Keeping Data Secret, Even From Apps That Use It

Private-key encryption could be more secure if no one had to admit knowing it.

Corporate datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets.

In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called Multi-Party Computation (MPC).

The idea behind MPC is to allow two parties who have to collaborate on an analysis or computation to do so without revealing their own data to the other party. Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments.

The Danish/British team revamped an MPC protocol nicknamed SPDZ (pronounced “speeds”), which uses secret, securely generated keys to distribute a second set of keys that can be used for MPC encryptions.

MPC is similar in concept to the “zero knowledge proof” – a set of rules that would allow parties on one end of a transaction to verify that they know a piece of information such as a password by offering a different piece of information that could be known only to the other party. The technique could allow secure password-enabled login without requiring users to type in a password or send it across the Internet. Like many other attempts at MPC, however, SPDZ was too slow and cumbersome to be practical.

“We have demonstrated our protocol to various groups and organizations across the world, and everyone is impressed by how fast we can actually perform secure computations,” according to a statement from Nigel Smart, professor of cryptology at the University of Bristol. (PDF of the paper)

The big breakthrough, according to Smart, was to streamline SPDZ by reducing the number of times global MAC keys had to be calculated in order to create pairs of public and private keys for other uses. By cutting down on repetitive tasks, the whole process becomes much faster; because the new technique keeps global MAC keys secret, it should also make the faster process more secure.

The paper is scheduled to be presented Sept. 9 at the European Symposium on Research in Computer Security. The University of Bristol is already working on a way to commercialize it.


Image: andrey_l