原標題:What Will Be the Early Privacy Impact of Secure Multiparty Computation?
本文由著名區塊鏈科技媒體Cointelegraph於2020年3月29日首次報道,作者爲安德魯·羅索(Andrew Rossow)。原文鏈接見文末。
Andrew Rossow is a millennial attorney, law professor, entrepreneur, writer and speaker on privacy, cybersecurity, AI, AR/VR, blockchain and digital currencies. He has written for many outlets and contributed to cybersecurity and technology publications. Utilizing his millennial background to its fullest potential, Rossow provides a well-rounded perspective on social media crime, technology and privacy implications.
安德魯·羅索(Andrew Rossow)是新生代律師、法學教授、創業者、作家和演講者。他專注於隱私保護、網絡安全、人工智能、AR / VR、區塊鏈和數字貨幣領域。他曾爲許多媒體撰稿,併爲網絡安全和技術出版做出了貢獻。 Rossow充分利用其千禧一代的背景法學知識,對社交媒體犯罪、技術和隱私的影響提供了全面的視角和專業的分享。
Currently, one of the most rigorously examined corners of the surging cryptography space, secure multiparty computation, or sMPC, is widely considered a viable solution to many practical situations in the real world. The concept has some promising implications ranging from privacy to scalability and efficiency, and it’s lasting impact lay outside the purview of only blockchain technology.
現如今各類加密技術蓬勃發展,其中 「多方安全計算」(Multiparty Computation, MPC)一直備受關注,並被普遍認爲是落地於現實世界最可行的解決方案。安全多方計算的一些有潛力的應用包括了隱私性、可擴展性和高效性,而且其深遠的影響已經超出了區塊鏈技術的應用。
However, many crypto and blockchain platforms are among the early pioneers in actively applying the technology to finance, advertising, insurance and other industries.
然而,許多加密貨幣和區塊鏈平臺都已經成爲開路先鋒,積極地將安全多方計算應用於金融、廣告、保險和其他行業。
“The beauty of multi-party protocols is that they use a rich body of tools and sub-protocols, some of which have been developed especially for MPC and others previously developed for the cryptographic non-distributed setting,” detailed Dragos Rotaru, a researcher for ARPA, in the team’s white paper.
ARPA研究人員Dragos Rotaru在詳細介紹團隊白皮書時說到:多方協議的美妙之處在於它們使用了大量的工具和分佈協議,其中部分是專門爲安全多方計算開發的,還有一些先前是爲加密非分佈式情景開發的。
The rich feature-set of tools includes the lauded protocols of zero-knowledge proofs, message authentication codes, commitment schemes and secret sharing models, like Shamir’s Secret Sharing. The compatibility of sMPC with such blossoming cryptography subfields, along with its recent development that surpassed many of its performance limitations, is poised to unleash a new suite of features for many public blockchains, financial applications and data sharing.
安全多方計算中的工具包括廣受讚譽的零知識證明協議、MAC安全校驗、承諾方案和祕密共享模型,例如Shamir的祕密共享。 安全多方計算與這些工具的融合及開發,有望爲許多公鏈、金融應用和數據共享帶來新的功能和落地。
A brief history and introduction of sMPCs 安全多方計算簡史
The concept of sMPCs gained traction in the early 1980s as a solution to “Yao’s Millionaire Problem.” The problem is a classic example of two parties, Alice and Bob, wishing to determine which party is wealthier without revealing their explicit wealth value.
安全多方計算的概念在1980年代以經典的“姚期智百萬富翁難題”,而得到了廣泛的關注:兩個百萬富翁街頭邂逅,他們都想炫一下富,比比誰更有錢。但是出於隱私,雙方都不想讓對方知道自己到底擁有多少財富。如何在不借助第三方的情況下,讓兩位富翁知道他們之間誰更有錢?
The goal of sMPC is to enable both Alice and Bob to compute a function over the shared inputs — e.g., their wealth — without revealing the value of the inputs. As a result, the counterparties can discern which is wealthier without exposing private financial data. Contrary to most cryptographic goals, sMPC protects participating user privacy from one another and is not explicitly created to protect a communication channel from third-party snooping.
安全多方計算的目標是能夠讓參與計算的雙方(兩位富翁)在不暴露輸入值(雙方的財富值)的情況下一起根據雙方輸入值和函數進行計算。雙方可以在不向對方揭露自己的真實財富的前提下比較出誰更有錢。和大多數加密方法的目標不同,安全多方計算保護參與雙方的隱私不向對方暴露,而不是專爲保護通信渠道不被第三方窺探而誕生。
The applications of sMPC are numerous, but its early potential was handcuffed by its performance limitations. Those handcuffs have been removed. As the ARPA white paper details:
MPC所能覆蓋的應用領域衆多,但其早期發展受到計算效率的限制。如今許多限制已被解決。 ARPA白皮書介紹道:
“With theoretical constructions going back 35 years, there are substantial improvements in algorithmic and engineering designs over the past decade to improve performance.”
