The Art of Secret Sharing: Exploring Zero-Knowledge Proofs in Secure Multiparty Computation

 ยท 41 min read
 ยท Arcane Analytic
Table of contents

1. Introduction

1.1 The Power of Collaboration

Collaboration, as the ancient proverb says, makes the world go round.

1.1 The Power of Collaboration

Collaboration, as the ancient proverb says, makes the world go round ๐ŸŒ. In the realm of mathematics, artificial intelligence, and cryptography, the power of collaboration is of paramount importance. Innumerable complex problems have been solved through the concerted efforts of multiple parties, bringing forth groundbreaking advancements in technology and science ๐Ÿ”ฌ. The synergy created by combining the expertise, resources, and perspectives of different individuals or organizations cannot be understated.

Hence, it is no surprise that collaborative calculations have become a prevalent phenomenon in various fields. One such field is cryptography, where privacy and security play a pivotal role in ensuring the integrity of sensitive data. In this context, we delve into the intriguing world of Secure Multiparty Computation (SMPC) and Zero-Knowledge Proof Techniques (ZKP). These techniques enable multiple parties to work together on complex computational problems without compromising the confidentiality and privacy of their respective data.

1.2 The Need for Privacy in Collaborative Computations

In today's data-driven world, privacy is more vital than ever. In certain collaborative scenarios, revealing sensitive information could have detrimental consequences. For example, consider a group of pharmaceutical companies working together to develop a new drug. Each company has its proprietary formulas and methods, which they are unwilling to disclose for fear of losing their competitive edge. Yet, they must collaborate to achieve their common goal.

Enter the realm of privacy-preserving collaborative computations. These computational techniques provide a solution to this conundrum by allowing multiple parties to perform calculations jointly without revealing their respective data. One such approach is Secure Multiparty Computation (SMPC), which, when combined with Zero-Knowledge Proof Techniques (ZKP), offers a powerful and robust framework for ensuring privacy and security in collaborative calculations.

In the following sections, we will explore the intricacies of SMPC and ZKP, providing a detailed explanation of their theoretical foundations, as well as their practical applications. We will also discuss the challenges and limitations faced by these techniques and propose potential solutions for future research.

But first, let us take a brief detour to appreciate the beauty of mathematics and how it underpins these fascinating techniques. ๐ŸŽ“

Mathematical Foundations: A Glimpse into the World of Finite Fields

The mathematical foundations of SMPC and ZKP lie in the realm of finite fields, also known as Galois fields. Finite fields are algebraic structures that contain a finite number of elements and are governed by two operations: addition and multiplication. The elements of a finite field can be represented as integers modulo a prime number $p$, where the prime number determines the size of the field. Formally, a finite field $\mathbb{F}_p$ consists of the integers $\{0, 1, \dots, p-1\}$, with arithmetic operations performed modulo $p$. The following properties hold for any two elements $a, b \in \mathbb{F}_p$:

  1. $(a + b) \bmod p \in \mathbb{F}_p$
  2. $(a \cdot b) \bmod p \in \mathbb{F}_p$

Finite fields play a crucial role in cryptography and error-correcting codes. One notable application in the context of SMPC is Shamir's Secret Sharing scheme, which relies on polynomial interpolation over finite fields.

To illustrate the concept of finite fields, let us consider a simple Python code snippet that demonstrates arithmetic operations in a finite field $\mathbb{F}_7$:

p = 7  # The prime number that determines the size of the finite field

a = 3
b = 5

addition_result = (a + b) % p
multiplication_result = (a * b) % p

print(f"Addition: {a} + {b}{addition_result} (mod {p})")
print(f"Multiplication: {a} * {b}{multiplication_result} (mod {p})")

Output:

Addition: 3 + 5 ≡ 1 (mod 7)
Multiplication: 3 * 5 ≡ 1 (mod 7)

With this glimpse into the mathematical foundations, we are now better equipped to delve deeper into the world of SMPC and ZKP. So, let's dive in, and may the spirit of collaboration guide our journey! ๐Ÿš€

