Secure Computation: From Theory to Practice and Back Again

Protocols for secure multi-party computation (MPC) allow a collection of mutually distrusting parties to compute a function of their private inputs without revealing anything else about their inputs to each other. Secure computation was shown to be feasible 35 years ago, but only in the past decade has its efficiency been improved to the point where it has been implemented and, more recently, begun to be used. This real-world deployment of secure computation suggests new applications and raises new questions. This talk will survey some recent work at the intersection of the theory and practice of MPC. First, I will describe a surprising application of secure computation to the construction of Picnic, a "post-quantum" signature scheme currently under consideration by NIST for standardization. Next, I will discuss work -- motivated by insecure practices in existing libraries for secure computation -- that explores efficient and sound ways of instantiating hash functions in MPC protocols.