EP-4062581-B1 - MULTIPARTY COMPUTATION METHOD

Inventors

• GIACOMELLI, Irene
• DI RAIMONDO, Mario
• CATALANO, DARIO
• LI PUMA, Laura
• RICCI, Valeria
• GIORGETTI, Roberto

Dates

Publication Date

20260513

Application Date

20201118

Claims (7)

1. A method, performed by one or more data processing units (1, 2), for multi-party computation for processing and secure handing of a plurality of data associated with one or more users, said method comprising the steps of: - providing a predetermined multi-party computation algorithm - sending, for at least one user, at least one first dataset to a first data processing unit (1) comprising a first server (1a), a second server (1b) and a third server (1c) in signal communication with one another and configured to provide secure and encrypted handling of each first dataset via a respective second data processing unit (2) of one or more second processing unit (2) distinct from said first data processing unit (1) and in signal communication with said first data processing unit (1); each first dataset being associated with said user and comprising one or more encrypted numerical values; - processing each first dataset thus sent with at least one reference function residing in said first data processing unit (1) to generate a respective encrypted result for each reference function; - requesting said first data processing unit to send said result via a second data processing unit of the one or more second processing unit (2) - sending said result via the first data processing unit (1) to said second data processing unit (2 ) which requested it to be sent; the step of sending said first dataset comprises the substeps of: - detecting the presence of decimal numerical values and integer numerical values between said numerical values of said first dataset; - associating mantissa and an exponent of a floating-point representation with each decimal numerical value that has been detected; - encrypting each integer numerical value and each mantissa using said predetermined multi-party computation algorithm. wherein said predetermined multi-party computation algorithm executes a first sub-protocol comprising a protocol by Araki, configured to perform integer encryption and linear combination and multiplication operations between said encrypted integers and a second sub-protocol comprising a bit-decomposition protocol configured to perform comparison between encrypted integers; comprising the steps of: - Preprocessing wherein the servers (1a, 1b, 1c) are put in signal communication and perform mutual control on the reference parameters such as reference functions, during preprocessing, the servers being synchronized using a global key for each server, each global key being sampled by a set associated with a public security parameter and associated with the second data processing unit (2) in communication with the first data processing unit 1 (1); - Secret-sharing wherein each user encrypts the first dataset associated therewith and sends the first dataset to the data processing unit (2), the step of secret-sharing being based on the replicated secret-sharing wherein a pseudo-random encryption function the Advanced Encryption Standard function, receiving each global key at its input, and defining a set of secure values that can be selected to generate a triplet x1, x2, x3 under the condition x1+x2+x3=0 mod 2 k , the random triplet being used by each user to encrypt the first dataset with which it is associated to send it to the data processing unit (2), during secret-sharing each numerical value v in a first dataset is sent as a1=x3-v, a2=x1-v, a3=x2-v in a loop to the first server (1a), the second server (1b) and the third server (1c) respectively, with the values of the triplet x1, x2, x3, in this way once encryption has been completed, each second data processing unit (2) sending a pair of values to each server and namely: ∘ the pair of values a1, x1 to the first server 1a, ∘ the pair of values a2, x2 to the second server 1b, ∘ The pair of values a3, x3 to the third server 1c; - Secure computation: assuming that the servers (1a, 1b, 1c) have received the first datasets that have been sent, each user may request evaluation/execution of the reference functions each server (1a, 1b, 1c) executing linear combinations and multiplications according to the reference function, with the bit-decomposition protocol secure comparison being performed, with a numerical value compared to a reference value, namely zero in a less-than-zero comparison wherein the bit-decomposition protocol: - determine whether a value A is less or more than zero; - determine whether a value A is less or more than another value B, and determine whether their difference is less or more than zero, - determine whether a value A is equal to a value B; the predetermined multi-party computation algorithm being configured to execute a third sub-protocol to perform encryption of integers and decimal numbers, and linear combination, multiplication, and comparison operations on integer and decimal numbers, the linear combination, multiplication, and comparison operations is configured to sum, subtract, multiply, divide and compare the relevant encrypted and unencrypted numbers, such operations being carried out using the above mathematical formulas in association with the steps of executing the predetermined multi-party computation algorithm in each server (1a, 1b, 1c), the third sub-protocol defining the random triplet x1, x2, x3, and associates a mantissa and an exponent with a detected decimal number, thus, once encryption has been completed, the third sub-protocol sending the exponent along with the pairs of values, the third sub-protocol being configured to send the following values to each server (1a, 1b, 1c) via the second data processing unit (2): ∘ x1, a1, e to the first server 1a, ∘ x2, a2, e to the second server 1b, ∘ x3, a3, e to the third server 1c.
2. The method for multi-party computation as claimed in claim 1, characterized in that it comprises a step of: - providing said first data processing unit (1) configured to: - receiving said first datasets; - processing each first dataset according to said at least one reference function to generate a respective result for each reference function; - executing said predetermined multi-party computation algorithm residing in said first data processing unit. - sending said result to said second data processing unit (2) which requested it to be sent.
3. The method for multi-party computation as claimed in claim 1 or 2, wherein the step of processing each first dataset comprises the substeps of: - sharing each exponent with each of said first (1a), second (1b) and third (1c) servers while keeping said exponent in plain form, - dividing the encrypted numerical values and encrypted mantissas of each first dataset among the servers (1a, 1b, 1c) according to said predetermined multi-party computation algorithm.
4. The method for multi-party computation as claimed in claim 3 wherein the step of processing each first dataset comprises the following additional substeps, to be carried out sequentially or in parallel as a function of the method of multi-party computation: - executing said predetermined multi-party computation algorithm in each server (1a, 1b, 1c) to linearly combine the numerical values, the mantissas and the exponents that have been sent to said first data processing unit according to the at least one reference function; - executing said predetermined multi-party computation algorithm in each server (1a, 1b, 1c) to multiply the numerical values, the mantissas and the exponents that have been sent to said first data processing unit according to the at least one reference function.
5. The method for multi-party computation as claimed in claim 3 or 4, wherein the step of processing each first dataset comprises the following additional substeps, to be carried out sequentially or in parallel as a function of the method of multi-party computation: - executing said predetermined multi-party computation algorithm in each server (1a, 1b, 1c) to securely compare the numerical values, the mantissas and the exponents that have been sent to said first data processing unit with a reference value; - executing said predetermined multi-party computation algorithm in each server (1a, 1b, 1c) to securely compare one or more numerical values, mantissas and exponents in first datasets associated with two distinct users; - executing said predetermined multi-party computation algorithm in each server (1a, 1b, 1c) to securely compare one or more numerical values, mantissas and exponents in first datasets associated with one user.
6. The method for multi-party computation as claimed in any of claims 1 to 5, characterized in that it comprises a step of decrypting the result that has been sent into said second data processing unit (2) according to said predetermined multi-party computation algorithm.
7. A multi-party computation system (100) for carrying out the method of multi-party computation as claimed in any of claims 1 to 6, comprising: - a first data processing unit (1) configured to: - receive a first dataset; - processing each first dataset according to a reference function and generating a respective result for each reference function; - executing a predetermined multi-party computation algorithm residing in said first data processing unit (1); - a second data processing unit (2) associated with each user and in signal communication with said first data processing unit (1); wherein said first data processing unit comprises a first server (1a), a second server (1b) and a third server (1c), each server (1a, 1b, 1c) being in signal communication with the others.

