Semi-Honest / Dual-Execution: There are two security models available: semi-honest, which assumes that neither party deviates from the security protocols (ie. the binaries are not tampered); and dual-execution, that tolerates any kind of malicious deviation from the security protocols, but the attacker may only learn only one random bit of the inputs. Given the current state of the art on secure computation, Dual-Execution is the preferred technique to prevent attacks from malicious parties since it only uses one additional core/CPU: using other techniques to prevent that potential leak of one input bit to an attacker, many more cores are required than are currently available on a modern computer. More details on the theoretical details of the cryptography used can be found at the following publications: Payman Mohassel and Matthew Franklin, Efficiency Tradeoffs for Malicious Two-Party Computation; Yan Huang and Jonathan Katz and David Evans, Quid Pro Quo-Protocols: Strengthening Semi-Honest Protocols with Dual Execution; Samee Zahur, Mike Rosulek and David Evans, Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits using Half Gates; Yehuda Lindell and Benny Pinkas, A Proof of Security of Yao’s Protocol for Two-Party Computation; Andrew C. Yao, Protocols for Secure Computations.
Before any secure computation, it’s recommend that both parties inspect each other in order to validate that computers/binaries have not been tampered: this is actually the best practical countermeasure against any kind of attack.
32/64 bit: secure computations can be carried out with 32 bits of precision or with 64 bits of precision (note that Excel only uses 64 bits of precision). If you want to trade off precision for speed, choose 32 bits of precision.
Before any secure computation, both parties must agree on the same security options: if any party deviates, correct results are not guaranteed.
- The Secure Spreadsheet assumes that there are secure channels between both computers: either a tightly-controlled LAN is used, or some form of VPN has been setup. The current version of The Secure Spreadsheet considers the establishment of said secure channels to be out of scope of the program, since users should provide secure channels specific to their network configuration with better performance than standard encrypted channels would provide.
- Some functions are calculated by literally thousands of iterations (eg. the statistical functions): to speed-up their secure computation, the checking condition of every iteration is revealed to both parties to prevent the prohibitive calculation of all the iterations. Note that this Early Termination optimization is standard on the cryptographic literature (M. Sadegh Riazi, Ebrahim M. Songhori, Ahmad-Reza Sadeghi, Thomas Schneider and Farinaz Koushanfar, Toward Practical Secure Stable Matching): the only information revealed is the number of iterations (from which the inputs cannot be inferred).