MPC in the wild
Friday, February 22, 2008, 1:34 pm •
So much for me being a theoretician! Secure multi-party computation was actually used in a real-world scenario! See the overview here.
In Denmark, several thousand farmers produce sugar beets, which are sold to the company Danisco, which is the only sugar producing company on the Danish market. Farmers have contracts that give them production rights, that is, a contract entitles a farmer to produce a certain amount of beets per year and deliver them to Danisco. These contracts can be traded between farmers, but trading has historically been very limited and has been done only via bilateral negotiations.
In recent years, however, the EU drastically reduced the support for sugar beet production. This and other factors meant that there was now an urgent need to reallocate contracts to farmers where productions pays off best. It was realized that this was best done via a nation-wide exchange, a double auction. ... Briefly, the goal is to find the so called market clearing price, which is a price per unit of the commodity that is traded.
In such a double-auction, both sides are reluctant to reveal their bids to the other side. So a multi-party computation protocol was deployed to calculate the appropriate market equilibrium while maintaining the bids' secrecy. They opted to go with a relatively weak protocol that assumes there is no active malicious adversarial behavior. This seems to be motivated by the needs of the problem: any malicious deviation by the bidders would either be detected, or else would be not to their financial advantage (e.g., bidding to buy more as the prices went up). Such protocols have been known for at least 10-15 years, so it's surprising that this is (or so they claim) the first major deployment. I guess we should work on getting the word out...