What is secure computation?

Secure computation is a subfield of cryptography with the goal of creating provable methods to securely compute/search on encrypted data. In the field of secure computation, multiple cryptographic techniques have been developed: garbled circuits; oblivious transfer; secret sharing; homomorphic encryption; private information retrieval; oblivious random access machines; and order-preserving encryption, are some of the most important.

Is secure computation being used in the real world?

Some recent research projects have developed custom cryptographic protocols and programs, that are being used right now:

  • Secure auctions
  • Secure statistics and surveys
  • Authentication with secure distributed key management
  • Secure credit scoring
  • Private benchmarking
  • Satellite collision detection with private orbitas
  • Secure operations over social graphs

Why would my organization need secure computation?

Every dataset considered confidential, private and/or secret will be processed with secure computation techniques in the coming years: compliance with data privacy laws when pooling data between multiple organizations is the most common reason, although there are also settings where secure computation can be used for profit, as shown in our “Use cases”.

Could classic cryptography (symmetric and public-key encryption) be used for the same purpose?

No, with classic cryptographic techniques you cannot compute/search on encrypted data without first decrypting it.

Is privacy-preserving computation the same as secure computation?

Yes, with the moral goal of privacy narrowing the more general term of “secure computation”.

Why secure computation on spreadsheets?

Since any cryptographic protocol for secure computation introduces significant computational overheads, secure computation should start to be applied on very valuable datasets of reduced size with easy to compute formulas: spreadsheets, unlike databases, are the perfect documents on which to find data with all these features.

Furthermore, whenever developing custom secure computation programs, the development team will get to know too many details about the programs being developed: involved parties, calculations being executed and many details about the data being processed. In most instances, this security risk is serious enough to question and prevent the initiation of the development. However, spreadsheets are minimal computer programs, created without the assistance of third parties: you don’t need to involve anyone but the parties doing the secure computation.

What cryptographic techniques does The Secure Spreadsheet implement?

The Secure Spreadsheet implements state-of-the-art secure multi-party computation (garbled circuits, oblivious transfer and ORAMs), a subset of secure computation with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private.

Where could I learn more about Secure Multi-Party Computation?

Online video lectures from some of the best researchers of the field are available at the following playlists: Secure Computation and Efficiency and Advances in Practical Multiparty Computation.

Is the secure computation used in The Secure Spreadsheet carried on the cloud?

To ease adoption and provide a more trustworthy implementation, the first release of The Secure Spreadsheet targets the easiest possible setting: two-party computation between two computers, without outsourcing to the cloud.

Futhermore, this setting is the most secure one: you don’t have to trust that the implementation of the deployed protocols to the cloud has not been tampered with, and that the traffic isn’t being stored for later cryptanalysis.

Why isn't The Secure Spreadsheet implementing homomorphic encryption?

Homomorphic encryption is order of magnitudes slower than modern Secure Multi-Party Computation, and its real world deployment will probably take 5-10 years.

What hardware is recommended to run The Secure Spreadsheet?

The recommended settings are:

  • the CPU should support the AES/NI instruction set
  • a network with the lowest possible latency and large bandwidth (very low latency is preferred to ample bandwidth)
  • the higher the number of CPUs/cores, the more concurrent secure computations can be carried out: but please note that they could quickly saturate the network interfaces, with the unintended consequence of slowing down all the computations.

How could attacks be prevented?

There are a number of measures to prevent attacks:

  • use cleanly installed PCs to prevent trojans
  • check that the binaries haven’t been modified
  • to prevent network traffic from being sniffed for later cryptanalysis, use optical fibers or shielded cables and visually inspect the network connections
  • use Tempest-proof monitors

Is recalculation automatic for any of the securely computed results?

No. Since secure computation is computationally demanding, all securely computed results must be explicitly recalculated.

Will Calctopia liberate source code?

Yes, the cryptographic engine doing the secure computations will be opensourced, with enough instructions to compile it and replace the library of the published program.

Does the current version of The Secure Spreadsheet implement a secure version of VBA/macros?