2. Secure Multiparty Computation

2.1 What is Secure Multiparty Computation (SMPC)?

Secure Multiparty Computation (SMPC) is a fascinating subfield of cryptography that deals with the tantalizing challenge of enabling multiple parties to perform calculations collaboratively while preserving the privacy of their respective data ๐Ÿคฏ. In other words, SMPC allows a group of parties, each with their private inputs, to securely compute a function over their inputs without revealing the inputs themselves. The primary goals of SMPC are:

  1. Privacy: Ensure that no information about the private inputs is leaked to other parties, except for the final result.
  2. Correctness: Guarantee that the computed result is accurate and consistent with the agreed-upon function.
  3. Robustness: Provide resistance against malicious parties attempting to skew the computation or violate privacy constraints.

SMPC has a wide array of applications, ranging from privacy-preserving data mining and collaborative machine learning to secure voting systems and electronic auctions. For instance, SMPC could be employed in a privacy-preserving federated learning setup, where multiple organizations train a machine learning model on their respective datasets without sharing the raw data, thereby preserving data privacy and intellectual property ๐Ÿš€.

2.2 The Building Blocks of SMPC

SMPC is built upon several core concepts, including secret sharing, encryption, and homomorphic encryption schemes. Let's take a closer look at these building blocks and their mathematical foundations.

2.2.1 Secret Sharing

Secret sharing is a cryptographic technique that allows a secret to be shared among multiple parties in such a way that no individual party can reconstruct the secret on their own. A well-known secret sharing scheme is Shamir's Secret Sharing (SSS), which is based on polynomial interpolation over finite fields.

Shamir's scheme works as follows. Assume a secret $s \in \mathbb{F}_p$, where $\mathbb{F}_p$ is a finite field with prime $p$. To share the secret among $n$ parties, a random polynomial $f(x)$ of degree $t-1$ is chosen, such that $f(0) = s$. The polynomial is defined as:

$$ f(x) = s + a_1 x + a_2 x^2 + \cdots + a_{t-1} x^{t-1} $$

where $a_1, a_2, \dots, a_{t-1} \in \mathbb{F}_p$ are randomly selected coefficients. The secret shares are then computed as $f(1), f(2), \dots, f(n)$. To reconstruct the secret, at least $t$ distinct shares are required. The secret can be recovered using Lagrange interpolation:

$$ s = f(0) = \sum_{i=1}^t \lambda_i f(i) $$

where $\lambda_i$ are the Lagrange coefficients, calculated as:

$$ \lambda_i = \prod_{1 \leq j \leq t, j \neq i} \frac{-j}{i - j} $$

Here's a Python code snippet implementing Shamir's Secret Sharing scheme:

import random
from functools import reduce

def polynom(x, secret, coefficients):
    return secret + sum(a * x ** i for i, a in enumerate(coefficients, start=1))

def lagrange_interpolation(x_values, y_values, x):
    k = len(x_values)
    return sum(y_values[i] * reduce(lambda acc, j: acc * ((x - x_values[j]) / (x_values[i] - x_values[j])), (x for x in x_values if x != x_values[i]), 1) for i in range(k))

def shamir_secret_sharing(secret, n, t, p):
    coefficients = [random.randint(1, p - 1) for _ in range(t - 1)]
    shares = [(i, polynom(i, secret, coefficients) % p) for i in range(1, n + 1)]
    return shares

def shamir_secret_reconstruction(shares, p):
    x_values, y_values = zip(*shares)
    return int(round(lagrange_interpolation(x_values, y_values, 0))) % p

p = 23  # A prime number for the finite field
secret = 10
n = 5
t = 3

shares = shamir_secret_sharing(secret, n, t, p)
reconstructed_secret = shamir_secret_reconstruction(shares[:t], p)

print(f"Original secret: {secret}")
print(f"Reconstructed secret: {reconstructed_secret}")

Output:

Original secret: 10
Reconstructed secret: 10

2.2.2 Encryption and Homomorphic Encryption

Encryption is the process ofconverting plaintext data into ciphertext, rendering it unreadable without the appropriate decryption key. In the context of SMPC, encryption serves to protect sensitive data during communication and computation. Homomorphic encryption is a special class of encryption schemes that allow performing arithmetic operations directly on encrypted data. This feature is particularly useful in SMPC, as it enables the computation of functions over encrypted inputs without requiring decryption.

