Supervisor:
Sven Laur (PhD) TÜ arvutiteaduse instituudi vanemteadur.
Opponents:
Professor Nigel P. Smart (Bristoli Ülikool /University of Bristol)
Dr. Ir. Berry Schoenmakers (Eindhoveni Tehnoloogia Ülikool / Eindhoven University of Technology)
Summary:
Imagine the leader of a state who wants to make wise choices on how to use
the nation?s budget and also wants to know, how these decisions pay off. For
this, the leader needs data from the citizens and the companies. Often, this
data is private to a person (like financial status and health) or a business
secret to a company. In a modern society, there are limits on how much a
government can learn about its subjects before the power given by knowing too
much starts to erode the freedom of the people.
The goal of this work is to allow sensitive data to be processed while
preserving the confidentiality of the data owner. We achieve this by using
secure multiparty computation. Secure multiparty computation is a
cryptographic technique that allows digital information to be processed
without letting the person who is doing the processing see the values or
associate them with their source. We can use this technology to collect data,
analyze it and publish the aggregated result without compromising the privacy
of the people.
The thesis introduces Sharemind ? a framework for creating secure data
processing applications. Sharemind is based on new secure multiparty
computation protocol suite that can be efficiently executed on current
computing technology. The thesis discusses the security guarantees that
Sharemind provides and measures its performance on digital computers.
The secure computation protocols of Sharemind can be freely reordered to
calculate many statistical functions or to evaluate more complex algorithms
on the data. The thesis presents SecreC ? a programming language for
simplifying the use of Sharemind in applications. Sharemind has been used for
building several research prototypes that demonstrate privacy preserving
statistics and data mining techniques. In addition, Sharemind has been used
to implement the first real-world secure multiparty computation application
that worked using the public internet. The application has been used for
financial reporting by the Estonian Association of Information Technology and
Telecommunications.
The methods described in this thesis can help both the government and
companies in securely processing confidential information.