[dbatten]

Secure Multi-party Computation.

The basic idea is developing methods for two (or more) parties with sensitive data to be able to compute some function of their data without having to reveal the data to one another.

The classic example is developing an algorithm that allows two people to figure out who is paid more without either revealing what their salary is.

Such algorithms get significantly more complicated if the threat model starts changing from "we're all acting in good faith, but we just don't want to share this private info" to "I'm not sure some of the people involved in this are acting in good faith."

Based on my (admittedly limited) look into this field, it seems like there has been some theoretical progress made here, but there's nothing like a generalized framework or library for general development with it. Instead, practical applications seem to be one-offs. For example, a contractor a while back developed a system that lets parties (nation-states or private space firms) figure out if their satellites are going to run into each other without revealing anything about the location or orbit of their satellites. That way they don't share sensitive data, but they can move their satellites if they're on a collision course with somebody else.

Personally, I got interested in this when working for the government. I was working on an extremely cool data integration project (State Longitudinal Data System grant form US Department of Education) that basically went nowhere because we couldn't get over the legal hurdles to data sharing... If we didn't have to share data, but could still compute interesting statistics about the data, that would have been really cool.

[harias]

Has zero-knowledge proofs at its core as far as I know. Only a handful of universities teach it even. This was helpful when I was grazing the surface of MPC : https://github.com/rdragos/awesome-mpc

This video course too : https://www.cse.iitb.ac.in/~mp/crypto/mpc2017/

[dbatten]

This is an awesome resource, thank you.

[brownbat]

I'd second and generalize to basically any area of research into expanding or applying cryptographic protocols.

There was a fascinating area I read about in grad school focused on deniable database retrieval, an extension of oblivious transfer.

I've long forgotten the papers and they had some efficiency issues, but seemed like the work could be revolutionary if expanded to building routing networks that prioritize privacy and anonymity.

Smarter people than me can point out this is naïve or old or broken or limited in application or otherwise not worth pursuing. I thought it seemed fun at the time though.

[numbsafari]

This is a big deal.

If we can find ways to perform secure, multi-party computation, we could develop fully distributed computational, networking, and power delivery systems.

Your solar roof tiles could be, basically, CPUs or GPUs with embedded wireless networking.

[xtreme]

Can you elaborate why solar roof tiles need such intelligence, especially the secure part? I don't see what data they would need to hide.

[IpV8]

Distributed power electronics are inherently dangerous. If you have a surplus of power and your neighbor has a deficit, it is desirable for the two systems to communicate to send power from you to the neighbor. If a bad actor can leverage this system to tell everyone to send all of their power to the grid, they could easily damage the infrastructure in a very costly way.

[infogulch]

Ok so the grid (that knows everything already) commands every house what to do, using a pinned certificate to authenticate. What part of this needs to be zero knowledge?

[lgregg]

It's also important to point out the grid is archaic in many places and the knowledge isn't omnicompetent across the system. In the US, we have three major grids which are also connected to Canada's (which I can't speak too). [0] From my understanding, with an amateur interest, we know a lot about where those major grids connect but very little about the distributed nodes that make up the network; The Northeast Power Blackout of 2003 is a really great example of this. [1] Essentially, there was a grid failure that occurred in Ohio which overlapped into the other sections of the grid. In short, a wire contacted with a tree in Ohio which caused a cascading failure to NYC.

So, let's now bring IoT into the mix. You and I have smart houses, with smart solar tiles. John attacks our tiles plus all our neighbors and directs a major electrical spike towards our local substation. Now it's a physics question, where are all those joules of energy going? It's a heat problem and right now there is no way to dissipate that heat from the system which will melt our substation. Let's say our neighborhood is between several other neighborhoods and the main power station, we just killed a node and guess who else doesn't have access to power because they don't have tiles like we do.

