large threshold (e.g., a majority) must collude before sensitive or private input data can be breached. Over the past decade, several general and special-purpose software frameworks have been developed that provide data contributors with control over deciding whom to trust to perform the calculation and (separately) to receive the output. However, one crucial component remains centralized within all existing MPC frameworks: the distribution of the MPC software application itself. For desktop applications, trust in the code must be determined once at download time. For web-based JavaScript applications subject to trust on every use, all data contributors across several invocations of MPC must maintain centralized trust in a single code delivery service. In this work, we design and implement a federated code delivery mechanism for web-based MPC such that data contributors only execute code that has been accredited by several trusted auditors (the contributor aborts if consensus is not reached). Our client-side Chrome browser extension is independent of any MPC scheme and has a trusted computing base of fewer than 100 lines of code.