IEEE 2842-2021 pdf download

IEEE 2842-2021 pdf download.IEEE Recommended Practce for Secure Mult-Party Computaton
4. MPC overview
MPC is a technology that allows a set of parties to jointly compute on their data without any information leakage beyond the computation result. It reduces information leakage and enhances trust and security in big data analysis effectively and can be used for data protection in many kinds of data collaboration scenarios. It is a kind of technology that could build confidence and security in data collaboration and big data analysis. It solves a data protection problem if implemented properly with proper security controls and proper trust models.
Figure 1 shows the schematic of MPC. The “MPC Protocol” in the center is developed per specifc application scenario, such as auction scenario in which every bidder does not want others to know his/her bid price. Every bidder inputs their own price to MPC protocol, MPC protocol outputs the result who win the auction to every participant individually after the computation is fnished but does not reveal anybody’s price. Compared to the traditional solutions, there is no need to tell a third party every bidder’s price, which protects bidders’ information security effectively. MPC is decentralized, and no single trusted third party is required. In this way, trust and security are established between peer-to-peer parties, because no one has privilege.
5. Security of MPC protocols
5.1 Fundamental requirements
The two fundamental requirements that shall be met by MPC protocols are input privacy and result correctness. The input privacy requirement helps ensure the security of input information. The result correctness helps ensure protocol’s accuracy. The following applies:
— Input privacy for an MPC protocol means that none of the participating parties can learn any information beyond the computation result.
— Result correctness for an MPC protocol means that if the protocol outputs a result (another case is that the protocol aborts), then it is lossless compared to the result obtained in the plaintext-manner.
5.2 Optional requirements
Apart from the above fundamental requirements, MPC protocols may exhibit other properties, such as fairness, guaranteed result delivery, and the probability to catch deviation, relating to its parameters and processes. The following applies:
— Fairness means that if corrupted parties receive output then so do the honest parties.
— Guaranteed result delivery means that corrupted parties cannot prevent the honest parties from receiving result.
— The probability to catch deviation means that if a corrupt party deviates from the protocol, then the other honest parties have a certain probability of catching the corrupt party.
5.3 Security model MPC security model is defined in two dimensions: adversary model and corruption. In industry scenarios, MPC security model is usually defined in two dimensions: adversary model and corruption threshold.
5.3.1 Adversary model Adversary models are as follows:
— A1: Semi-honest adversary Semi-honest adversaries will follow the exact prespecifed protocol, but they will try to learn as much as possible from the information observed. In all MPC application scenarios, MPC protocols shall satisfy the two fundamental requirements specifed in 5.1 against semi-honest adversaries.
— A2: Malicious adversary Malicious adversaries may take any action, such as deviating from the protocol or colluding with others during the protocol execution. In some MPC application scenarios with malicious adversaries, MPC protocols shall satisfy the two fundamental requirements specifed in 5.1 against malicious adversaries.
In practice, MPC participants need to decide the proper adversary model based on the application scenario, and further choose an applicative MPC protocol which shall satisfy the two fundamental requirements specifed in 5.1 when facing these adversaries.
An alternative adversary model is the covert adversary model. A covert adversary has the property that may deviate arbitrarily from the protocol (just like the malicious adversaries), but do not wish to be “caught” by certain probability. That is, a covert adversary has a desire to deviate from the protocol, but if the probability that malicious actions will get caught exceeds a certain threshold, then the adversary will follow the protocol for fear of being caught. The reason to introduce the covert model is that in many applications, there exist participants that could not be expected to act semi-honestly but defending against malicious adversaries will incur too much performance overhead that is unacceptable. In practice, extra work is needed to decide a proper threshold.IEEE 2842 pdf download.IEEE 2842-2021 pdf download