# Absentia: Submit-and-go secure function evaluation

Aim: Verifiable computation is utilized when a party outsources its computation and wants to verify that the result it received is correct. While one of the main motivations of outsourcing the computation is that the outsourcing party does not have enough computation power, another reason is that the computation may involve inputs from other parties too. In this work, our main motivation is based on the latter, where we want to perform secure function evaluation (SFE). For instance, the involving parties may be research centers that have medical data and they want to compare these records in order to offer a better treatment. Another setting can be the case where the parties have location data and they want to find the similarity of their trajectories. Moreover, the parties may have banking data and they may want to perform certain arithmetic operations on their joint inputs to analyze them. In these examples, the input data to the common function is considered as sensitive and private.

SFE describes a setting where multiple parties perform a function on their joint private inputs. Arithmetic operations to find the average of the joint inputs or a certain algorithm that involves logical operations to find the similarity of the inputs can be some examples for such functions. While performing the operation, the involving parties should not learn the input of other parties. SFE enables a group of parties to jointly compute a certain function by keeping the parties’ inputs private but it has the limitation that all parties should be online to perform the computation, as several messages should be exchanged among them to realize this setting. Hence, if a party goes offline, the protocol cannot proceed to perform the computation. Utilizing blockchain for this system eliminates the aforementioned problem, as both parties can just leave their inputs to the system and the result can be computed without them being present. Absentia aims to perform SFE utilizing blockchain in order to decrease the overhead the user needs to handle, as the function can be evaluated in the absence of the parties and the result can be trusted. Ethereum will be used to realize SFE that is based on a protocol that creates a logic table with results of the function corresponding to different inputs. Here, the rows are shuffled and the rows are compared against the actual inputs of the function to determine the corresponding result. This protocol is called Mix and Match.

Ethereum helps the system to have three significant functionalities: (1) It serves as a secure bulletin board for SFE by also providing the immutability and non-equivocation properties. (2) Ethereum provides a financial compensation to the participants for the work they do. (3) The verification of the function is performed and checked by the Ethereum network. So the user does not have to perform the verification himself. In our system, the users’ inputs will be encrypted and the result that is returned will be encrypted as well. Our aim is to provide non-interactivity between the parties and obtain public verifiability.

Method:

The system utilizes Exponential ElGamal which allows additive homomorphism and the keys are generated by Distributed Key Generation (DKG) protocol. The method is summarized as follows:

1. N parties share public/private key pair by using distributed key generation and they publish the public key.

2. The logic table for the function to be evaluated is created. The table consists of rows with different input values and the results of the function corresponding to them.

3. The input values are encrypted under the public key.

4. Each ciphertext is rerandomized by either adding 0 or multiplying by 1. Each of the involving parties should perform this step and then rows should be shuffled. Non-interactive zero knowledge proof (NIZKP) should be used to prove that this step is performed correctly.

5. The users present their encrypted inputs to the system.

6. Plaintext Equality Test (PET) is performed to find the corresponding result of the inputs provided by the parties.

7. The encrypted result of the function is returned by the system.

Results: This is a work in progress towards a proof of concept. The theoretical design of our system is finished and the part related to the cryptography is implemented in Mathematica. The implementation in Solidity will be done to maintain the infrastructure to support transactions and the payments. Moreover, the cost/performance evaluation for our functions will be done.

Conclusion: Absentia enhances the notion of verifiable computation by utilizing blockchain to decrease the job that the involving parties have to do. In our setting, the parties possess private inputs and want to perform a common function, like arithmetic or logical operations or certain algorithms, using their inputs. The involving parties can leave their inputs to the system, which is characterized as having submit-and-go property and make sure that the result returned actually corresponds to the desired function applied on the inputs supplied by the parties. Submit-and-go property of the proposed scheme provides convenience to the parties in the protocol, as this property eliminates the need for the parties to be present at the same time to perform the function. Hence, our proposed system enables parties to compute a certain function using their private inputs, without them having to be present and this provides a significant improvement in terms of decreasing the overhead that the parties should handle.