viff
view doc/applications.txt @ 1433:e0936c19605e
Added links to code from the Norwegian thesis.
| author | Martin Geisler <mg@cs.au.dk> |
|---|---|
| date | Sun Feb 21 12:21:40 2010 +0100 (2 years ago) |
| parents | b4ed28fc63d5 |
| children |
line source
1 .. -*- coding: utf-8 -*-
3 Applications
4 ============
6 VIFF has been used for several small and some larger applications. The
7 largest applications are listed below. Please see the ``apps/``
8 directory in VIFF for more examples of small programs using VIFF.
11 Nordic Sugar
12 ------------
14 In Denmark, the production of sugarbeet is managed by sugarbeet
15 contracts. A sugarbeet contract determines the quantity of sugarbeet
16 that a farmer is allowed to produce. Traditionally, sugarbeet
17 contracts have been traded between individual pairs of farmers. This
18 has been done in spite of the fact that trading in a central market
19 was known to increase the overall profit. A central market has,
20 however, not been possible due to conflicting interests and lack of
21 trust between the parties.
23 In January 2008 the first large scale secure multiparty computation
24 was carried out, effectively solving this problem. This was done by
25 the SIMAP research project as reported in "`Multiparty Computation
26 Goes Live`__" (also published at `Financial Crypto 2009`__). In the
27 summer of 2009 the same computation was successfully repeated, this
28 time using VIFF.
30 .. __: http://eprint.iacr.org/2008/068
31 .. __: http://www.springerlink.com/content/j4772m44r05x0527/
33 The computation was a double auction in which the production rights
34 for several thousand tons of sugarbeets were traded. During the first
35 weeks of the auction, several hundred Danish sugarbeet farmers
36 submitted their encrypted bids to a central database. Then the actual
37 computation took place between three players:
39 * Nordic Sugar, the Danish sugar company
41 * DKS, the consolidation of Danish sugarbeet farmers
43 * Partisia, a Danish company specialized in secure multiparty
44 solutions
46 The computation took about 15 minutes using three laptops on a LAN.
47 Most of the computation time was spend converting the encrypted bids
48 to secret sharings. The actual multiparty computation took only a
49 couple of minutes. As a result, the sugarbeet contracts could be
50 traded at an optimal price without any sensitive information being
51 disclosed.
53 Using secure multiparty computation, trading sugarbeets using this
54 kind of auction was possible without finding and paying a trusted
55 third party to manage the auction. Such a trusted party would---if it
56 could be found at all---probably have been quite expensive.
59 Distributed RSA
60 ---------------
62 Atle Mauland from the Norwegian University of Science and Technology
63 (NTNU) used VIFF for his Master's Thesis titled "`Realizing Distributed
64 RSA using Secure Multiparty Computations`__". The `code is available
65 for download`__.
67 .. __: http://daim.idi.ntnu.no/masteroppgave?id=4699
68 .. __: http://daim.idi.ntnu.no/vedlegg?id=4699
70 The private key from a RSA key pair must be kept in a highly secure
71 location (to prevent unauthorized persons from stealing it) but
72 because we want to use the key, we cannot just write it on a piece of
73 paper and store that in a safe.
75 This tension between high availability and high security makes a
76 distributed solution attractive. Atle Mauland implemented a protocol
77 by Boneh and Franklin for generating RSA keys in a distributed
78 fashion. The protocol ensures that the private key is never available
79 in the clear to any given party and an attacker must break into all
80 machines to learn the private key. Meanwhile, the parties can use
81 their shares of the private key to securely decrypt messages encrypted
82 under the public key.
84 Generating a 1024-bit RSA key using VIFF took about 30 minutes on
85 average (the time varied between 7 seconds and 2.5 hours). These
86 results can likely be improved by using the GMPY library more
87 aggressively.
90 Distributed AES
91 ---------------
93 The Advanced Encryption Standard (Rijndael) block cipher turns out to
94 have nice arithmetic properties which makes its computation by
95 arithmetic circuits relatively fast. Marcel Keller from the University
96 of Aarhus has implemented a multiparty version of AES for VIFF.
98 Using the :mod:`viff.aes` module, it is possible to securely
99 compute a secret shared AES encrypted ciphertext of a (possibly)
100 secret shared plaintext with a (possibly) secret shared key. The
101 inputs have to be given either as a list of shares over
102 :class:`~viff.field.GF256` (byte-wise) or as a string. The runtime has
103 to be able to handle shares over GF256.
105 Encrypting a 128-bit block using a 128-bit secret shared AES key takes
106 about 2 seconds using three machines. Decryption is not implemented
107 yet.
110 Secure Voting
111 -------------
113 Typical Internet voting systems store all votes in a single location.
114 HÃ¥vard Vegge from the Norwegian University of Science and Technology
115 (NTNU) used VIFF for his Master's Thesis titled "`Realizing Secure
116 Multiparty Computations`__" to implement a distributed voting system.
117 The `code is available for download`__.
119 .. __: http://daim.idi.ntnu.no/masteroppgave?id=4559
120 .. __: http://daim.idi.ntnu.no/vedlegg?id=4559
122 The system removes the single point of failure by storing the votes in
123 secret shared form between three servers. The voters will do the
124 secret sharing on their own machine, encrypt the shares, and send the
125 encrypted shares to a database. Each share is encrypted under the
126 public key belonging to the computation server that will do the actual
127 multiparty computation.
129 This project shows how VIFF can be integrated with many other
130 technologies. The user creates a vote on a website programmed in PHP
131 and the voting is cast using a Java applet. The applet has the
132 responsibility of encrypting the votes for the computation servers.
133 When all voters have cast their vote, a XML-RPC message is sent to the
134 Python program running on the servers. That program decrypts the
135 shares and uses VIFF to compute the result.