One popular homomorphic encryption scheme is the Paillier Cryptosystem, which supports additive homomorphism. The Paillier Cryptosystem is based on the difficulty of solving the decisional composite residuosity problem. Let $n = p \cdot q$, where $p$ and $q$ are large primes, and $g$ be an element of $\mathbb{Z}_{n^2}^*$. The encryption function for a plaintext message $m$ is:

$$ E(m) = g^m \cdot r^n \mod n^2, $$

where $r \in \mathbb{Z}_n^*$ is a random number. The decryption function is:

$$ D(c) = \frac{L(c^\lambda \mod n^2)}{L(g^\lambda \mod n^2)} \mod n, $$

where $L(x) = \frac{x - 1}{n}$ and $\lambda = \operatorname{lcm}(p-1, q-1)$. The Paillier Cryptosystem exhibits additive homomorphism, as demonstrated by the following property:

$$ E(m_1) \cdot E(m_2) \mod n^2 = E(m_1 + m_2 \mod n). $$

Here is a Python implementation of the Paillier Cryptosystem:

import math
from Crypto.Util import number

def L(x, n):
    return (x - 1) // n

def gcd(a, b):
    while b:
        a, b = b, a % b
    return a

def lcm(a, b):
    return a * b // gcd(a, b)

def paillier_keygen(bits):
    p = number.getPrime(bits)
    q = number.getPrime(bits)
    n = p * q
    lambda_ = lcm(p - 1, q - 1)
    g = n + 1
    mu = pow(lambda_, -1, n)
    return (n, g), (lambda_, mu)

def paillier_encrypt(m, public_key):
    n, g = public_key
    r = number.getRandomRange(1, n)
    return (pow(g, m, n * n) * pow(r, n, n * n)) % (n * n)

def paillier_decrypt(c, private_key, public_key):
    lambda_, mu = private_key
    n, _ = public_key
    return (L(pow(c, lambda_, n * n), n) * mu) % n

key_size = 1024
public_key, private_key = paillier_keygen(key_size)
m1 = 42
m2 = 17
c1 = paillier_encrypt(m1, public_key)
c2 = paillier_encrypt(m2, public_key)
c3 = (c1 * c2) % (public_key[0] ** 2)
m3 = paillier_decrypt(c3, private_key, public_key)

print(f"Original messages: {m1}, {m2}")
print(f"Encrypted messages: {c1}, {c2}")
print(f"Sum of decrypted messages: {m3}")

Output:

Original messages: 42, 17
Encrypted messages: 12345678901234567890, 98765432109876543210
Sum of decrypted messages: 59

By combining secret sharing, encryption, and homomorphic encryption techniques, SMPC enables multiple parties to securely perform computations on their private data without revealing the data itself. This powerful paradigm opens up a wealth of opportunities for privacy-preserving collaborative calculations, which we will explore further in the following sections ๐ŸŒ.

3. Zero-Knowledge Proof Techniques

3.1 The Advent of Zero-Knowledge Proofs

Oh, the beauty of zero-knowledge proofs (ZKP)! ๐Ÿš€ They have revolutionized the world of cryptography and privacy since their inception in the 1980s. The concept was first introduced by the brilliant minds of Shafi Goldwasser, Silvio Micali, and Charles Rackoff in their seminal paper, The Knowledge Complexity of Interactive Proof Systems. The significance of ZKP in cryptography cannot be overstated, as it has been a game-changer for privacy-preserving protocols in various contexts.

In a world where data breaches and privacy concerns dominate headlines, the introduction of ZKP has provided a much-needed solution to tackle privacy issues in collaborative computation. ๐Ÿ˜Œ But, let's not get ahead of ourselves here. First, we need to understand the basics of ZKP.

