| CPC H04L 9/085 (2013.01) [H04L 9/008 (2013.01)] | 16 Claims |
|
1. A computer-implemented method for providing a distributed data processing service for performing a secure multiparty computation of a function on at least first and second items of private input data using at least a first and a second computing engine communicatively coupled via a communication network, the method comprising the following steps:
establishing, using the first computing engine, the distributed data processing service by binding at least the second computing engine to the first computing engine;
generating, using a distributed cryptographic generation service provided by first and second cryptographic engines managed by the first and second computing engines, respectively, a plurality of cryptographic primitives required during an online phase of the secure multiparty computation, wherein a proportion of the cryptographic primitives are generated during an offline phase prior to the secure multiparty computation, and the plurality of cryptographic primitives are stored by a distributed cryptographic data store service provided by corresponding at least first and second cryptographic data stores managed by the first and second computing engines, respectively;
obtaining, by the distributed data processing service, service invocations of a secure multiparty computation and at least first and second items of private input data;
storing the at least first and second items of private input data in a distributed object store service of the distributed data processing service provided by at least first and second object store engines managed by the first and second computing engines, respectively;
performing, during an online phase, a distributed secure multiparty computation on at least the first and second items of private input data using a distributed multiparty computation service of the distributed data processing service provided by first and second multiparty computing engines managed by the respective first and second computing engines, wherein the first multiparty computing engine performs the secure multiparty computation together with at least the second multiparty computing engine; and
storing at least one result of the secure multiparty computation via the distributed object store service, and/or outputting the at least one result to at least a first or second client;
using the cryptographic primitives by:
transmitting, from the first computing engine to at least the second computing engine, a cryptographic primitive reservation request;
marking the cryptographic primitives in the cryptographic data store of the second computing engine referenced by the cryptographic primitive reservation as reserved;
activating, in the first and second computing engines, the cryptographic primitives referenced by the cryptographic primitive reservation when the first computing engine determines that the cryptographic primitive reservation has been successfully shared with at least the second computing engine;
once the requested cryptographic primitives have been sent to the first computing engine, marking the corresponding cryptographic primitives in the second computing engine as consumed.
|