Practical Secure Computation for Internet Infrastructure

Abstract

The Internet has been a boon in the lives of many in the world, opening up opportunities that may have been unknown or inaccessible to them. The growth in the availability of computational resources has made it possible to collect, compile, store, process and interpret data at a scale that was not imaginable in the past. The combination of the Internet and computing resources has resulted in a world that creates more data every year than ever in the past, where data can be harvested for the benefit of society. However, when the surface seems too shiny, the dangers lurk nearby. One such danger is privacy violation that can take several forms including nosy corporate employees, hacked databases as well as government coercion of centralised authorities that manage the Internet infrastructure. Secure multi-party computation (MPC) is a cryptographic tool for privacy-preserving computation. MPC allows multiple entities to perform joint computation over their private inputs, revealing only the output. Although the theoretical foundations for the two-party variant, secure two-party computation (2PC), were introduced in the 1980s, MPC has not yet seen widespread deployment in spite of its benefits. Not only is MPC useful when data needs to be processed, but it is also useful when cryptographic data such as signing keys are to be kept securely. In this thesis, we make MPC practical to secure Internet infrastructure. While MPC has been applied to many applications, it has not yet been used to secure Internet infrastructure. In the process of making MPC practical, we address several challenges in this thesis. First, we observe that the practical performance of 2PC can be improved by the use of different transport layer protocols. On the basis of this observation, we develop a framework that automates the integration of transport layer protocols into 2PC implementations. We show through extensive evaluations that the efficiency gained by using better transport layer protocols is sometimes much greater than that can be achieved by using stronger security assumptions. Second, we observe a practical security issue where mechanisms to secure fundamental protocols of the Internet infrastructure, such as routing and domain name system, rely on centralised authorities. In particular, signing keys that should be held by domain owners and Internet number resource owners in security mechanisms for Internet infrastructure are instead outsourced to centralised authorities. Nevertheless, vulnerabilities as well as conflict of interests often make the requirement for trust unsuitable for practical purposes. We replace trust in centralised authorities by designing systems that use MPC and distribute trust. Finally, we design and implement efficient threshold signature protocols, a specific instance of MPC, that we use to improve the security of Internet infrastructure. Our design uses a generic transformation to turn essentially any MPC protocol into an equally secure and efficient protocol that computes signatures in a threshold setting. Our design is the first to support preprocessing (independent of the message being signed as well as the key being used to sign), which is crucial for practical efficiency as it adds minimal overhead compared to the approach of centralised authorities being in charge of the keys.