Secure Multi-Party Computation for Statistical

Computations using Virtual Parties on a Token Ring

Network
Ourgesh Kumar Mishra
i
,Rohit Pathak
'
, Satyadhar Joshi
2
, Arpit Ludhiyan
e
'
Acropolis Institute of Technology & Research, Indore, MP, India
2
Shri Vaishnav Institute of Technology & Science, Indore, MP, India
rohitpathak@ieee.org, satyadharjoshi@ieee.org, mishraJesearch@redifail.com, arpit.ludhiyani@ieee.org
Abstact- A novel Secure Multi-party Computation
protocol for statistical computations has been proposed
and implemented in this work. The described protocol is
an enhanced version of our previous proposal of virtual
party protocol. Here the system is implemented using a
Token Ring Network. Secure Multi-party Computation is
classically defned as a system in which computation which
involves data from a number of organizations, is
performed. Since each organization want to hide its data
from other parties, this type of computation requires
special security measures. The paper also describes the
application of the protocol for secure banking
computations, secure business process out-sourcing
computations, secure surveys and other intricate statistical
computations.
Keywords- SMC (Secure Multi-Party Computation), Information
Security, Data Privacy, BPO (Business Process Outsourcing),
Banking, Statistical Computation, Virtual Party.
I. M1KOLL1M
SMC can be described as a problem in which multiple
parties want to perform joint computation in which no party
want to reveal its data to another paty. In classical SMC
system the data of the parties is sent to TTP for computation.
The TIP is considered honest. A three point reseach is
accomplished by [1]. Firstly identifcation of incapability of
existing protocols in handling the privacy issues for a scenario
of more than two participats in privacy-preserving k-N
mining. Secondly two protocols are proposed to confont the
above mentioned issue and thirdly the security of the proposed
protocol is shown. A protocol in SMT -PO ( Secure Message
Transmission in the public discussion model) is presented in
[2] with sub linear communication on the public channel. A
protocol for computation of ratio of secure s ations is
introduced by Bin et al [3]. Performance of RSS protocols is
also discussed. Also a Privacy-Preserving distributed LOA
model which can be applied by the RSS protocol has been
shown. In [4] a report is made on the frrst ad the foremost
large-scale application of SMC, which took place in January
2008. Also the protocols used are analyzed. A protocol for
978-1-4244-7202-4/10/$26.00 201 0 |bbb
solving linear progr8 ing (LP) problems using black-box
access to secure modulo aithmetic is given by [5]. The
solution shown can be initiated in various settings.
Public-key encryption security has been focused by [7], in a
setting where resetting is possible and random numbers might
be reused. It has also been shown that existing schemes and
security models are insufcient in this type of setting.
Universal Composability model (UC) by Canetti (FOCS 2001)
allows for secure composition of arbitrar protocols. A new
version of the UC model is proposed with similar
compositionality guarantees in [8]. Protocols combining
distributed variants of slepian-wolf coding and the lefover
hash lemma has been given by Renato et al [9]. The problem
of securely computing the k
t
-ranked element of the union of
two or more large, confdential data sets is analyzed in [10].
Also the paper investigates two- party and multi- party
protocols for both the semi- honest and malicious cases. Ofen
the orthodox tool for achieving security in a multi-party
communication environment ae group key exchange (GKE)
protocols, but they lack in performance and scalability
limitations as every new session should be preceded by a
sepaate execution of the protocol. The possibility of
designing more fexible protocols is explored in [11].
A notion of SMC for incompletely connected networks
almost everywhere is introduced by Juan et al [15]. It has been
shown how meaningfl security can be guaranteed whenever
needed. In [16] a multi-group scheme for building decision
tree classifers based on radomized response technique is
presented. Several specifc computations in the perspective of
secure multi party computation have been studied by
Wen liang et al [17] ad a number of SMC problems are
defmed. F efcient smart cad based implementation of
SMC for any number of participating entities in a model where
individual processes contain a tamper-proof security module is
presented in [18]. For development of practical solutions to the
SMC problems, a new paradigm is proposed by [6]. It uses an
acceptable security model that allows partial information
disclosure.
In our previous work we proposed the Virtual Paty
Protocol in which participats create vi parties and send
