Multi-party Computation: Privacy in Coopetition

Abstract

While it may not always be possible to choose who follows you on social media or who gains access to your search history, Multi-Party Computation (MPC) empowers users to select their friends. Privacy environments often approach privacy as a binary property, but MPC offers more privacy granularity, a choice of when to participate, and the ability to initiate a session with a selection of peers. Also, privacy protection occurs at a transaction level and can change with every engagement. MPC offers a way to obtain specific information from friends while preserving the privacy of the data and/or the connection of data to the owner.

Introduction

In matters of love and war, all is fair. The centuries-old saying suggests that rules of fair play only apply to the space in between love and war, a space we refer to as “coopetition.” Coopetition is a portmanteau of two words—cooperation and competition. Coopetition recognizes that firms have complex interdependencies. In some realms, firms that compete for market share also cooperate to achieve mutual benefits (Dagnino & Padula, 2002). These rules of play are often established externally to ensure a fair game and take the guise of laws, regulations, and policy.

There are many reasons, however, why an occasional effort in collaboration might be beneficial to members of a particular industry group. All automobile companies promote large highway spending bills. Standards making bodies exist to ensure interoperability of competing products. Companies who both compete and cooperate comprise supply chains. Complicated organizations often find some units competing with other organizations and some units cooperating. As an example, Amazon and Netflix compete on video content, but Netflix servers run on the Amazon cloud. Fraternizing with the enemy? The reality is more complicated than that.

War is a zero-sum game (at best), in which one person’s gain is equal to another person’s loss. Love is a plus sum (sum+) game. With love, two parties can achieve a state where they exceed their individual potential. The question remains: can competing organizations achieve a higher outcome (sum+) by leveraging forms of cooperation which preserve their competitive advantage as well as protect their data from roaming or being misused? This is where Multi-Party Computation (MPC) plays, where new information is created while preserving the privacy of an organization’s data. It contributes to the “+” in sum+.

Two-Party Computation

We illustrate MPC with a series of examples that can be done manually.

Four faculty members agree to meet for coffee after a term ends to talk over their experiences. Two parties arrive early and start discussing matters. After some small talk, the faculty members Alice and Bob are curious as to who they are going to elect as department chair in the following year. Neither want to state their preference, but they are curious as if they agree who would be best. The question then is, how could they determine they agree or not without telling the other whom they favor?

The simple answer would be to have the barista serve as a trusted third party. Alice and Bob could write their preferences on a slip of paper hidden from each other and the barista could look over the two submissions and determine if they were the same or not. After some discussion, Alice and Bob decided that they didn’t like that idea, as the barista might disclose the preferences to another employee, who was the daughter of faculty member Carol.

While the barista said he would not disclose the data to the other party, he had another suggestion. He laid out four coffee cups on the table in a line and said they would represent faculty members Alice, Bob, Carol, and David going north to south. They would then be given four scraps of paper, and on three of them they would write “no” and on one of them they would write “yes.” The papers were folded so the other could not see the selection. Alice and Bob voted with a “yes” in one cup and placed their “no” vote in each of the other cups.

Next, Bob turned away from the table and Alice scrambled the cups in the line. After getting the all-clear, Alice turned away from the table and Bob scrambled the cups in the line. Finally, both Alice and Bob faced the table. They started at the top and opened the two papers in each cup. If a cup held two “no” scraps, they went on. If a cup held two “yes” scraps, then they knew they agreed. If two cups held “yes” and “no” scraps, then they concluded that they were not in agreement. If Alice and Bob had decided that they couldn’t vote for themselves, the solution of two-yes papers would reveal if they did.

In this case, Alice and Bob were able to determine that they didn’t favor the same candidate without either disclosing their private information. They repeated it to determine if there was a candidate who they thought would be a poor candidate for department chair, and, in this case, they agreed. They both smiled and acknowledged that David was a poor choice, one whom they each secretly expected to be 15 minutes late, without having mentioned David by name or referring to any reasons.