“在35年來理論構建的基礎之上,過去十年的算法和工程設計都有了重大改進。”
ARPA references that the overall performance of sMPCs has increased by four to five orders of magnitude in the last decade alone — which are drastic improvements. As a result, the applications of sMPCs are no longer relegated to theoretical designs and are now firmly planted in the practical world.
ARPA指出,僅在過去十年中,MPC的整體性能就提高了4到5個數量級,這個進步是巨大的。因此,MPC的應用不再侷限於理論設計,而是已經紮根於實際應用中。
For example, sMPCs can play the primary role in mitigating one of crypto’s most endemic problems — exchange transparency. Endeavors like Blockstream’s Bitcoin proof-of-reserves attempt to self-regulate exchange treasuries to ensure customers that their deposits are fully-backed by the exchange. Instances like the QuadrigaCX debacle would fade away, and exchanges would garner more regulatory trust in the process.
例如,安全多放計算可以解決加密貨幣主要問題之一——交易所透明度。比如Blockstream進行了比特幣儲備金證明的嘗試,目的是能夠讓交易所的財政進行自我監管,從而確保客戶在交易所的存款有充足的準備金作爲償付儲備。類似QuadrigaCX出現償付問題而破產的情況將逐漸消失,交易所將在此過程中獲得更多的監管信任。
The sentiment for better exchange reserve transparency is also consistently touted by Castle Island Ventures’s Nic Carter, who views the progression as inevitable. And while PoR protocols like the one from Blockstream still need to improve privacy, others, such as ARPA’s, are on the cusp of bolstering the prospects of PoR significantly. The ARPA MPC network is in its pre-Alpha mainnet stage. Users can stake their tokens, join the privacy-preserving computation network, complete tasks and get computation rewards.
Castle Island Ventures的Nic Carter也大力支持提高外匯儲備的透明度,他認爲這種發展是大勢所趨。PoR協議(如Blockstream的協議)仍需要改善隱私性,但其他協議(如ARPA協議)正處於顯著提升PoR前景的風口浪尖。 ARPA MPC網絡處於Pre-Alpha主網階段,用戶可以加入計算主網、參與質押,完成任務並獲得計算獎勵。
In addition, institutional and personal account key management requirements stimulated by distributed ledgers have also spawned many wallet applications, and this change has also affected traditional enterprises. No matter in the blockchain or traditional financial institutions, the threshold signature scheme enabled by sMPC can bring security and privacy improvements in various scenarios.
此外,分佈式記帳激發了機構和個人對密鑰管理的要求,也催生了許多錢包應用程序,並且這種變化也影響了傳統企業。無論在區塊鏈還是傳統金融機構中,MPC的門限簽名技術都可以在各種情況下提高安全性和隱私性。
Wallets based on a threshold signature are more secure because the private key doesn’t need to be rebuilt. Also, without all signatures posted publicly, anonymity can be achieved. Compared to the multi-signature, a threshold signature needs lower transaction fees. Similar to key management applications, the administration of digital asset accounts can also be more flexible. Furthermore, a threshold signature wallet can support various blockchains that do not natively support multi-signature, which reduces the risk of smart contract bugs.
基於門限簽名的錢包更加安全,因爲不需要重建私鑰。 同樣,無需公開發布所有簽名,就可以實現匿名。 與多重簽名相比,門限簽名耗費的交易費用更少。 類似於密鑰管理應用程序,數字資產帳戶的管理也可以更加靈活。 此外,門限簽名錢包可以支持各種無法實現多籤的區塊鏈,從而降低了智能合約出錯的風險。
The remaining barriers to the proliferation of sMPC hinge on education and making the technology more accessible. For example, developers are working on abstracting away the underlying complexity of the technology and building “plug-and-play” setups for businesses to tap into the technology. As Rotaru continued:
MPC發展仍需解決的,是其理論的科普和技術的普及。開發人員正在致力於降低該技術的複雜性,併爲企業構建“即插即用”設置,以降低其使用門檻。
ARPA介紹其白皮書時還提到:
“Our goal is to build an MPC network with high availability for the first time where any business needs for secure computation can be conducted on the network or by using smart contracts on existing blockchains such as Ethereum or EOS.”
“我們的目標是首次建立可用性極高的MPC網絡,任何需要安全計算的業務都可以在網絡上進行,或者通過在以太坊或EOS等現有區塊鏈上使用智能合約來進行。”
By reducing the costs and barriers to access sMPCs, businesses can leverage one of cryptography’s most venerated achievements. However, the direct impact on sMPCs extends beyond PoR for exchanges well into the depths of the battle for digital privacy.
通過降低訪問MPC的成本和障礙,企業都可以使用MPC這項傑出的加密技術。這也將使MPC技術開始進入深度的數字隱私爭奪戰。
Privacy advantages of sMPC MPC的隱私優勢
Applications can be layered on top of sMPC protocols, masking the exceptional complexity that underscores them — something businesses do not want to pay for to implement themselves. Once the barriers to accessing sMPC protocols are reduced, the practical applications for privacy become pretty obvious.
