Martin Geisler Online

I have been busy with a new project this summer, a project that will be part of my PhD in cryptographic protocols. It is working well, but I am not satisfied with the name I have come up with so far.

It is a library which enables you to write multi-party computations (MPC) in an easy way. A secure MPC protocol is a protocol between a number of players who seek to execute some joint computation, but done in a way in which they reveal nothing about their inputs. If the computation is the evaluation of a function f, then imagine each player Pi holding an input xi. When the protocol is finished, all players must know y = f(x1, x2, …, xn), but nothing more.

As an example where MPC is helpful, consider a bunch of companies that want to know how they compare to each other. So they want to compute their average profit, but are of course unwilling to share the private information about their expenses and incomes. This is the problem of benchmarking and traditionally this has been solved by having the companies reveal their sensitive information to a mutually trusted third-party. This could be a consulting company which has been paid so much money by the benchmarking participants that they can trust the consulting company not to cheat (the companies have essentially bribed the consulting company to be honest).

Paying a third-party so much money that he or she has no incentive to collude with a player is of course an expensive option. A secure multi-party computation can do the same, but without a trusted third-party. The protocol is designed in such a way that it acts as if there was a trusted third-party, a so-called ideal functionality present. An ideal functionality (IF) should be thought of as a computer which cannot be hacked and which faithfully carries out the program put into it. The players can therefore trust this computer and should simply reveal their private inputs to it.

In real life there is not such computer, but the MPC protocol creates a situation that look exactly as if there had been. This is the definition of security: the real protocol must look exactly as a protocol done in an ideal world. Because no attacks can occur in the ideal world (the IF cannot be attacked by definition) then we conclude that no attacks can occur in the real world as well. And so the protocol is called secure.

My library is written in Python and program written using it looks like this:

import sys
from X.field import GF
from X.config import load_config
from X.runtime import Runtime
from X.util import dprint
Z31 = GF(31)
my_id, conf = load_config(sys.argv[1])
my_input = Z31(int(sys.argv[2]))
rt = Runtime(conf, my_id, 1)
x, y, z = rt.shamir_share(my_input)
result = rt.open(rt.mul(rt.add(x, y), z))
dprint(”Result: %s”, result)
rt.wait_for(result)

This program starts by including some stuff from X, which stands for the package name of my library. It is this X that I want to see replaced by something else. The program then defines a field for the computation, loads the configuration and input. A Runtime is then created. The Runtime is used for all computations, it has methods for addition, multiplication, comparison and so on. In this example we compute (x+y)*z. The result is opened, printed and finally we ask the runtime to wait for the result.

The last point where we wait for a result is necessary since my library is asynchronous. The wait_for method goes into an event loop and only returns when the variables given have received a value. I use Twisted for the asynchronous infrastructure and it has worked extremely well.

So, if you’re with me so far, then you should have at least a rudimentary knowledge about MPC and what it is good for. I have already some name suggestions and I hope to get some feedback on them (listed in no particular order):

• NoTTP, short for No Trusted Third-Party. This is what MPC does: it removes the trusted third-party. But does it look good if you write from nottp.field import GF256? Also, the name almost sounds like NoTCP which could be some weird project that loves UDP :-)

• PySMPC, short for Python Secure Multi-Party Computation. The library is written in Python and does SMPC. One might drop the “S” and go with PyMPC since nobody wants to deal with in-secure MPC anyway :-) I don’t like that the name ties the library to Python since I might want to rewrite it in another language in the future.

• Trent or NoTrent. Accourding to Wikipedia, Trent is sometimes used as the name of the trusted arbitrator in cryptographic protocols (like Alice and Bob is used instead of A and B). So this library could be said to give you a virtual “Trent” and help you get rid of a real one. I don’t like the word “Trent” since I don’t think it is that widely used.

• VIFF, short for Virtual Ideal Functionality Framework. The library helps you create protocols that look exactly as if there has been an IF present. Therefore I think it can be said to create a virtual ideal functionality. Accourding to Google, VIFF mostly stands for “Vancouver International Film Festival“.

• AMPC, short for Asynchronous Multi-Party Computation. This emphasizes the asynchronous nature of the library. I think it is somewhat difficult to pronounce “AMPC”.

Any other suggestions? Which name do you like the most? Please vote by leaving a comment! (Those of you who already know the name I have used so far are kindly asked not to reveal it — I want to collect some opinious first.)