Description

Technical field The present invention relates to a method of secure and encrypted processing of a plurality of data provided by one or more users. In particular, the method of the present invention implements a series of steps that can optimize encryption of data sent by the users. The present invention further relates to a system that is able to carry out the steps of the multi-party computation method. Background art Multi-party computation (MPC) is known to be used in the state of the art for secure computation of known public functions on private data shared by a plurality of users. In particular, multi-party computation can define a system and a series of actions that a user must take to achieve the execution of a public function without disclosing his/her own data. Some prior art methods of multi-party computation are configured to perform computation on two servers following multi-party computation protocols such as the Yao Boolean protocol or the GMW arithmetic protocol. Multi-party computation methods are also known which are configured to perform computation on three servers, such as the Araki protocol as described in WO 2018211676 A1 and WO 2018211675 A1. Further prior art methods of multi-party computation use Beaver triples for data masking, such as the method disclosed in WO2019/046651 A1. On the other hand, Stephen Hardy et al "Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption" describes the use of a homomorphic encryption scheme with a public key. This scheme is obtained using two data providers, which receive a plurality of data and keep them secret, and a third element, i.e. a coordinator, configured to manage the public key. Problem of the prior art Therefore, the known methods are poorly applicable to real cases in which decimal numbers and complex functions are used, as they require high computational costs and times even for the simplest operations of addition and multiplication. It should be noted that the known methods such as the one described in Stephen Hardy et al "Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption", using a limited number of data providers (namely only two), reduce the overall security and privacy of managed data and affect the flexibility of the solution. This is because the scheme is obtained using two data providers, which receive a plurality of data and keep them secret, and a third element, i.e. a coordinator, which is configured to manage the public key and not homomorphic encryption or division of the received data. This solution does not envisage the use of any number of data providers or the possibility of carrying out encryption using an additive secret sharing scheme . Therefore, such methods do not provide secure access to the data and, therefore, computation thereon by a plurality of authorized users. Object of the invention The object of the present invention is to provide a method of multi-party computation that can obviate the above discussed drawbacks of the prior art. In particular, it is an object of the present invention to provide a method that can operate on a wide range of numerical values thereby optimizing computational costs and times. A further object of the present invention is to provide a computation system that can carry out the multi-party computation method. The aforementioned technical purpose and objects are substantially fulfilled by a method of multi-party computation for processing and secure handling of a plurality of data items associated with one or more users, that comprises the technical features as disclosed in one or more of the accompanying claims. Advantages of the invention Advantageously, the method disclosed herein ensures the privacy of data associated with users. Advantageously, the method disclosed herein can also operate with decimal numbers while reducing computational costs. Advantageously, the method disclosed herein provides security against passive attacks, i.e. passive security or security against honest-but-curious adversaries. BRIEF DESCRIPTION OF FIGURES Further features and advantages of the present invention will result more clearly from the illustrative, non-limiting description of a preferred, non-exclusive embodiment of a method and a system of multi-party computation as shown in the annexed drawings, in which: Figure 1 shows a multi-party computation system that is used to implement the multi-party computation method of the present invention. DETAILED DESCRIPTION Even when this is not expressly stated, the individual features as described with reference to the particular embodiments shall be intended as auxiliary to and/or interchangeable with other features described with reference to other exemplary embodiments. The present invention relates to a method of multi-party computation for processing and secure handling of a plurality of data associated with one or m