encrypted data through it. This approach fher increases the
security to nearly zero hacking probability [12]. It can be used
for secure statistical computations, computations in BPO,
supply chain maagement [13], baking computations [14],
computations in defense, etc. Complexity of the system is
directly proportional to number of nodes in the system.
Increase in number of nodes has an adverse efect on
performance and also network of the whole system becomes
more complex. In some cases such as systems involving
anonymizers, it is found that increasing the number of nodes
increases the security. With an increase in number of nodes,
we have to face a problem which is increase in complexity and
decrease in performance of the system. Therefore the security
has to be compromised to some extent to reduce the
complexity and increase performance. Thus the number of
nodes in the system is kept limited. With the new proposed
system we have a low complexity system with enhanced
security. It also allows easy implementation of Virtual Parties.
II. PKP5A
Computation of complex fnctions requires data fom a
number of organizations. The computation will be performed
on a token ring network. Each party will be allotted a position
on the ring. The ring will also have one position for Trusted
Third Paty and each party will encrypt their data. They will
also create some virtual parties and distribute the encrypted
data among them. This data is then sent to the TIP. Using the
encrypted data TIP computes the result and announces it
publicly.
A. Descrition
Key Identiers.
Token Ring: A token ring is a network in which computers
are connected in a ring fashion. It is a very common topology
and is commonly known as IEEE 802.5 standard.
Original computation fnction: This is the fnction which
needs to be jointly computed. It involves data fom several
parties.
f(Dl1,DI2'
m
,D21,D22,D2
m
z,Dnl,Dn2,D )
Modifed computaton fnction: In the proposed system:e
computation is done using encrpted data. Since the original
computation fnction cannot compute the result using
encrypted data, thus we need a new fnction which can
calculate the corect result using encrypted data and modifer
tokens.
g(EIP EI2, E1".' E21, E22,E2m2
... ,Enp En2,Enmn
'
I' 2'm ,11,12' 1m ,TI' T,
2 ,Tm )
I
2 n
Table 1. List of identifers.
Identifer Name Identifer Symbol
Party
Virtual Paty
Trusted Third
Paty
A paty is a member of the joint computation. Each
pa will be considered a node in the token ring
network. , _, , where is party number
one, _ is party number two and likewise.
A virtual party is a simulated fabrication created by a
par participating in the computation. Each party can
create a number of virtual paties. The number of
virtual parties created by ay paty is not restricted to
ay maimum limit, but should be kept in an optimum
range for optimized computation.vll, V]2, V13 ... , VIj
are the virtual parties of party Pl. V2b V22, V23 . , V2j
ae the virtual paties of part P 2 and likewise Vj is
the virtual party of party P
i
.
1 is the node which will compute the result using
special modifed fnction. TIP is a computation
machine which is allotted a position on the token ring.
In a typical secure computation we will have only one
TIP on a computation network.
Original Data Dll, D]2, D13 ... , DIj are the data of party Pl. D2b
D22, D23 , D2j are the data of party P2 and likewise
!_is the data of party P
i
.
Fake Daa Fll, F]2, F13 ... , Flj is the fake data of paty Pl.
F2b F22, F23 , F2j is the fake data of party P2
ad likewise Fi is of party P
i
.
Encrpted Data Ell, E]2, E13 ... , Elj are the encrpted data of party
Pl. E2b E22, E23 . , E2j are the encrpted data of
part P 2 and likewise L_is the encrypted data of party
P
i
.
Modifer Tokens Tll, T]2, T13 ... , Tlj are the modifer tokens of party
Pl. T2b T22, T23 , T2j are the modifer tokens of
par P 2 and likewise 1,is the modifer token of party
P
i
.
f)
This is the original fnction which needs to be
computed. It uses the data !_to compute the result.
gO This is the modifed fnction which uses the
encrypted data L_ and modifer tokens 1, to compute
the result.
dist() This is the distribution fnction which takes the input
data L_ ad modifer tokens 1,, then distributes them
radomly among the available virtual parties.
encO This is the encrption fnction which uses the original
data !, and fake data F , to encrypt it to L_ and
genemte modifer tokens 1
|i
Every party Pi has data Oil, Oi2, Oi3 ... , Dij. Ever paty
will create some fae data Fil, Fi2, Fi3 ... , Fij. There is no
restriction for the upper or lower bound for the number of fae
data entries. However, there may be a band of optimal number
of entries for the computation depending upon the used
hadware ad network. This fake data will not alter the result
Original Data I

