CarbyneStackCon '23¶

Carbyne Stack is envisioned as a cloud-native operating system for MPC workloads, managing resources to make them run as efficiently as possible in real-world multi-cloud deployments. From a business perspective, it's the seed for an upcoming open ecosystem of technology building blocks that will accelerate the development and adoption of MPC technology across industries. This talk will cover various aspects of this vision and review how far the Carbyne Stack community has come towards making the vision a reality.

We set out to make deploying Carbyne Stack as simple as running a single script to launch an entire infrastructure on every major cloud, including on your local machine. Infrastructure as Code (IaC) transforms the deployment experience by shifting from manual infrastructure management to code-driven automation. Cloud Development Kit for Terraform (CDKTF) takes this evolution further, offering developers an intuitive and familiar programming language interface to define infrastructure.

In this talk, I'll share some real world challenges faced in deploying multi-party-computation in machine learning (from time at Dropout Labs working on tf-encrypted and Moose). Some of these challenges are likely familiar to the audience or users of Carbyne Stack, including:

• Authorization and Identity Services in a Multi-Trust Environment
• Data Preprocessing
• Safe Debugging
• Computation Auditing
• Brokering Trust across Data Partners

I'll be sharing my personal opinion on these challenges as well as some potential suggestions for future exploration.

Carbyne Stack promises to bring multi-party computation into the cloud-native world. Constellation promises to bring the security of on-prem data centers into the cloud. This session will show that both projects make good on their promises and how different privacy enhancing technologies can be stacked. We will learn about the guarantees Constellation provides, and how easy it is to deploy Carbyne Stack on a production cluster.

Sharemind MPC is a multi-party computation framework that was started in 2007. It supports MPC schemes with different number of parties and adversary models and is focused on practicality by creating the SecreC programming language so non-cryptographers can write MPC programs. Recently, we decided to integrate Sharemind's machine-optimized protocols into Carbyne Stack. In the talk, we'll go over the current feature set of Sharemind MPC, why we decided to go with the integration route and the integration roadmap.

State-of-the-art MPC protocols consist of two phases: An input-independent offline phase, which uses heavyweight cryptographic tools to generate so-called cryptographic randomness in advance, which is consumed later during an online phase, where the actual function is computed very efficiently using only lightweight operations. This talk will cover how Carbyne Stack implements the offline phase in a scalable, extensible, and Kubernetes-native way by relying on the well-known Kubernetes Operator pattern.

Secure two-party computation allows two parties to securely compute a function on their respective private inputs. It allows to preserve privacy in applications that involve a client and a single server. In this talk, I will give an overview on recent advances in the area of secure two-party computation. In particular, I will focus on the setting with semi-honest parties, which allows to construct the most efficient protocols. I will summarize two recent research results from the ENCRYPTO group: ABY2.0 (USENIX Security’21) allows highly efficient secure evaluation of Boolean circuits with multi-input AND gates and vector products, and FLUTE (IEEE S&P’23) extends these results to multi-input lookup tables. Among many other applications, these protocols substantially improve efficiency of privacy-preserving machine learning.

Load testing is an integral part of the software development lifecycle, allowing for the evaluation of system performance under stress in a controlled environment. Caliper is our custom-tailored Load-Testing-as-Code (LTaC) tool based on Gatling, developed to test Carbyne Stack's robustness and enable continuous performance validation. This talk will cover how Caliper is used to assess the effectiveness of a Carbyne Stack VPC deployment by allowing scenario testing that mirrors actual operational loads, as well as Caliper's integration into an automated testing process, to match the continuous evolution of the Carbyne Stack platform.

Secure multi-party computation (MPC) is the technological enabler to protect data in use and unlock enterprise collaborations on confidential data. In the EU project Glaciation, MPC is key for SAP Security Research to ensure privacy-preserving data operations across the edge-to-cloud continuum. Here, Carbyne Stack is the cloud-native MPC solution to deploy, scale, and evaluate our research efforts and realize our use case. Specifically, we investigate how to augment MPC (to protect inputs) with differential privacy (to limit inference from outputs) in the context of collaborative machine learning across companies. Join us in this talk, to hear about the intersection of secure computation, differential privacy, and the technological foundation and enabler that is Carbyne Stack.

With speed, cost, and privacy advantages, federated learning is emerging as an alternative to centralized ML approaches. However, without additional safeguards, federated learning won't live up to its promise, as it is vulnerable to privacy attacks and model theft. Our open-source Flower extension for privacy-preserving federated learning called Nettle fills this gap by deploying additional layers of defense. By integrating with our open-source Carbyne Stack Secure Multiparty Computation (MPC) platform, Nettle can effectively protect against privacy attacks via MPC-based Secure Aggregation. In addition, Nettle deploys Confidential Computing to protect valuable ML models from unauthorized model extraction on the client. In this talk, we describe the concepts behind Nettle, which are based on the idea of splitting the role of the Flower server into the three distinct roles of model owner, orchestrator, and aggregator. We show how we leveraged Flower's extensibility mechanisms to enable straightforward integration with the Carbyne Stack MPC services providing a scalable backend for Secure Aggregation. We describe how Confidential Computing enclaves and remote attestation are used in Nettle to ensure that the model owner retains full control over the ML model throughout the whole distributed learning process. Finally, we give a preview on what is to come for Nettle in the future.

With the recent advancements in WebAssembly, specifically the WebAssembly System Interface (WASI), we set out to build cross-language Carbyne Stack clients utilizing Rust as the primary programming language and compiling into WebAssembly (Wasm). The objective is to create a universal client framework that seamlessly integrates with various programming languages supporting WebAssembly through automated build and release processes. This will allow use cases to be built rapidly without needing glue code.

This presentation will delve into legal perspectives and policy developments relevant to Open Source Secure Multiparty Computation. It aims to provide a comprehensive overview of the significance of Privacy-Enhancing Technologies (PETs) and Secure Multiparty Computation (SMPC) within the broader context of privacy, security, and AI regulation. Participants will gain valuable insights into global policies and initiatives that advocate for the adoption of PETs. Furthermore, it will shed light on the anticipated implications of the forthcoming EU AI Act on Open Source Secure Multiparty Computation. Additionally, it will underscore the critical role of privacy-preserving machine learning in ensuring the responsible use of AI.

Currently, Carbyne Stack use cases revolve around B2B with organizations providing secrets from databases and machines. To open use cases involving human input, we set out to build a browser extension to perform the secret sharing on captured human input. This approach empowers any web application to solicit secret input from a human without necessitating trust in the web application itself — instead, trust is placed solely in the extension.

Bosch Research is currently implementing an authentication system for Carbyne Stack and is working on a proposal to add a flexible authorization layer to Carbyne Stack that specifically takes into account the decentralized and distributed nature of MPC systems. In this workshop, the current state of these initiatives and the way forward will be discussed.

In recent years, milestones in the efficiency of MPC protocols have paved the way for the use of MPC in a wide range of applications. However, putting real-world MPC systems into operation is something that has not been the focus of research. It consists of several not-so-easy tasks, including finding the right set of MPC computing parties, deploying the system on heterogeneous infrastructure, and coordinating day-2 operations across administrative boundaries. In this workshop we want to collect and discuss things that make using MPC in the real world a challenging task and ideate on how Carbyne Stack could help solve them.