Introduction to Privacy Enhancing Technologies by Carlisle Adams

Author:Carlisle Adams
Language: eng
Format: epub
ISBN: 9783030810436
Publisher: Springer International Publishing

7.2.4 Disadvantages, Limitations, and Weaknesses

Notwithstanding all the remarkable strengths of MPC mentioned in Sect. 7.2.3, it is critically important to recognize that MPC secures the process of multi-party computation, but it does not secure the inputs to that process. In particular, adversarial parties may input any values that they wish, and there is no general way to prevent this. For example, if Alice and Bob want to run a private set intersection protocol to see what customers they have in common, a malicious Alice could input a list that contains none of her actual customers; if the protocol produces an intersection, Alice will learn some of Bob’s customers without revealing any of her own customers to him. Therefore, if the security of an application depends on every party using correct inputs, additional mechanisms (external to MPC ) will have to be used to ensure this; such mechanisms may be non-trivial, may not be guaranteed to work, and may incur significant costs.

Similarly, it is equally critically important to recognize that MPC secures the process of multi-party computation, but it does not secure the outputs of that process. The output result of the function being computed may inadvertently reveal some sensitive information that cannot be protected by MPC . For example, if Alice and Bob use a secure two-party protocol to compute the average of their salaries, clearly each party, knowing his/her own salary and the average, will immediately be able to compute the exact salary of the other (even though the 2PC protocol itself might hide the other party’s input with information-theoretic security). As another simple example, if Bob is evaluating a garbled AND gate and his input is a “1”, then the true gate output will immediately reveal Alice’s hidden input even though the share she gave him was information-theoretically secure during the protocol: a gate output of “0” means that her input was “0”, and a gate output of “1” means that her input was “1”. Thus, in any given environment, it is important to decide what functions should and should not be computed using MPC , based on overall privacy concerns.

Lastly, as noted by Lindell in (Lindell 2020), it is important to remember that the feasibility results for MPC are proven under specific models and under cryptographic hardness and/or settings assumptions. As with all cryptographic algorithms and protocols, any violation of these assumptions in a real implementation risks nullifying the expected security guarantees.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.