'`
_
Fake Data

'`

--- F I

Encryption through Token generation, encO

Encrypted Data
E;5 -
Distribution function distO
Virual Pary Layer
Trusted Third Party
Fig. Data fow in the protocoL
in any manner_ It is used for the encryption of data_ The
generation of fake data is highly dependent upon the
computation fnction. It may vary for different types of
computations. This fae data Fij is passed to the encrption
fnction encO. This fnction uses the original data Dij ad
fake data Fij to generate encrypted data Ei along with
modifer tokens Tij. The fnction encO is highly dependent
upon the type of computation. It may vary for diferent types
of computations.
Every pay Pi creates a number of virtual parties Vij. The
encrypted data Eij and modifer tokens Tij ae passed to te
distribution fnction distO which distributes it among the
virtual paries Vij. The data of virtual parties Vij is sent to
TIP. TIP computes the result using a modifed fnction g(Eij,
Tij). This result is announced publicly. The fnction g(Eij, Tij),
fnction f(Di, Fij) ad Dij, Fij, Eij, Tij are related as follows:
f (DI P D12 .. , Dim' D21, D22 .. , D2 m ... , DnP Dn2, Dnm ) =
I 2 n
Since Virtual parties ae used the TP cannot detenine the
true source of the infonation. This is done by hardware
addess duplication techniques such as MAC spoofng. These
techniques hide the identity of the actual source of data fame
by forwarding the wrong source address of the fame. The data
in a token ring network comes fom only one direction, so the
only way to detenine the source of data fame is to rely on
the infonation contained in it. Using these techniques, other
nodes of the network ae under the wrong impression about
the infonation regarding the actual number of nodes in the
network. In other words, virtual parties are also included in the
token ring system, as if ever virtual pary had an actual
dedicated hardware. Truly it is just a virtual misrepresentation
produced by one node, which projects more than one MAC
addess. The token ring system can be seen in the fgure 2.
Algorithm Begin
.:. Initialize party P
i
.:. For every party P
i
.:. Initialize fae data Fi
.:. Generate Fi
.:. Compute Ei ad Ti using Fiand Di
.:. Initialize V g
I
V+
V+: V++ V++
P3
V;
V
::
V:+
P
2
TTP
V
:-
V
:
PJ
I
V

V: V+ V-
Fig. Z. Token ring network consisting of parties and
End
.:. Use distO to distribute Ei and Ti among
Vi
.:. For every virtual party Vi
.:. Send the data of Vi to TP
.:. Compute the fnction gO using Ei and Ti at TP
.:. TP Announces Result
D. Securit Analysis
Whenever a data is sent fom a paricular virtual party to a
TP, there is lin probability for the TP to determine the
source party. Also the data is encrypted so to get the actual
data of a pay the TP has to get data fom all the virtual
paries of a particular party.
The TP gets the data of all the virtual parties. If the TP is
corrupt then it may try to hack the data. It may guess the data
of all the virtual parties of a particular paty.
There are n number of parties Pi each having mi number of
virtual paties. The probability of hacking the data of one
virtual party Vkj of k
t
party is
P(Vk) =
.
,
_

;
=
1
To hack the data of one pary, the data of all its virtual
parties need to be hacked. The probabilit of hacking the data
of one paty P k is
1
The probability of hacking the data of a party P; is shown in
graph below.
_A"_"
1 e JO
Fig. . Graph between number of virtual parties ad probability of
hacking.
Wtbs,
___
"
08
Ii
Fig. 4. Graph between number of parties and probability of hacking.
As we can see in above fgure, the probability of hacking is
nearly zero. Thus the protocol is suffciently secure.
C Statistical Application
Mean
Ori
g
inal
Virtual Party Protocol Version
.
_|!,-!. -! ,-!.
)
=
.
T

(I |.-/. -/
,-/.)J
.
Variance
Ori
g
inal
1
.
( )
.