That's the basic concept on why security and authenticity are important in relation to the energy grid. It would be nice if there was an effective way to dissipate an "electrical DDoS"? I'm not sure if it's called something else. If you're interested in the energy dissipation within the energy grid, this is a great question on SE. [2]

That all said, is also a major reason why the government is consistently freaking out about our power grid being hacked.

[0] https://en.wikipedia.org/wiki/Continental_U.S._power_transmi... [1] https://en.wikipedia.org/wiki/Northeast_blackout_of_2003 [2] https://electronics.stackexchange.com/questions/117437/what-...

[davidkuhta]

I'm imagining a world where all the solar roofs have a "Tron Tile" to protect the system.

[numbsafari]

It would create a truly distributed compute utility that was accessible to anyone within range of the network.

Individual tiles could store and compute and cooperate in a mesh network.

To make something like that feasible, it needs to be secure and reliable. In the privately-owned case, I want to ensure that an adversary who gains access to the “grid” can’t exploit it against me. Think of it as having a raspberrypi on the outside of your house where anyone could tamper with it.

In the public scenario, you would want users to be able to offload computational tasks to an ambiantly available computational resource. Some of that computation will need to be local, and for disaster planning reasons, would be helpful if distributed in nature. But, in order for Joe and Jane Schmoe to rely on such a resource, they would want to know that their data isn’t being stolen or shared with others.

[cloud_man]

An innovative project called Golem (golem.network) is working on distributed computational power with data privacy and verification. They seem to be ahead of the pack and think this could be the future of computing.

[petra]

Is secure multi-party computation efficient enough for such use-cases, i.e. shared compute ?

[pmarreck]

Isn't secure MPC also called "homomorphic encryption"?

Agreed, it is a very interesting area!

[tuxxy]

No, sMPC is seen as different from FHE (Fully Homomorphic Encryption). Some protocols utilize the partially homomorphic qualities of certain cryptosystems, e.g. Paillier for additive homomorphism.

I view both of these things as methods to perform secure computation on encrypted data. sMPC has a lot of applied research behind it while FHE has been mostly theoretical up until a decade ago. I think we'll see FHE catch up with sMPC soon here as there are technical limitations to sMPC systems that FHE doesn't have.

[cphoover]

I think HE falls in the superset of MPC theory but not synonymous.

[pmarreck]

They are equally-interesting!

I'd love to be able to play with some of these ideas in my current favorite (but alas not mathematically-speedy) language (Elixir), if anyone had any sort of intro guide to HE or MPC, would love to have a look

[screye]

Michael Jordan in a recent seminar talked about how they were developing a trade-off parameter that modelled privacy. By treating the trade-off parameter as a knob, you can control the trade-off between data quality and privacy compromise.

Similarly Google has started using methods like federated learning to learn from ML models without ever sending your data to the cloud.

The idea is certainly gathering traction, and it will be very interesting where this is going to from here.

[rtkwe]

> The classic example is developing an algorithm that allows two people to figure out who is paid more without either revealing what their salary is.

Is there actually any way to do that without leaking the salary? If Bob wants to know Alice's salary couldn't he just run the calculation multiple times with different numbers as his salary?

[lacker]

Often these algorithms involve information passing back and forth between the two parties, so Bob wouldn't be able to re-run the computation without Alice's help.

[nkrebs13]

There is a project chasing this that is pretty interesting in my opinion. Golem (crypto token $GNT). https://github.com/golemfactory/golem. Their project became open to the public a few months ago.

[ALee]

Isn't zcash and monero based on similar principles?

[sunnya97]

Check out this interview I did for the Epicenter Podcast with Enigma, a company building an MPC implementation, for a decent intro to what MPC is.

https://www.youtube.com/watch?v=ajAUByRZGWM

[deepGem]

This can also have an exponential impact on financial fraud and anti money laundering. Shared fraud data can significantly thwwart or hinder ongoing fraud rings and such. Banks do not share fraud data today precisely due to the lack of such an algorithm.

[Shinchy]

That sounds really cool, you don't happen to have any links to the Satellite Collision thing that guy put together?