Secure Finance: Unleashing AI with Multi-Party Computation

Currently, financial institutions are working at cross-purposes. On the one hand, they want to mine customer data for every scrap of information that could make them competitive. But on the other hand, they have a duty (and competitive need) to maintain privacy. Financial institutions shouldn’t be creeping around inside accounts and sending their data to analytics firms without their customers’ consent.?

That’s where Multi-Party Computation (MPC) can help. This technology allows financial institutions to extract information and use it for collective analysis without breaching individual privacy, something that’s particularly important for security in the age of artificial intelligence (AI).?

This post explains MPC’s role in the financial services sector, its benefits, some challenges, and its future in the industry. Throughout, we consider the interplay of MPC with AI technologies and how they can complement each other.

Demystifying Multi-Party Computation

MPC can seem confusing when you first encounter it. The combination of mathematical complexity, cryptography, and abstract concepts makes it a hard read. However, once you appreciate the underlying principles, you begin to see its utility.?

The academic literature on MPC emerged in the 1980s. Researchers wanted to know if there was a way for people who don’t trust each other to use their private information to produce a public output that would maintain their privacy.?

Historically, that meant going to a trusted third party, like a bank or legal professional. Parties would reveal their private information to this entity and then trust it to produce some sort of aggregate “output” that wouldn’t disclose any individual’s data.?

MPC’s beauty is that it eliminates the need for a trusted third party with cryptography. Even if non-trusted parties are adversarial, honest parties can always maintain their privacy.?

For example, suppose that Doug, Bob, and Rich want to bid on the same house. Historically, these individuals would submit private bids to a trusted third party, like an auction house. Auctioneers would then keep this information hidden until revealing the winning bid to ensure a fair auction where everyone bids what they think the property is worth. With MPC, the process is the same, except there is no requirement for a trusted third party.?

Another example might be secure data analysis for a group of firms. Individual companies don’t want to reveal their sales and revenue information to their rivals but do want data on how they are performing relative to the industry average.

Before MPC, these companies would submit information to a trusted industry body with a track record of privacy. That entity would then take all their inputs and create an output, like total industry sales.?

However, MPC eliminates the requirement for an incorruptible third party by building cryptography into the system. Even bad actors cannot discover private information about other firms using this approach.?

Mathematically, you can think of MPCs as turning the data of N inputs, dN, into a privacy-preserving output function: f(dN). Individual participants know their data, di, but they don’t know the data N1dj,ji held by other participants.?

Papers addressing multi-party computation emerged in the early 1980s to address the “millionaire’s problem.” Researchers wanted to find a way to prevent wealthy individuals from having to reveal their financial information while enabling calculations of group-wide statistics, such as average income (similar to the firm revenue data above).?

Early attempts culminated in various academic papers in 1986 and 1987 by Andrew Yao and Goldreich, Micali, and Wigderson. These set the terms for two-party computation and developed them into more general multi-party models.?

Twenty years later, in 2008, a Danish auction house used these principles for the first time at scale, demonstrating you could use the technique for auctions. A year later, when Bitcoin hit the scene, practical applications of multi-party computation emerged in the form of wallets and digital asset custodians for crypto-related assets.?

The newest innovation is MPC-CMP, introduced in 2019. This approach enables parties to sign digital asset transactions in one round while solving problems with hybrid cold and hot storage methodologies. As such, MPC is becoming increasingly relevant in today's data-driven economy.

MPC at the Heart of Financial Innovation

Given the generality of MPC, it has the potential to transform the financial sector, providing customers with heightened security and reducing reliance on trusted gatekeepers. Banks, Credit Unions and fintech firms can use it for various purposes, providing additional protection while continuing to generate the outputs they require.?

For example, MPC could transform data sharing in the financial sector. Parties could come forward confidently with private information, knowing that third parties can’t access it to generate the output they want.?