.
=-
_

x
n
-
1
.
Virtual Party Protocol Version
.
_-,-- ,}
s
.
=
.
T

(I|/.-/. -/
,-... 7k)J
-
1
.
Where
,-
. -,-,
h d d'f k

ae t e secon ary mo I ler to ens
ad
. . . .
( )
.

,-
. -
,-

,}
Standard Deviation
Ori
g
inal
1
.( _ )
.
s=
-_

H 1
.
Virtual Party Protocol Version
=
Where
.
_ -
.
. - - ,}
.
,-
. -,-,
h d d'f k
1 1 1 1
are t e secon ary mo I ler to ens
ad
Skewness
Ori
g
inal
.
[

x
J
,

,
=

Virtual Party Protocol Version

.

,
=
_,/-/-/ -/ )
.
Where
/ -/-/
-

are secondar modifer tokens

ad
[ r

r
J
,
, , , ,

=
/.-/ . -/ ,-/ .
Kurtosis
Ori
g
inal
III. LMLLL5M
We have corroborated the use token ring network and a
virtual party protocol to perform secure multi-party statistical
computations. H this protocol, computation was performed on
encrypted data at TTP using modifer tokens and a special
computation fnction is described. Virtual parties were used to
encrypt the data and to hide its source. A detailed security
analysis showed that probability of hacking in practical is
nearly zero. With the use of token ring network, the overall
security of the system goes up and the complexity reduces.
The protocol is applicable in may statistical computations for
increasing the security. The BPO industry can mae use of
such protocols to work on third party data.
HLLKLMLL5
[1] Feng Zhang, Gansen Zhao and Tingyan Xing, "Privacy
Preserving Distributed k-Neaest Neighbor Mining on
Horizontally Partitioned Multi-Paty Data," Advanced Data
Mining and Applications, Lecture Notes in Computer Science,
Springer Berlin / Heidelberg, pp. 755-762, vol. 5678/2009, DOl:
10.1007/978-3-642-03348-3 80.
[2] Jua Gaay, Clint Givens and Rafail Ostrovsky, "Secure
Messae Trasmission with Small Public Discussion," Adances
in Crptolog - EUROCRYPT 2010, Lecture Notes in Computer
Science, Springer Berlin / Heidelberg, pp. 177-196, vol.
6110/2010, DOl: 10.1007/978-3-642-13190-5_9.
[3] Bin Yang and Hiroshi Naagawa, "Computation of Ratios of
Secure Summations in Multi-paty Privacy-Preserving Latent
Dirichlet Allocation," Advances in Knowledge Discovery and
Data Mining, Lecture Notes in Computer Science, Springer
Berlin / Heidelberg, pp. 189-197, vol. 6118/2010, DOl:
10.1007/978-3-642-13657-3_22.
[4] Peter Bogetof, Dan Lund Christensen, Iva Damgard, Martin
Geisler, Thomas Jakobsen, Mikkel Kmigaad, Janus Dam
Nielsen, Jesper Buus Nielsen, Kurt Nielsen, Jaob Pagter,
Michael Schwartzbach and Tomas Tof, "Secure Multipart
Computation Goes Live," Financial Crptography and Data
Securit: 13th Interational Confrence, FC 2009, Accra Beach,
Barbados, Februar 23-26, 2009, Lecture Notes In Computer
Science, Springer-Verlag Berlin, Heidelberg, pp. 325-343, DOl:
10.1007/978-3-642-03549-4_20.
[5] Tomas Tof, "Solving Linear Programs Using Multiparty
Computation," Financial Crptography and Data Securit,
Lecture Notes in Computer Science, Springer Berlin /
Heidelberg, pp. 90-107, vol. 5628/2009, DOl: 10.1007/978-3-
642-03549-4_6.
[6] Wenliang Du and Zhiun Zhan, "A practical approach to solve
secure multi-party computation problems," In New Securit
Paradigms Workhop 2002.
[7] Scott Yilek, "Resettable Public-Key Encryption: How to
