aspects of MPC
will make substantial
er entities and may require immense
computing power. When both of these
characteristics simultaneously apply,
the service provider has a large attack
surface and is well suited to being run
within a cloud computing datacenter.
Our pay equity software enables the
most powerful computing entity also to
be the least trusted. Our service provider
runs on Amazon Web Services to collect
and store encoded data; however, contributors can choose instead to entrust
the BWWC to protect the confidentiality of their data. We envision a future
in which cloud providers offer ‘secure
of MPC that decouple control over data
from computing power.
MPC research studies four types of
adversaries: semi-honest entities who
execute software as provided but may
attempt to glean information along the
way, covert adversaries who cheat only
if they are unlikely to be caught, rational adversaries who cheat as long as
the expected payout is larger than the
expected penalty if caught, and fully
malicious entities who perform any action necessary to breach the confidentiality or integrity of honest users.
We advocate for the MPC community to match cryptographic models of
adversarial behavior with the economic (for example, reputation-based) and
legal incentives that real-world users
face. A more accurate and fine-grained
characterization of risks can result in
a faster, simpler MPC protocol that
satisfies users’ needs. Our pay equity
project exposed delicate economic and
legal concerns whose impact upon risk
models should be explored further.
First, the existing risk models fail
to capture the subtlety of reputation-based economic incentives. In the pay
equity scenario, the analyzer and repository have the capacity to alter the
software to leak secrets; however, they
should not execute this capability due
to the long-term damage to their reputation and economic viability. Analogously to the differences between the
oneshot and iterated prisoner’s dilemma games, the rational model of MPC
provides an incomplete view because it
focuses on a single execution.
Second, MPC has a complex interconnection with the law. In our pay equity scenario, even if the BWWC could
somehow learn the contributors’ data
by cheating, it has a strong legal incentive not to acquire this data because
it could then be exposed to lawsuits.
Indeed, one of the major hurdles that
faced BWWC prior to their use of our solution was the unwillingness of any single entity (including a major local university, originally enlisted to perform
the study) to assume the liability in case
of leakage or loss of data entrusted to
them. Moreover, following MPC honestly may provide BWWC legal protections
afforded by following best practices or
by restricting data sharing. Hence, the
BWWC has a strong legal incentive to
act in a semi-honest manner. Conversely, appropriately written legal contracts
can enshrine MPC’s constraints (for
example, operating in the best interest
of another entity, or forbidding collusion between entities) with enforceable
civil penalties. We propose a greater examination of the implications of the law
upon MPC and vice versa.
We are convinced that the empowering
and enabling aspects of MPC will make
substantial contributions to data-driven
analysis and policymaking by enabling
individuals and organizations at all
levels to derive insights about their collective data without requiring that they
share that data, but only if the technology is accessible both conceptually and
technologically to a broad audience.
In this column, we proposed a four-pronged research agenda to make MPC
more usable along a variety of dimensions, increase its scalability for humans
and computers alike, assign respon-
sibilities that align with existing trust
relationships, and systematically understand the legal and economic risks
when trust is violated. These recommendations are informed by our prior work
deploying MPC to aggregate wage data
and compute pay equity metrics—work
that is, in the words of BWWC co-chair
Evelyn Murphy, “beginning to show how
to use sophisticated computer science
research for public programs.”15
1. Archer, D. W. et al. Maturity and performance of
programmable secure computation. IACR Cryptology
ePrint Archive, (1039), 2015.
2. Barlow, R. Computational thinking breaks a Logjam:
Hariri Institute helps address Boston’s male-female
pay gap. (Apr. 27, 2015); BU Today.
3. Bogdanov, D. et al. How the Estonian Tax and Customs
Board Evaluated a Tax Fraud Detection System Based
on Secure Multi-party Computation. Springer, Berlin,
Heidelberg, 2015, 227–234.
4. Boston Women’s Workforce Council Report 2016;
5. El Emam, K. et al. A secure protocol for protecting
the identity of providers when disclosing data for
disease surveillance. Journal of the American Medical
Informatics Association 18, 3 (May 2011), 212–217.
6. Gog, I. et al. Musketeer: All for one, one for all in
data processing systems. In Proceedings of the
Tenth European Conference on Computer Systems
(EuroSys), (2015), 2:1–2:16.
7. Hamlin, A. et al. Cryptography for big data security. In
Fei Hu, Ed., Big Data: Storage, Sharing, and Security.
CRC Press, May 2016.
8. Lapets, A. et al. Secure Multi-Party Computation for
Analytics Deployed as a Lightweight Web Application.
Technical Report BUCS-TR-2016-008, CS Dept.,
Boston University, July 2016.
9. Lindell, Y. and Pinkas, B. Secure multiparty computation
for privacy-preserving data mining. The Journal of
Privacy and Confidentiality 1 (2009), 59–98.
10. McSherry, F. et al. Scalability! But at what COST?
In Proceedings of the 15th Workshop on Hot Topics in
Operating Systems (HotOS XV), Kartause Ittingen,
Switzerland (May 2015). USENIX Association.
11. 100% Talent: The Boston Women’s Compact; http://
12. Shen, E. et al. Cryptographically secure computation.
IEEE Computer 48, 4 (2015), 78–81.
13. Signers of 100% Talent: The Boston Women’s
14. Volgushev, N. et al. DEMO: Integrating MPC in big
data workflows. In Proceedings of CCS 2016: The
23rd ACM SIGSAC Conference on Computer and
Communications Security, 2016.
15. Will Data Help Close The Gender Pay Gap?; http://
16. Yung, M. From mental poker to core business: Why
and how to deploy secure computation protocols?
In Proceedings of the 22nd ACM SIGSAC Conference
on Computer and Communications Security, CCS ’15,
Azer Bestavros (firstname.lastname@example.org) is Professor of Computer
Science and Founding Director of the Hariri Institute for
Computing at Boston University.
Andrei Lapets (email@example.com) is a Research Scientist
and Director of Research Development at the Hariri
Institute for Computing at Boston University.
Mayank Varia (firstname.lastname@example.org) is Research Scientist
and Co-Director of the Center for Reliable Information
Systems and Cyber Security at the Hariri Institute for
Computing at Boston University.
This material is based upon work supported by the
National Science Foundation under Grants No. 1414119
Copyright held by authors.