Take a government department wanting to learn more about private credit flows. Before MPC, it would go to banks and ask for data directly, promising not to use or store private information. However, with MPC to shield individual transactions, banks can maintain individual privacy while giving governments data to manage credit cycles and economic policy.?

We could also see MPC used for regulatory compliance in the financial sector. Financial institutions could reveal their fraud prevention strategies to regulators without divulging private customer details. MPC could collaboratively analyze transaction data to identify patterns without disclosing any identifiable customer information at the first pass.?

Other real-world applications in finance include:?

• Confidential benchmarking: Imagine a scenario where firms want to benchmark their performance against each other, as discussed above. MPC allows companies to submit private data (the input) and generate a public function of their input that doesn’t reveal the original raw information (the output). Firms can gain valuable insights into their relative performance without revealing data that might put them at a competitive disadvantage.?
• Privacy-preserving credit scoring: Consider a situation where two financial entities have information on a specific person’s creditworthiness. Companies A and B can use MPCs to calculate a joint credit score without revealing the other party’s personal information about the customer. (Under multi-party computation, several credit bureaus could pool their data this way for a more accurate and fair credit score determination).?
• Private asset allocation assessments. Wealth management firms could use MPC-based calculations to determine client asset allocations anonymously without looking at their holdings. Firms could then provide advice without seeing the underlying raw data, protecting client confidentiality and enhancing services.?

Synergy Between MPC and AI in Finance

Naturally, there are obvious synergies between MPC and AI in the data analysis realm. Machine learning on sensitive data could improve the accuracy of forecasting analysis without compromising privacy. Combining the techniques could solve complex financial problems.?

For example, MPC and AI could work together on anti-money laundering (AML). The MPC framework would allow third parties to access underlying data and maintain privacy, while machine learning algorithms could detect subtle patterns indicating illicit transactions. Financial firms could then escalate data to law enforcement agencies without intermediaries being privy to the data.?

MPC and AI could also work together in personalized banking services. AI could evaluate spending patterns, income, and credit usage without revealing this information to banking employees. Systems could then determine optimal financial product marketing or suggestions algorithmically.?

Ultimately, combining MPC and AI enables decentralized learning on data. Engineers could train models on distributed datasets without requiring any central pooling of information prone to an attack. No party sees other parties’ raw data, but jointly they can train models.?

The dynamics for how this would work are complex. However, the basic idea is that AI would sit in nested layers, training at the company-specific level, and then training again at the global level after MPC takes effect. Function-based data outputs would provide additional information that individual, privacy-concerned players, could not glean alone.?

Unfortunately, tools that streamline MPC integration with AI are limited. Solutions like TensorFlow and PyTorch are fantastic for building artificial intelligence, but they don’t support MPC natively.?

Workarounds are possible, but AI frameworks might have limited functionality in MPC environments. Developers may experience fragmented workflows and need to learn new techniques.?

Limited MPC adoption may also create lags between adoption and AI integration. While the latter is emerging now, it may take time for researchers and companies to build standardized APIs or open-source tools that niche developers can use.?

Navigating Regulatory Waters with MPC

Navigating choppy regulatory waters is another MPC superpower. The technology could help financial institutions meet strict data protection laws and cross-jurisdictional regulatory challenges without excessive administrative overhead.?

For example, MPC could become a barrier between private customer data and anyone wanting to use that information, such as in-house staff or third parties. Financial firms could collect information, run it through MPC cryptography, and produce the desired “function” output described above.?

Overseas regulatory authorities are more likely to look favorably on such regimes. Cross-border agencies in Europe and the UK using GDPR require data minimization and user control over personal information. MPC anonymizes all data, side-stepping some GDPR data protection requirements and enabling market research without violating individual customer rights.?

However, regions are reacting differently to the advent of MPC. The emphasis in North America is more on innovation and using technology to enhance financial centers. For example, the Boston Women’s Workforce Council united with Boston University’s Hariri Institute for Computing in 2015 to analyze gender pay gaps. Previously, companies were unwilling to submit their payroll data, but MPC convinced them otherwise. The data then went on to inform the study.?

