EAGER: SaTC: Early-Stage Interdisciplinary Collaboration: Multi-regulation computation

EAGER：SaTC：早期跨学科合作：多规则计算

• 批准号: 1915763
• 负责人: Mayank Varia
• 金额: $ 30万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-06-01 至 2024-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1915763&HistoricalAwards=false
• 关键词: EAGER; SaTC; Early; Stage; Interdisciplinary

This interdisciplinary project investigates whether existing cryptographic techniques for analyzing siloed data comport with participants' legal restrictions on data disclosure. Secure multi-party computation (MPC) is a technique from cryptography that allows several participants, each with sensitive information, to analyze their data collectively without ever sharing it. Several companies, governments, and non-profit organizations have adopted MPC to provide people with socially beneficial information (e.g., computing the city-wide wage gap while hiding individual salaries) that may otherwise be impossible or near-impossible to learn due to the sensitivity of the raw data. MPC is well-suited toward analyses of protected education, healthcare, or judicial data; however, deployments of MPC in these areas are scarce, in part due to the difficulty of assessing whether MPC technology suffices to meet legal regulations on the disclosure of data that includes personally identifiable information. The core question for this project is to develop MPC technology that simultaneously provides cryptographic and legal protection of sensitive input data.This project has three phases, with a bidirectional flow of knowledge among cybersecurity and legal researchers in each phase. First, the investigators are identifying use cases in which information to be analyzed using MPC algorithms is subject to multiple state, federal, and international regulations that impose privacy restrictions and limit data sharing, and they examine the relevant legal constraints on information use. Second, the investigators are designing MPC protocols that, in addition to the usual cryptographic security notion that each party's view can be simulated, also guarantee the impossibility of reconstructing any legally-protected information under legally-compliant assumptions of trust and collusion. Third, the investigators are examining critically whether the newly-developed protocols provide sufficient protection to allow parties to use regulated data without triggering additional legal constraints on data use, by analyzing the legal requirements and potential policy objections. This three-phase process will pave the way for greater adoption of MPC by demonstrating to the legal community that MPC can improve data analysis without triggering additional burdensome legal obligations or policy concerns.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这个跨学科的项目调查现有的用于分析孤立数据的密码技术是否符合参与者对数据披露的法律限制。安全多方计算(MPC)是一种来自密码学的技术，允许多个参与者(每个参与者都拥有敏感信息)集体分析他们的数据，而不需要共享数据。一些公司、政府和非营利组织已经采用MPC来为人们提供社会有益的信息(例如，计算全市的工资差距，同时隐藏个人工资)，否则由于原始数据的敏感性，这些信息可能不可能或几乎不可能了解。MPC非常适合分析受保护的教育、医疗保健或司法数据；然而，在这些领域部署MPC的情况很少，部分原因是很难评估MPC技术是否足以满足有关披露包括个人身份信息的数据的法律规定。该项目的核心问题是开发同时为敏感输入数据提供加密和法律保护的MPC技术。该项目分为三个阶段，每个阶段网络安全和法律研究人员之间的知识双向流动。首先，调查人员正在确定使用MPC算法分析的信息受制于多个州、联邦和国际法规的用例，这些法规施加隐私限制并限制数据共享，他们还检查了信息使用的相关法律限制。其次，调查人员正在设计MPC协议，除了通常的密码安全概念--每一方的观点都可以被模拟--之外，还保证不可能在符合法律规定的信任和共谋假设下重建任何受法律保护的信息。第三，调查人员正在通过分析法律要求和潜在的政策反对意见，严格审查新开发的议定书是否提供了足够的保护，允许各方使用受监管的数据，而不会引发对数据使用的额外法律限制。这三个阶段的过程将为更多地采用MPC铺平道路，向法律界证明MPC可以在不引发额外负担的法律义务或政策问题的情况下改进数据分析。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Bridging the Computer Science-Law Divide

弥合计算机科学与法律的鸿沟

• 发表时间: 2022
• 期刊: 2nd ACM Symposium on Computer Science and Law
• 作者: Bestavros, Azer;Dogan, Stacey;Ohm, Paul;Sellars, Andrew
• 通讯作者: Sellars, Andrew

Formalizing Human Ingenuity: A Quantitative Framework for Copyright Law’s Substantial Similarity

人类创造力的形式化：版权法实质性相似性的定量框架

• 发表时间: 2022
• 期刊: 2nd ACM Symposium on Computer Science and Law
• 作者: Scheffler, Sarah;Tromer, Eran;Varia, Mayank
• 通讯作者: Varia, Mayank

TurboIKOS: Improved Non-interactive Zero Knowledge and Post-Quantum Signatures

• DOI: 10.1007/978-3-030-78375-4_15
• 发表时间: 2021
• 作者: Yaron Gvili;Julie Ha;Sarah Scheffler;Mayank Varia;Ziling Yang;Xinyuan Zhang

Anonymous Collocation Discovery: Harnessing Privacy to Tame the Coronavirus

匿名搭配发现：利用隐私来驯服冠状病毒

• 发表时间: 2020
• 期刊: ArXivorg
• 作者: Canetti, Ran;Trachtenberg, Ari;Varia, Mayank
• 通讯作者: Varia, Mayank

Can the Government Compel Decryption? Don’t Trust — Verify

政府可以强制解密吗？

• 发表时间: 2022
• 期刊: 2nd ACM Symposium on Computer Science and Law
• 作者: Cohen, Aloni;Scheffler, Sarah;Varia, Mayank
• 通讯作者: Varia, Mayank