Empirical Evaluation of Secure Two-Party Computation Models

Secure multi-party protocols make the computation of answers and decisions that depend on multiple parties’ private data possible, without revealing anything about the private inputs (other than what unavoidably can be deduced from the outputs). There are general results showing that any probabilistic polynomial time function can be computed in this framework in an asymptotically efficient manner, using circuit-simulation techniques. There is a frequent belief that these general circuit-simulation techniques are not practical compared to custom-built (i.e., problem-specific) solutions, unless the function being computed has a naturally circuit-like formulation. This paper carries out a quantitative empirical evaluation of this belief, for a problem that would apparently benefit from a custom-built protocol (forecasting using time series techniques). Our findings are somewhat surprising in the following aspects. First, the custom-built solution does not overcome the general circuit-simulation solution on a local network until the problem size becomes quite large. Second, relaxing (even slightly) the requirement that, instead of “nothing”, the protocols reveal “little” makes possible dramatic performance improvements over the solutions for the more strict requirement (whether they are custom-built or based on general circuit simulations). Third, other aspects (such as, e.g., system resources available) play a significant role in evaluation of a computational model. This paper describes the subtle implementation issues involved with this evaluation, presents its results, and talks about the lessons learned that should be valuable in future deployments of this kind of technology.