Secure Multiparty Computation Language

SMCL has been discontinued

The SMCL language and implementation has not been under development for a number of years. The code is no longer in an executable state. You are encouraged to look at VIFF, if you are interested in implementing secure multiparty computation protocols.

Short Introduction

The Secure Multiparty Computation Language is a domain specific programming language for secure multiparty computation. SMCL is developed as part of the project in Secure Information Management and Processing, SIMAP.

Introduction

Information is a resource of vital importance and considerable economic value to individuals, public administration, and private companies. This means that confidentiality, i.e. the protection of confidential information from unwanted leakage, is an important security issue. At the same time, however, it is often possible to obtain significant added value by combining confidential information from different sources. The promise of Secure Multiparty Computation (SMC) is to get the best of both worlds: the advantages of information sharing without the risks of unwanted leakages.
The seminal example of SMC is the Millionaries' Problem, which involves a number of millionaires who want to find out which is richer, but all refuse to disclose their net worth. A conventional solution would involve an external trusted party that could perform the comparisons and report the result. Yao presented a cryptographic solution for two millionaires that does not require an external party or any degree of trust between the two parties. The technique is essentially to perform computations on the data while it is encrypted and to control strictly when and how the resulting information is revealed. These techniques have subsequently been extended to cover comparisons, arithmetic, and bitwise operations.
There are significant benefits from eliminating the reliance on trusted parties. The only known method for making external parties trustworthy is essentially to compensate them so adequately that the temptation to betray other parties is minimized. This imposes a significant overhead that prohibits their involvement in many situations. In parody, trusted parties generally receive huge fees for opening envelopes and announcing the highest bids.

SIMAP

The SIMAP project aims to make SMC a practical and inexpensive technique for complex applications. Examples include distributed voting, private bidding and auctions, and business processes such as matchmaking and financial benchmarking. The SIMAP project has three main components: 1) the development of an efficient cryptographic runtime (SMCR) supporting the required primitive operations, 2) a domain-specific high-level language (SMCL) for specifying computations that are compiled into distributed applications based on SMCR, and 3) the development and deployment of large-scale applications in collaboration with industrial partners. This work presents the initial design and implementation of the SMCL language.

Presentations

Papers

Related Work

The Millionaires Example (Yao '82):
Given a group of millionaires: who is the richest? they all want to know, but will not disclose their net worth they don't trust each other or a third party how can we then find the richest?

The solution is to use cryptography: encrypt the net worth figures perform the comparisons on encrypted data this requires collaboration of all parties the result is an encrypted bit for each millionaire.

The problem is easily solved using the SMCL program below: 

declare client Millionaires:
  tunnel of sint netWorth;

  function void main(int[] args) { 
    ask(); 
  }

  function void ask() {
    netWorth.put(readInt());
  }

  function void tell(bool b) {
    if (b)
      display("You are the richest!");
    else
      display("Make more money!");
  }
           
declare server Max:

  group of Millionaires mills;

  function void main(int[] args) {

    sint max = 0;
    sclient rich = null;

    foreach (Client c in mills) {
      sint netWorth = c.netWorth.get();
      if (netWorth >= max) {
	max = netWorth;
	rich = c;
      }
    }

    foreach (client c in mills) {
      c.tell(open(c==rich|rich)); 
    }
  }