Encrpt on a Virtual Machine," Topics in Crptolog - CT-RA
2010, Lecture Notes in Computer Science, Springer Berlin /
Heidelberg, pp. 41-56, vol. 5985/2010, DOl: 10.1007/978-3-
642-11925-5 4.
[8] Dominique Unruh , "Universally Composable Quantum Multi
pa Computation," Adances in Crtolog - EUROCRYPT
2010, Lecture Notes in Computer Science, Springer Berlin /
Heidelberg, pp. 486-505, vol. 6110/2010, DOl: 10.1007/978-3-
642-13190-5_25.
[9] Renato Renner, Stefan Wolf and JOrg Wullschleger, "Trade-Ofs
in Information-Theoretic Multi-party One-Way Key
Agreement," Information Theoretic Securit, Lecture Notes in
Computer Science, Springer Berlin / Heidelberg, pp. 65-75, vol.
4883/2009, DOl: 10.1007/978-3-642-10230-1_5.
[10] Gagan Aggarwal, Nina Mishra and Benny Pinkas, "Secure
Computation of the Median (and Other Elements of Specifed
Raks)," Journal of Crptolog, Springer New York, pp. 373-
401, vol. 23, no. 3, DOl: 1O.1007/s00145-01O-9059-9.
[11] Michel Abdalla, Celine Chevalier, Mark Maulis and David
Pointcheval, "Flexible Group Key Exchange with On-demad
Computation of Subgroup Keys," Progress in Crptolog -
AFRlCACRYPT 2010, Lecture Notes in Computer Science,
Springer Berlin / Heidelberg, pp. 351-368, DOl: 10.1007/978-3-
642-12678-9_21.
[12] Rohit Pathak, Satyadhar Joshi : Secure Multi Paty Computation
using Virtual Paries for Computation on Encrypted Data. In:
Proceedings of The First Interational workshop on Mobile
Wireless Networks (MoWiN 2009) The 3rd Interational
Conference on Information Security and Assurance. June 2009.
DOl: 10.1007/978-3-642-02617-1 42
[13] Rohit Pathak, Satyadhar Joshi : Analysis of security issues in
SMC based RFID in supply chain management with energy
modeling . In: Proceedings of The First South Central Asian
Himalayas Regional IEEEIIFIP Interational Conference on
INTERET AH - ICI 2009. November 2009. DOl:
1O.1109/AHICI.2009.5340298
[14] Rohit Pathak, Satyadhar Joshi : SMC protocol for privacy
preserving in banking computations along with security analysis
. In: Proceedings of The First South Central Asian Himalayas
Regional IEEEIIFIP Interational Conference on INTERET
AH ICI 2009. November 2009. DOl:
1O.1109/AHICI.2009.5340328
[15] Jua A. Garay and Rafail Ostrovsky, "Almost-Everywhere
Secure Computation," Advances in Crptolog - EUROCRYPT
2008, Lecture Notes in Computer Science, Springer Berlin /
Heidelberg, vol. 4965/2008, pp. 307-323, DOl: 10.1007/978-3-
540-78967-3 18.
[16] Zhijun Zhan and Wenliag Du, "Privacy-Preserving Data
Mining Using Multi-Group Randomized Response Techniques,"
Technical Report, June 2003.
[17] Wenliang Du and Mikhail J. Ata1lah, "Secure MultiParty
Computation Problems ad Their Applications: A Review and
Open Problems," In Proc. New Securit Paradigms Workhop,
pp. 11-20, Cloudcrof, New Mexico, USA, September 11-
13,2001.
[18] Zinaida Benenson, Milan Fort, Felix Freiling, Doga Kesdogan
and Lucia Draque Penso, "TrustedPals: Secure Multiparty
Computation Implemented with Sma Cards," Computer
Securit - ESORlCS 2006, Lecture Notes in Computer Science,
Springer Berlin / Heidelberg, vol. 4189/2006, pp. 34-48, DOl:
10.1007/11863908_3.