In Asia and emerging markets, the emphasis is more on collaboration. Countries with rapidly growing financial sectors use MPC to build trust and ensure that banks work together more seamlessly (as they do in developed nations). Multi-party computation lets financial institutions share information and build robust central banking and industry foundations for a more secure future, both intra- and internationally.?

Overcoming Challenges and Limitations

Of course, MPC does have technical limitations. One potential problem is the underlying “secret sharing scheme” that allows the system to maintain individual privacy under various MPC configurations.?

Malicious parties can undermine the MPC privacy assumption in Shamir secret sharing (a sharing protocol developed by Israeli cryptographer Adi Shamir). The rules under this scheme prevent MPC from defending against t<N2 passive adversaries and t<N3 active adversaries with unlimited computing power, where t represents the number of bad actors.?

Under additive secret sharing, MPC is more robust. This regime allows adversaries to control all but one party, implying a breach of privacy only when t=N or when all parties agree to break privacy.?

Computation efficiency is another significant challenge. Data had to pass through many “circuits” or Boolean expressions in early MPC systems before arriving at an output. Iterative improvements reduced the number of XOR and AND gates by orders of magnitude from Yao’s first protocol, but computational challenges remain.?

As such, most MPC protocols scale poorly with the number of customers. Even the most efficient protocols to date require the amount of communication between individuals to grow linearly with the number of players.?

Finally, various socio-economic and cultural factors discourage the adoption of MPC in financial services. Banks don’t like risk and are often unwilling to adopt new technologies they don’t understand. The nuts and bolts of MPC’s underlying mathematics and cryptography are complex, and few financiers understand how these systems work.?

The Future Landscape of Finance with MPC

While MPC faces efficiency-related algorithmic challenges, it could still have a bright future. Continuing exponential improvements in the computing price-performance ratio will reduce the cost of implementing schemes, even if the underlying mathematics reaches hard limits.?

Reasons to be bullish about MPC include:?

• No single point of failure. MPC technology prevents internal colluding parties and external bad actors from accessing private data.?
• Protocol agnostic solutions. MPC doesn’t require a specific blockchain to function and works across most standards.?
• Improved operational flexibility. MPC allows financial institutions to make on-the-fly changes to access, allowing more parties to join the computation as necessary (up to generous limits).?

In the future, we may see financial institutions using MPC for market risk analysis and personalized wealth management. These applications could help firms improve their margins while enhancing customer service when combined with AI data analysis systems. MPC could assess individual investment positions, derivatives, and other financial instruments to determine a bank’s risk position.?

However, the concept requires support to make that happen. Functional MPC has been around for over a decade, but only a few financial institutions choose to use it.?

Policymakers (particularly regulators) need to get on board with the technology. Making it a requirement for the financial sector would force firms to conduct rapid build-outs that protect customer data and help to mature the technology.?

Venture capitalists should also look for companies working on MPC projects in the space, particularly if regulators push for it. Supplying funds to companies developing these products would enable financial institutions to buy them off the shelf, reducing costs substantially. Working with policymakers, entrepreneurs, and institutions could set the groundwork to make MPC thrive.?

Beyond MPC: A Comparative Exploration

Multi-party computation is by no means the only game in town. While the benefits of MPC are substantial, the technology is still waiting for mass adoption. In the meantime, several competitors are seeking to preserve privacy in different ways.?

Homomorphic encryption is one substitute. It works by converting data into ciphertext that analysts can use and work with as if it were in its original form. Its main advantage is that it can be faster than MPC for some simple computations. However, its efficiency declines significantly for more complex situations, including when the number of players rises. Furthermore, it has limited functionality. MPC is a group project, while homomorphic encryption relies on a single party holding decrypted data.?

Blockchain is another technology that appears to rival MPC. However, it is not the same.?