In essence, Alice and Bob computed a bitwise-AND function. A bitwise-AND function represents an action as a bit with either a “1” or a “0” value. The bitwise-AND function compares the bit of the first operand to the corresponding bit of the second operand. If both bits are 1, the corresponding result bit is set to 1. Otherwise, the corresponding result bit is set to 0. This outcome is logically equivalent to multiplication. Thus, a result of 0 implies no agreement (at least one party chose a 0), and a result of “1” implies agreement (both parties chose 1). With multiple participants, the result would have the potential leaking additional information and thus we would want to use a different computation.

The barista brought them two additional cups for their actual coffee and suggested that there were other calculations that could be done with the shop’s cups. When asked who wanted the check, both stepped up to accept. The barista said they would have plenty of time to determine how to break the tie, and suggested Andrew Yao’s millionaire problem (1986) as a potential solution. In that problem, two millionaires are having dinner and they decided that the wealthiest of the two would pay the bill. The problem was to compute the inequality without either diner stating their net worth.

As faculty at State U, salaries were already public, so both knew that Alice had the higher salary. But they decided that the person with the highest teaching evaluations in the prior term would pay for the coffee. The experiment would require the four cups, but this time cups would represent ranges of the evaluation scores. The first cup (from the north) was 4.0. If Alice had evaluations above 4.0, then she would put a “>” on a scrap of paper and place it in the first cup folded. If her evaluations were below 4.0, then she would put a “<” on the folded scrap of paper and place it in the cup. The second cup represented 4.25. Similarly, if Alice had evaluations less than 4.25, she would write a “<” on the second scrap of paper, otherwise she would put a “>” on the scrap of paper. Alice would repeat this for cups 3 and 4 with boundaries 4.5 and 4.75.

Bob then would use the previous “yes” and “no” scraps and place them into the cups based on the ranges. “Yes” would go into the range where his evaluations landed. The cups would be scrambled as before and then the scraps read. As an example, if Alice had average student evaluations of 4.4, then the comparisons would be “>,” “>,” “<,” “<,” meaning “>4,” “>4.25,” “<4.5,” and “<4.75.” Say Bob had average evaluations of 4.6. Then the cups would hold “no,” “no,” “yes,” and “no,” meaning “not x < 4.25,” “not in the range of 4.25 < x < 4.5,” “yes in the range of 4.5 < x < 4.75,” “not in the range of 4.75 < x < 5.0.” The scrambling left the information of {“yes,” “<”}, indicating that the range where Bob chose, Alice had “<.” Thus, we would conclude that Bob had higher evaluations than Alice, again without Alice nor Bob giving their actual value. Bob is buying coffee this morning.

After narrating the two examples, we see a couple of important considerations emerge if this were to be implemented on a digital computer. One is that the parties must be honest for the calculated value to be interpreted as meaningful. In general, MPC favors environments where the parties are incentivized to play honestly. There are many extensions though that give meaningful results if at least fifty-one percent of the participants are honest. We save those variations for the ambitious reader.

Also, if the ranges are too wide, the barista would need to bring more cups so that the experiment can use more narrow ranges.

Multi-party Computation—Mean

Carol and David arrive for coffee, with Carol mentioning that David was late picking her up. Alice and Bob describe what they have been doing, and Carol and David are keen to participate in order to regain eligibility for the bill. They first discuss the recently announced merit bonuses of $1000 to $5000 per faculty member. The group wondered if everyone received $1000 or if the mean were closer to $2500 or higher. Technically the average could be anywhere from $1000 to $5000 depending on how the merit bonuses were distributed. Naturally, no one wanted to share their actual bonus. Instead, they would calculate the mean without anyone sharing their actual bonus, which is the input to the function.

The barista suggested a way to calculate this, which required each person to have a clean cup as well as several scraps of paper. First, for each party Alice, Bob, Carol, and David, they would generate three random numbers and then calculate the fourth so that each person’s four numbers add up to their individual bonuses. (Table 7.1 shows their actual bonuses). Obviously, the random numbers would have to be in an appropriate range, but they can choose their own range. Then, each party would have a cup to receive folded papers. Alice would give one of her random numbers to Bob, Carol, and David and hold one back in her cup. Bob would give each of the random numbers to Alice, Carol, and David and hold one back in his cup. Carol and David would each do the same.

