Trust and Security in Numbers

The fellowship will examine the science, technology and application of Multi-Party Computation technology in various application domains. MPC is a long standing theoretical construct, which is only now becoming practically realisable. It has the potential to revolutionize the way we enable trust in our computing infrastructure (by distributing trust amongst different parties). It will enable greater privacy aware applications, (by enabling parties to compute on data without holding it `in the clear'), and it will ensure greater security (by providing robust and secure protocols for tasks currently performed in an insecure and ad-hoc manner). It can also enable new business models and applications by allowing parties who currently do not share data resources, to share the said resources without compromising on either privacy or security.

The research programme covers a pipeline of work covering the lower TRL levels. We will conduct basic scientific research in the underlying mathematics and protocols, we will conduct research in the systems engineering needed to bring such protocols to an efficient reality, including work on programming tools and models, and finally we will examine potential applications via demonstrators and our industrial advisory board (all of whome have been selected due to their long term interaction with our group and their expertise in specific application domains of MPC).

As explained in the main documentation we aim to provide impact in four key directions:

1) Communication and Dissemination.
2) Public Impact.
3) Industrial Engagement.
4) Human Capital Creation.

In the main document we expand on these in more detail. Here we simply cover the main points due to lack of space.

Communication and Dissemination. The primary form of written dissemination will be journal and conference publication, and accepted online resources such as the IACR e-print archive. The nature of research in computer security is that timely publication in relevant conferences is more important than journal publications, and the important conferences such as Eurocrypt, Crypto and ACM CCS, are often as competitive and as prestigious as a leading journal. In addition these conferences sometimes have a sizeable industrial participation compared to normal academic conferences. Hence, we will try and target our publications to these conferences, so as to obtain the greatest impact. We feel that attendance at the major, high-profile conferences is crucial for all staff on the project, since it enables establishment of a collaborative network of peers.

Public Impact. We aim to maintain this profile, by selecting appropriate press releases to mirror with our publication pipeline. At UoB we believe that research results should be explained to the public who ultimately fund the research. Thus we are committed to public engagement activities and school interaction: we feel this is the best way to enthuse the next generation about our subjects, and hence to develop the next generation of researchers.

Industrial Engagement. UoB has undertaken an initiative to improve the rate and quality of spinout companies to capitalise on existing and future research and IP. Two such companies, Identum (purchased by Trend Micro in 2008) and XMOS, represent the result of this initiative. Prof. Smart was one of the academics behind Identum, which resulted in the commercialisation of academic research within UoB being used to support a new company. Upon the purchase by Trend Micro, the ex-Identum Bristol-based team have now become the worldwide cryptographic centre of expertise for Trend Micro. More recently, Smart and Lindell co-founded Dyadic Security, a startup company developing solutions in distributed cryptography, an area closely related to MPC.

The technology we will develop is very much a horizontal technology (having wide application over a range of possible areas). Most small companies with interests in this area are concentrated on narrow vertical markets. For example Cybernetica (Estonia) concentrates on secure databases, Dyadic Security (Israel) on anti-server breach technologies, and Partisia (Denmark) on secure market/auction design. Larger companies with interests in MPC also have a very specific focus.

Rather than putting our eggs, so to speak, in a single vertical basket we have decided to continue the development of a horizontal technology and then leverage our connections within these companies to ensure that potential applications of the technology are exploited in the most efficient manner possible. The use of seminars, blogs, and engagement via other work with potential industrial users will enable the evangelising of the work in the project. This will be backed up by potential exploitation routes; supported by the University's Research Enterprise and Development organization.

Human Capital Creation. In our view one of the main goals of projects such as this is the training of the next generation of researchers. We feel it important to take a long-term view of research impact. The group at UoB have a long track record of developing human capital, with previous PDRAs having progressed into a wide variety of high-ranking employment. Indeed the long term impact of the type of research in this proposal is more likely to come from the human capital we create, rather than the specific technologies.