Canon-MPC, a system for casual non-interactive secure multi-party computation using native client

This work intends to bring secure multi-party computation to the masses by designing and implementing a browser-based system that enables non-interactive secure computation. The system, denoted Canon-MPC for "CAsual NON-interactive secure Multi-Party Computation", is casual in the sense that participants do not need to install any software and do not need to agree on a time in which they all have to be online in order to run the computation. Rather, each participant can use a web browser to participate in the secure computation. The protocol is executed in a single pass between the participants. Each participant connects to a server once, without requiring other participants to be connected to the server at the same time. The system is appropriate for use by laypersons, since there is no need to install or configure any software except for a web browser. The system is based on a protocol of Halevi et al. (Crypto 2011) for secure computation of symmetric binary functions, that is secure against malicious adversaries. We optimized the protocol using a batching technique for zero-knowledge proofs that greatly reduces their overhead. We implemented a web site and client software for running the protocol, where the client was implemented using Native Client technology for running native code in a sandbox from within a web browser. We demonstrate that this technology is ideal for cryptographic applications. We describe experiments measuring the performance of the system. Lastly, we describe a variant of the protocol that can handle absentee parties, who were invited to participate in the protocol but did not show up.