Table 7.1 Faculty bonuses

Upon receiving the random numbers from the other parties, each would then calculate the sum of the values in their cup and share that sum with the group. The overall sum would represent the sum of the bonus and dividing that by 4 would result in the average bonus.

As an example, say these are the actual bonuses for the four parties, which are not shared (held privately). The average is of course $11,000/4 = $2750. But no one knows all four numbers to start, so there is no way to calculate this.

The parties calculate their three random numbers, as shown in Table 7.2. The number in the box represents the number they put in their own coffee cup.

Table 7.2 Three random numbers plus a calculated number to equal the bonus

The columns then are the numbers that get moved to the peer’s cups. So, Alice receives {867, 49, 229} to put along with the number she held back (56). The sum of these numbers is 1201. Similarly, Bob receives the numbers in #2 {410, 416, 205} along with the number he put in themselves (670) for a sum of 1701. Carol has column #3 with a sum of 2435, and David has a sum of 5662. Each party adds up the columns and broadcasts their own sums of 1201, 1701, 2435, and 1701, which sum to $11,000, and thus the average is $2750. There is muted happiness that the average is above $2500, which would represent equally likely bonuses between $1000 and $5000.

David notes that calculating a mean has a lot of applications, observing that he had built a trusted third-party application to do a similar thing. Several private equity companies wanted to know if they were pricing private bonds similarly to the industry, however, there was no market to share prices due to legal restrictions. They weren't particularly concerned about knowing the exact prices set by others; their primary interest was in assessing whether their prices consistently deviated from the industry average, either higher or lower. This seemed a perfect application for MPC, since their pricing data would remain private while they would be able to calculate the overall average and internally determine if they were constantly deviating from the others.

Multi-party Computation—Standard Deviation

The four parties were curious if everyone received the same bonus amount or close to the same amount, or if there was significant variance in the bonuses. After ordering another round of coffees and asking for more scraps of paper, the barista suggested that the population variance could be computed as the average deviation from the mean. As they all knew the mean, they could repeat the experiment using the deviations rather than the mean.

The population standard deviation of {3000, 4000, 3000, 1000} is 1089.7.

Each party calculates their deviation from the population mean as shown in Table 7.3

Table 7.3 Faculty member’s deviation from the mean bonus

Table 7.4 shows the results of squaring the deviations and generating random numbers.

Table 7.4 Three random numbers plus a calculated number to equal the deviation from the mean

Similar to the previous mean calculations, each party sums their column (papers they received in their cups) and the result is {1,015,086 2,003,955 630,502 1,100,457}, which sum to 4,750,000. Dividing that by 4 results in 1,187,500, and the square root of that is 1089.7. The group can determine that there is variance (that everyone didn’t get the same amount). Naturally, they then wanted to know who had the biggest bonus. After a danish…

Multi-party Computation—Moments of Distributions

It is appropriate to discuss here how privacy might be eroded if we were to continue and calculate the skewness and kurtosis of the dataset. Skewness is a measure of symmetry (really a lack of symmetry). A skewness of zero implies perfectly symmetric; a positive skewness implies that there are outliers to the right; a negative skewness implies there are outliers to the left. Kurtosis is a measure of the tailedness of a distribution as compared with the Normal distribution. Positive kurtosis implies the distribution is tall with skinny tails compared to the Normal distribution, and negative kurtosis implies a distribution is flatter with fatter tails.

Four “moments” or MPC calculation rounds with these types of functions can be used to construct the entire four-point dataset. In general, this is related to the Degrees of Freedom, or pieces of information, in a dataset. We illustrate this with an example.

Consider the four numbers {1, 2, 3, 4}. What if we knew three of the numbers and the sum (or average)? Then we should be able to calculate the 4^th number. Convince yourself this is true. If we know {1, 2, 3} and that the sum is 10, then we should be able to calculate that the missing number is a 4. Thus, the sum of 10 and the last number is 4 are the same piece of information—given one, we can calculate the other. By computing the sum, we have not added information. We still have four pieces of information.

