In this three-part blog series, Professor Jesper Buus Nielsen, Chief Cryptographic System Designer at Partisia Blockchain, will examine the relationship between blockchain and secure multiparty computation (MPC). The first in this series will endeavour to lay out the foundations of this relationship, the second will ask ‘What can MPC do for Blockchain?’ and the final part will ask ‘What can Blockchain do for MPC?’.
Part 1: MPC and Blockchain: A Match Made In Heaven?
Before we analyze the relationship between MPC technology and blockchain, we must first ensure that we are all on the same page; let me clarify what I mean by blockchains, cryptocurrencies, accounts, and smart contracts.
A blockchain is, at its core, a public bulletin board or global ledger. It is typically implemented using wide distribution among servers known as bakers or miners. Each baker keeps a copy of the ledger. Anyone can post messages on the ledger by giving the message to a baker which will pass it on to its peers, thus entering it into the ledger. The blockchain also takes care of ensuring that all bakers agree on the order of the messages posted. Anyone can read the ordered list of messages by contacting a baker. Everyone in the world can thus ideally agree on what was written to the ledger and in which order.
The state of the ledger is in principle just the ordered list of messages posted to it. We say that the blockchain implements a totally-ordered broadcast channel. However, we often think of these messages as defining a state of the blockchain. They can for instance define some accounts with some amount of cryptocurrency on them. A cryptocurrency is just the name of the currency, like “Bitcoin” and a list of account names along with the number of coins on each account. To allow access control to who can take coins from an account, it is typically protected by a secret key. The account name is the verification key of a signature scheme and outgoing transactions from the account need to be signed by the corresponding secret key.
Accounts can have smart contracts associated with them. In Bitcoin, smart contracts are called scripts. Smart contracts are just pieces of code in some specialized programming language of the blockchain. To associate a smart contract with an account, a special message is sent on the blockchain. To associate a smart contract with a given account it needs to be signed by this account’s secret key. This is to ensure that only the owner of an account can program it. A smart contract also has a public state associated with it. This state might evolve in response to some of the messages posted on the ledger. In response to a changed state the smart contract might also authorize movement of cryptocurrency away from the account and/or send data signals to other smart contracts.
There are many imagined benefits and uses of blockchains. One of the features that is often highlighted is that their distributed nature builds trust. If no one can control or disrupt the blockchain, then everyone can trust it. This establishes a ubiquitous, global ledger which can be used to establish trust and transparency across countries and organizations. If you can program, then you can use the blockchain to make a self-enforcing contract with a person you just met for the first time on the street, or online. In today’s business and legal environments building trust can be expensive. Building trust using a blockchain can be cheap. Smart contracts give us fully programmable money. One can program, transact, and tinker with money and contracts as seamlessly as we do with data on today’s internet. This will allow us to do many types of transactions that we do not do today. An important aspect of fully programmable money is that it allows to manipulate data and money atomically. It is possible to atomically move ownership of a house and its payment. This atomicity will allow optimization of many types of transactions done today. Many more advantages of blockchains are being promoted, but here we will focus on the technical aspects.
One of the main disadvantages of MPC which is often mentioned is the lack of privacy. Everything happens in plain view on a public ledger. In comes MPC.
An MPC Blockchain?
MPC and blockchains are a suitable fit for each other because they both ensure security via distribution. In some senses, blockchain can be seen as a special case of MPC. MPC can securely perform any computation on distributed data. If you can write a program which does the task you want to compute, then MPC can compile it into a secure distributed system performing the computation on distributed data without the data ever leaving the servers they were on from the beginning. Blockchains are about keeping score of accounts and data and computing on these. We can surely write that as a program. There is an array of accounts. Each account has a verification key and a balance. Smart contracts can be associated and we can write down an execution model for these. Then push the MPC button and you have a blockchain. An added benefit is that your MPC blockchain would be ultimately security: the system does not leak the balance of the account, nor the code of the smart contracts or their states. All that would be leaked is the intended outputs. We might for instance look up who owns a house without having to leak who sold it to the current owner or for how much. If you are implementing a cryptocurrency you could also run diagnostics inside the MPC across all transactions to identify money laundering. The output of the system would only be the suspicious transactions. At no point would any information on honest transactions be leaked or be present on a single machine. You could imagine “uploading” your personal or company data to a platform like this and selling access to using your data as input in surveys, statistics, or machine learning. The transparency of the MPC blockchain would allow you to define who can compute what on your data and for what price. In the end the data would never leave your control and only the desirable aggregate results would be leaked.
The applications are endless!
The big obstacle in the way of this, however, is efficiency. When taking a program and compiling it into an ultimately secure distributed system using MPC, this system is many orders of magnitude less efficient than if you had run the program on a single machine. In addition, some of the technical problems you have to solve to implement wide scale MPC are already solved by blockchains, for instance the distributed consensus problem. To build a wide scale MPC you would have to first build a basic non-privacy enhanced version of a blockchain anyway. MPC and basic blockchains should therefore be seen as complementary technologies enhancing each other. But from this, an interesting question arises; Assume we already know how to build a basic blockchain. Assume that we already know how to build a good MPC for a setting with some fixed set of servers. How do we securely and efficiently combine these technologies to build something like the ultimately secure MPC blockchain we imagined above? The answer to this question will be explored in part two of this blog series coming shortly so stay tuned!