| Secure Multiparty Computation protocols allow a set of mutually distrustful parties to compute a function on their respective inputs while guaranteeing both the privacy of the inputs and the correctness of the outputs. Despite thirty years of research and many potential real-world applications, MPC deployment remains limited by efficiency and scalability bottlenecks. This thesis presents novel protocol designs and engineering techniques to address those performance and scalability issues.;In Part I three generic systems that can be applied to arbitrary functionalities are presented: two systems for garbled circuits protocols, and one in the setting of verifiable computation with succinct non-interactive arguments of knowledge (SNARKs). Both the protocols and the larger runtime systems are carefully designed to scale to arbitrary computations, and use techniques from compilers to automatically optimize the circuits. In the setting of garbled circuits, a protocol is presented with security against malicious adversaries that is carefully designed to avoid scalability bottlenecks. Runtime systems using that garbled circuit protocol that support arbitrarily large circuits are described, and experimental results are presented. In the SNARK setting, a construction is proposed that balances scalability with practicality, using a limited form of proof bootstrapping.;In Part II two custom protocols are presented, which support applications that have been deployed as a large technology company. The constraints imposed by those applications require communication to be minimized, even at the cost of higher overall runtime, and rule out solutions based on generic protocols. The first protocol computes a generalization of private set intersection called Private Intersection-Sum, using a variation of the well-known Diffie-Hellman based PSI protocol. The second protocol computes an average of vectors from a large number of mobile phones, requiring a careful construction to handle the high failure rate of such devices. |