By the way: instead of the abbreviations, I would prefer a name like “Twisted” or “Python” which can be pronounced and which people know how to spell and capitalize. There is another project in this area called FairPlay and I think this is a very good name: easy to remember, it can be abbreviated to just FP, and it actually says a bit about the project. So if you could suggest something along the lines of that it would be great! :-)

Yes, we now have a car! Stephanie and I have just signed the contract for a Mitsubishi Colt Insport 1.5 — we will get it next Wednesday, yeah! Behold:

We tried a lot of different small cars, and the Colt was the one that fitted our needs and budget the best. It comes with three years of insurance for only 6,900 DKK ($US 1,300, 925€) which is very cheap in Denmark for first-time drivers. The normal prices are around 10,000-15,000 DKK per year.

Now we just have to wait nine days… I’m so looking forward to it!

I’m married! I just want to thank everybody for making yesterday such a wonderful day for me and Stephanie!

I’ll put the pictures up somewhere later — for now the “preview” on the right will have to make do. Thanks again to everybody for all the presents, thanks for being there and celebrating with us!

Today was an incredible day… it started with Thomas calling me at 7:30 in the morning. I was still sleeping at that point, so when he started talking about us having breakfast at 8:00 I didn’t really understand him. But when he said that it was at my place and that we would be doing a bit of a tour afterwards, then I knew that I was in for a bachelor party. “Uh-oh”, I thought… I hope they wont do anything bad to me :-)

They showed up half an hour later, the whole gang was there: Mikkel, Lars, Anders, and Svend. We had breakfast and wouldn’t tell me anything about what was going to happen, at this point I was getting quite curious and a bit nervous.

We drove into Aarhus and the first appointment was at 10:00 in Vestergade 45. What lies there, you wonder… a yoga school! “Cool, this is something new!”, I thought, and so it was. We spend an hour doing exercises and it felt really good. It might have been because he was giving us an easy program, for we spend quite a bit of time lying on the floor relaxing. Easy or not, it was a great idea!

We then had a soda/beer at a cafe and continued to the train station. To my surprise the day included a train trip to someplace which they didn’t want to tell me. The place turned out to be Silkeborg, a nice town situated between a couple of beautiful lakes and a city which I had never visited before. We had a nice lunch at Jensens Bøfhus.

After the lunch we walked for a bit and ended up at a bowling alley. I like bowling even though I’m not particular good at it, so it was a good surprise. We had time for one and a half games and I didn’t win or loose either of them — instead I had a lot of fun.

When I thought that we were done at the bowling alley and heading for the door, the guys had another surprise up their collective arms: the place also had a laser game arena… I’ve played laser game before and it’s an intense experience with lots of adrenalin, loud music, and fun. It is also physically demanding and I was completely wasted 20 minutes later when we were done. We then went home, this time for real :-)

Going back to the train we missed the bus and had to walk at a fast pace all the way to catch the train. We reached the station at 17:55 with the train scheduled for 17:56. The train turned up six minutes late, so Thomas and Anders had time to run to the shop and buy some much needed sodas. The weather was stunning all day, so we really needed the refreshments.

Back in Aarhus we went to Chinese restaurant called Restaurent Lotus. I had never been there before, but Thomas had so he could explain their buffet system. The idea was that you picked whatever raw meet (chicken, beef, bacon, deer, kangaroo, and a couple more) and vegetables you wanted and then brought it to a chef who would then quickly fried it in a wok and gave it back to you, mixing it with a sauce of your choice. It was really cool that you could mix and match things like that and the food tasted great.

The restaurant was the last point on the schedule and afterwards we sat a bit on a lawn relaxing in the yoga positions we had learned earlier :-) It had been a really long day for me (and even longer for the guys who went to the bakery before spending half an hour in a bus to reach me). So we decided to call it a day and head home.

All in all this was an amazing day. I was super surprised that they had planned so much for me and I think we all had a great time. I was also very happy that they didn’t had any scary plans for me. The only thing they wanted was for me to wear an ugly yellow tie and to carry a cute parrot-doll along with me the entire day. I happily did both things! :-) Thanks for a day to remember!

Last Friday was a really nice one: it started with me having lunch with Kristian since he was coming to town. I had to skip the last hour of my dEkspSys lecture — I’m really glad he gave me an excuse to do so since it was rather boring…

Later that same day Stephanie and I had invited Lars, Mikkel, Thomas, Mikoline, and Svend for dinner as a way of saying “thank you” after they helped us move last month. Everybody except Lars came, and I think we had a good time.