Further, what if we calculated the standard deviation of the four numbers to be 1.118, the skewness to be 0, and the kurtosis to be −1.2. Then we could conclude that the following contained the same information, and given any of the five options, we could calculate the others.

1. (a)

   {1, 2, 3, 4}

2. (b)

   {any three} plus {sum is 10}

3. (c)

   {any two numbers} plus {sum is 10, standard deviation is 1.118}

4. (d)

   {any one number} plus {sum is 10, standard deviation is 1.118, skewness is 0}

5. (e)

   {sum is 10, standard deviation is 1.118, skewness is 0, kurtosis is −1.2}.

In essence, MPC reverses this. Each party has one piece of information and represents it as three random numbers (no information) and one computed number, which is not distributed. Sending random numbers to each other is akin to sending encryption keys, so the distribution of these numbers should be secret. (MPC is often used for this purpose.) Upon receiving the random numbers, the withheld number is added, which serves to randomize it. Thus, no degree of freedom (piece of information) ever crosses the network.

Of course, there are potential weaknesses. Consider the case where David decides to share his bonus with Carol. Now Carol is in step (c) above. She has 2 degrees of freedom. In order to know all four bonus values, she only needs to understand the sum (or average) and standard deviation, whereas everyone else is in state (d). Thus, performing more MPC, combined with parties sharing with each other, can weaken the anonymity of the raw data. If none of the P parties share with each other, then we can recreate the entire dataset with P moment calculations using MPC, and the dataset would be separated from the parties’ identities.

This can be helpful, as this is a form of anonymizing data. It allows us to recreate entire datasets without knowing the origin of the data. It requires one round of MPC for each moment calculation, so with 1000 data points, we could perform 1000 rounds of MPC and know the entire 1000-point dataset, though we would not know who contributed which point.

Multi-party Computation—Voting

After several cups of coffee, the group of Alice, Bob, Carol, and David now are thinking of many applications where MPC would be appropriate, including anonymous feedback, voting, applications involving signaling, and auctions. In the meantime, the remaining faculty Eve, Frank, Grace, Heidi, Ivan, and Judy, who had been sitting outside the coffee shop, joined the inside group, and there were now 10 people sitting around several tables. The dynamics have changed with the broader group, and there is less intimacy, but other topics can now be brought up to discuss because the entire department is now present.

Department chair Judy suggested that she has heard that some of the companies recruiting their students are interested in content related to artificial intelligence. Frank knew that Judy wanted to use ChatGPT in class the previous term, but he and Grace, who was not tenured, were uncomfortable with AI and wanted to discourage usage, but they were afraid to say anything. Judy suggested that they vote as to whether they should allow ChatGPT to be used in class, but David suggested that they vote anonymously using MPC.

In the case of computing averages, the random numbers created can be anything that add to 0 or 1, representing no ChatGPT in the classroom (0) or yes ChatGPT in the classroom (1). Then calculating the overall average should give the percent of those who voted yes.

Table 7.5 captures an example. In this case, there are 7 “yes” votes. Random numbers are distributed, and the diagonals are held back for later summation. Alice’s cup contains column #1, and when contributing their number −97, the sum is −236. The sum across the bottom row labeled “ColSum” is 7, which is the number of votes to permit use of ChatGPT.

Table 7.5 Nine random numbers and one calculated number for faculty votes

MPC determined that 7/10 parties agreed, without anyone knowing who voted yes and who voted no.

Multi-party Computation—Maximum

Before the group dispersed, Alice suggested that they would like to know if anyone received the highest bonus of $5000. They had previously determined that not everyone was given the same bonus, but they hadn’t yet calculated the maximum of the group. The barista suggested a way to compute the maximum without anyone giving away their actual value. It would work like the following:

1. 1.

   Each party must represent their bonus amount in binary format (see Table 7.6).

   Table 7.6 Faculty bonuses represented in the binary numbering system

1. 2.

   Each party chooses the left most bit of the binary representation and has MPC compute an average across the 10 parties.

   1. (a)

      If the average is zero (all parties have a 0), then record a zero for the solution, return to step 2 until the average is >0. Then continue to (b).