Blockchain is a distributed ledger that records transactions immutably for all parties. You can anonymize details within the transactions or use pseudonyms for privacy but it is not ideal for dealing with sensitive data (particularly when the number of parties involved is small).?

MPC differs by performing calculations on encrypted data. No party can gain access to the underlying information (except in the rare circumstances outlined above).?

There are situations where MPC and blockchain are complementary. For example, some financial firms store secure computations on the blockchain, but, again, they do not post the private data. Rather, blockchain stores the function of the underlying data.?

In truth, what many people believe are MPC’s rivals are actually complementary technologies. For example, you can imagine MPC being used in conjunction with homomorphic encryption in financial fraud situations. Homomorphic encryption would encrypt the underlying data while MPC would preserve privacy.?

MPC could also work in tandem with secure enclaves – data-containing hardware that protects code during data execution. Cold storage could further protect financial information while MPC allows data extraction from these silos for analysis.?

Conclusion

In summary, the transformative potential of MPC in financial services is considerable. The technology has the potential to safeguard privacy and enhance the security of AI-driven solutions far more than conventional gatekeeper-based approaches.?

While the MPC concept has been around for more than thirty years, the last ten have seen substantial innovations, with some real-world deployments. This potential is only going to increase over the coming years as computational power improves and academics make algorithmic improvements on the back end. Financial institutions willing to work together can create new industry standards that push the use of the technology and help it become more mainstream.?

Moreover, the concept could go into overdrive if it had regulatory support through schemes like GDPR. Financial institutions would have to change their approach to business if the law required them to do so. Regulatory pressures and requirements would almost guarantee privacy while enhancing banks’ and fintech firms’ ability to perform analysis.?

References?

• Du, W. and Atallah, M.J., 2001, September. Secure multi-party computation problems and their applications: a review and open problems. In Proceedings of the 2001 workshop on New security paradigms (pp. 13-22).
• Fireblocks, 2024, What is MPC (Multi-Party Computation)? Available from https://www.fireblocks.com/what-is-mpc/. ?[Accessed 5/14/2024]
• IEEE Digital Privacy, 2024, What is Multiparty Computation? Available from https://digitalprivacy.ieee.org/publications/topics/what-is-multiparty-computation [Accessed 5/14/2024]
• Inpher, 2024,What is Secure Multiparty Computation? Available from https://inpher.io/technology/what-is-secure-multiparty-computation/ [Accessed 5/14/2024]
• Ivan Damgard and Yuval Ishai, 2008, Scalable Multi-Party Computation, The International Association For Cryptographic Research. Aarhus University.
• Goldreich, O., 1998. Secure multi-party computation. Manuscript. Preliminary version, 78(110), pp.1-108.
• Goldreich, O., Micali, S. and Wigderson, A., 1987. How to solve any protocol problem. In Proc. of STOC.
• Micali, S., Goldreich, O. and Wigderson, A., 1987, May. How to play any mental game. In Proceedings of the Nineteenth ACM Symp. on Theory of Computing, STOC (pp. 218-229). New York, NY, USA: ACM.
• TechTarget, 2022, Homomorphic encryption. Available from https://www.techtarget.com/searchsecurity/definition/homomorphic-encryption [Accessed 5/14/2024]
• Wikipedia, 2024, Secure Multi-Party Computation. Available from en.wikipedia.org/wiki/Secure_multi-party_computation [Accessed 5/14/2024]
• Yao, A.C., 1982, November. Protocols for secure computations. In 23rd annual symposium on foundations of computer science (sfcs 1982) (pp. 160-164). IEEE.
• Kunle Fadeyi, Computing on encrypted data for better security - Part 3. Available on LinkedIn https://www.dhirubhai.net/pulse/computing-encrypted-data-better-security-part-3-fadeyi-cfa-caia/?trackingId=YqM4DoKhQVKA9FhHJmJIcA%3D%3D