A Trusted Third-Party Computation Service

We present TEP, a system that supports general-purpose shared computation between mutually-distrusting parties. TEP is useful for applications, such as auctions and tax preparation, that use private information from multiple participants. Such applications cannot be run on any one participant’s computer without sacrificing the other participants’ privacy. TEP acts as a trusted service that hosts the sensitive parts of such applications. TEP uses a Java VM to load and run computations on behalf of clients. TEP uses Java security mechanisms and cryptographic protocols to ensure that (1) a program can communicate only with the specific participants identified for a computation and (2) each participant knows exactly what program is being run and who the other participants are. This lets participants determine whether information they send to the computation can be exposed to other participants; we show how static analysis greatly simplifies this task. Example programs show that the TEP model is useful and easy to program; benchmarks show that the TEP prototype implementation is fast enough to be practical.