應用程序可以部署在MPC協議之上。一旦降低了使用MPC協議的門檻,隱私的實際應用就變得非常明顯。
The primary target area? Privacy.
主要目標區域——隱私。
For example, outside the scope of blockchains, imagine any scenario where two or more parties want to come together; they do not explicitly trust each other and would like to determine an outcome without revealing sensitive internal details about each other.
在區塊鏈場景之外,如果兩個或兩個以上的人在一起,他們彼此之間並不互相信任,但又希望在不透露彼此隱私的情況下確定結果,就經常會利用到數據共享。例如計算訪問網站的一組用戶的平均年齡而不暴露其他個人用戶數據。
Situations like data sharing, such as calculating the average age of a group of web users visiting a website without exposing other (non-pertinent) personal user data, immediately come to mind. Others, like insurance providers analyzing risk without having to control vast quantities of data (no more Equifax hacks), are also enticing. And some, like secure monetization for user data by renting personal data to advertisers, might be the tip of the privacy spear that shatters the glass ceiling of user privacy abuse.
數據的商業價值非常大,許多公司,例如保險公司無需掌握大量數據即可分析風險。數據的商業價值也使其有着被泄漏的風險:例如某些公司會通過將個人數據租借給廣告商來獲利。
ARPA views sMPC as also playing a critical role in health care, an industry rife with data privacy and security problems.
醫療保健是一個充滿數據隱私和安全問題的行業,因此ARPA認爲MPC在醫療保健領域也起着至關重要的作用:
“Individual medical data contains sensitive information that is risky to run a diagnosis using third-party models or tools,” says Rotaru. He added:
個人醫療數據包含敏感信息,使用第三方模型或工具進行診斷可能會有風險。
Rotaru補充道:
“With sMPC protocols, such as ARPA’s, medical data for diagnoses can be computed without leaking data to third-party model providers, specifically AI specialists that are prevailing as pivotal algorithmic providers to medical institutions.”
藉助諸如ARPA的MPC協議,就可以計算出用於診斷的醫療數據,而無需將數據泄露給第三方模型提供商。
It’s unlikely that enterprises will recognize the advent of sMPCs to their advantage in the short-term. Their incorporation of the technology will likely follow its proven accolades among public blockchains, and specifically, financial applications running on those networks. Enterprises that have been investing in both researching and implementation of sMPC have also come together to form an alliance to bring global awareness to this technology. The MPC Alliance now has over a dozen members.
一些企業在短期內可能無法意識到MPC的出現對他們有利。他們對這項技術的理解仍停留在區塊鏈和一些基於區塊鏈的金融應用程序。
MPC聯盟現在有十幾個成員。已經在MPC的研究和落地上進行投資的企業聚集在一起,結成MPC聯盟,以推動MPC技術的發展並提高其全球知名度。
Yet, the question is whether or not the technology will become more sophisticated from this point forward:
Should the technology become a ubiquitous, accessible tool on the web, expect an entire generation of companies to provide privacy services to web surfers, advertisers and companies with>
未來,MPC技術是否會成爲網絡上無處不在的可訪問工具呢?我們能否期待將來MPC技術所有廣告商及其他需要大量數據的公司提供隱私服務呢?
The trajectory of sMPC’s impact on privacy appears inevitably fruitful in the long-term. Now, the onus is on crypto companies and blockchains to tinker and promote the technology that has cryptographers so excited about the future of privacy.
從長遠來看,MPC對隱私保護的影響必定不容小覷。而現在,加密公司和密碼學家們的責任在於發展並推廣這項令人興奮的技術。
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
原文鏈接:
https://cointelegraph.com/news/what-will-be-the-early-privacy-impact-of-secure-multiparty-computation
有關ARPA
ARPA 致力於爲企業與個人提供基於加密運算和區塊鏈的隱私數據安全流轉解決方案。
ARPA 安全多方計算網絡可以作爲協議層爲公鏈實現隱私計算能力,並賦能開發人員在私密智能合約上構建高效、安全、能保護數據隱私的的商業應用。企業和個人數據可以在ARPA 計算網絡上被安全分析或利用,而不必擔心將數據暴露給任何第三方。ARPA多方計算技術支持安全數據市場,精準營銷,信用評分計算,甚至個人數據的安全變現。
ARPA的核心團隊高度國際化,有來自清華大學的密碼學博士,來自谷歌,優步,亞馬遜,華爲和三菱的經驗豐富的系統工程師,東京大學的區塊鏈專家,以及來自AIG,世界銀行,CircleUp的數據科學家,還有來自復星和富達投資的金融、數據方面的專業人士。
有關ARPA的更多信息,或加入我們的團隊,請通過[email protected]與我們聯繫,或添加客服小姐姐:lxp_123345