   2. (b)

      For each player, if their bit is 1, stay in the game. If their bit is 0, then use all 0’s in each round from this point. Return to step 2 until the bits are exhausted.

In this example, the leftmost bits are zero for the parties A through H, and one for parties I and J (Ivan and Judy). Thus, the max solution begins with a “1” as the leftmost bit, as the average >0. Parties A–H must now participate with zeros until the iteration is complete. Ivan and Judy continue with their actual bits.

MPC continues to the second leftmost bit. Parties A through H must contribute “0,” and Ivan and Judy have zero also. A zero is appended to the temporary solution yielding “10.” The third bit is also all zeros, appending to the temporary solution yielding “100.”

The fourth bit is now calculated as 1/10, as parties A–H contribute zero, Ivan has a zero, and Judy has a one. At this point, party Ivan must only contribute zeros from now on, and the temporary maximum is now “1001.” Only party Judy will continue, and the temporary solution will build into party Judy’s binary representation after 13 more iterations.

The maximum value of the bonus is 1001110001000 or $5000. MPC has computed this while keeping the individual bonuses private.

If the group desired a minimum bonus amount, they could repeat the above process where everyone used ($5000 − individual bonus) and compute the maximum.

Rather than recalculate the highest overall teaching evaluation, Judy said she would pay for breakfast, and the other parties accepted. Judy kept the tip private.

Limitations and Other Applications

While MPC promotes privacy, it is not computationally efficient. With 10 parties, a round of computation to compute the mean requires 10*9 = 90 peer-to-peer messages in the early round. For the maximum function, there were 16 rounds of 90 peer-to-peer messages (1440) to calculate the 16 averages. For an election with 10,000 voting parties, that is roughly 100M messages to be sent. In a practical application, each message would be encrypted and digitally signed. There are opportunities for improved performance, but essentially the tradeoff is privacy against computational performance.

Obviously, by computing distributional moments, summary statistics such as confidence intervals and common risk metrics can be calculated. In 1987, it was demonstrated that any function could be securely computed (Goldreich et al., 1987). Today there are thousands of applications that use MPC. Below is a list of a few use cases, as well as a list of several domains in which MPC has been used in practice.

1. 1.

   Privacy-Preserving Machine Learning (Knott et al., 2021): This paper describes the design of CrypTen and measures its performance on state-of-the-art models for text classification, speech recognition, and image classification.

2. 2.

   Digital Twins (Hörandner & Prünster, 2021): This paper describes how MPC can be used for keeping digital twin data private.

3. 3.

   Secure Voting (Bermúdez, 2016): This paper presents an online voting architecture based on partitioning the election in small clusters of voters and using a Multi-party Computation algorithm for obtaining voting results from the clusters.

4. 4.

   Secure Key Exchange (Archer et al., 2018): The paper highlights a number of applications, ranging from securing small high value items such as cryptographic keys, through to securing an entire database.

5. 5.

   Data Exchange Between Law Enforcement (Treiber et al., 2022): The authors propose a system for lawful information exchange between LEAs using MPC and private set intersection and show its feasibility by giving a legal analysis for data protection and a technical analysis for workload complexity.

6. 6.

   Privacy-Preserving Blockchain Applications (Wang et al., 2021): This paper presents an integrated solution to enable privacy-preserving energy storage sharing, such that energy storage service scheduling and cost-sharing can be attained without the knowledge of individual users’ demands.

MPC has been used in several other domains (Cramer et al., 2015), including:

1. (a)

   Secure Auctions,

2. (b)

   Secure Financial Transactions,

3. (c)

   Secure Voting,

4. (d)

   Supply Chain Collaboration,

5. (e)

   Fraud Detection,

6. (f)

   Genomic Data Sharing,

7. (g)

   Privacy-Preserving Authentication, and

8. (h)

   Privacy-Preserving Smart Contracts.

MPC functions preserve the privacy of inputs and create information that cannot be obtained otherwise. This information is akin to the “+” of a sum game in coopetition, as the competition would suggest sharing nothing and the cooperation would suggest sharing everything. In the case of MPC, we share nothing but yield information that is of collective value.