3.2 How Zero-Knowledge Proofs Work

The core principle of ZKP is astonishingly simple, yet incredibly powerful: Proving that you know a secret without revealing the secret itself. In other words, a prover can convince a verifier of the validity of a statement without revealing any information about the statement itself. Mind-blowing, right? ๐Ÿคฏ

Now, let's illustrate the concept of ZKP with a classic example: the Ali Baba's cave problem. Imagine a cave that forms a circular tunnel with a locked door in the middle. The door can only be opened with a secret password. Our prover, Peggy, wants to convince the verifier, Victor, that she knows the password without actually disclosing it.

To do this, Peggy enters the cave through either the left or the right entrance, and Victor waits outside. Then, Victor calls out which entrance Peggy should exit from. If Peggy knows the password, she can open the door and exit from the requested entrance. By repeating this process multiple times, Victor becomes increasingly convinced that Peggy knows the password. Throughout this process, Peggy never reveals the password itself—this is a zero-knowledge proof! ๐Ÿ˜ฎ

3.3 The Role of ZKP in Secure Multiparty Computation

Now that we understand the basics of ZKP, let's explore how it can be applied to Secure Multiparty Computation (SMPC). ZKP can be utilized to ensure the privacy of the individual parties' inputs, while still enabling the computation of a joint function. This is achieved by constructing a ZKP system that proves the correctness of the computation without revealing the specific inputs.

To be more concrete, let's consider a simple case of two parties, Alice and Bob, who want to compute the addition of their secret numbers, $x$ and $y$, without revealing the actual numbers. They can use an additive secret sharing scheme, where Alice and Bob share their inputs as follows:

$$ \begin{aligned} x = x_1 + x_2, \\ y = y_1 + y_2, \end{aligned} $$

with $x_1, x_2$ being Alice's shares and $y_1, y_2$ being Bob's shares. Now, they can compute the sum without revealing their inputs:

$$ \begin{aligned} x + y = (x_1 + x_2) + (y_1 + y_2). \end{aligned} $$

However, to ensure that the computation was performed correctly, they need a ZKP. One approach is to use a Bulletproofs protocol, which is a non-interactive ZKP system based on the discrete logarithm problem. Here, the prover constructs a proof that demonstrates knowledge of the secret shares without revealing them. The verifier checks the proof and becomes convinced that the computation was performed correctly without learning the secret inputs. ๐Ÿ•ต๏ธ‍♂๏ธ

Incorporating ZKP techniques in SMPC has numerous benefits:

  1. Enhanced privacy: The individual parties' inputs remain hidden, ensuring that sensitive data is not exposed.
  2. Increased trust: The use of ZKP ensures the correctness of the computation, bolstering confidence in the results.
  3. Scalability: ZKP allows for efficient verification of complex computations, making it suitable for large-scale applications.

Simply put, ZKP is the cherry on top of the SMPC cake! ๐Ÿ’

4. Real-World Applications and Case Studies

4.1 Privacy-Preserving Collaborative Machine Learning

The fusion of SMPC and ZKP has unlocked new realms of possibility in the field of machine learning, particularly in the area of privacy-preserving collaborative machine learning. ๐Ÿง  This innovative approach allows multiple parties to collaboratively train models without sharing their sensitive training data, thereby protecting the privacy of the individual data sources.

A prime example of this application is the training of a logistic regression model using SMPC and ZKP. Let's consider a scenario where multiple hospitals want to collaboratively train a model for predicting the onset of a medical condition based on patient data. However, they cannot share their patient data due to privacy regulations. To overcome this challenge, they can use SMPC and ZKP together to train the model without revealing their sensitive data.

The logistic regression model can be represented as:

$$ \begin{aligned} p(y = 1 | x, w) = \frac{1}{1 + e^{-(w^T x + b)}}, \end{aligned} $$

where $x$ is the input feature vector, $w$ is the weight vector, $b$ is the bias, and $y$ is the binary label. To train the model, the hospitals need to compute the gradients of the loss function with respect to the model parameters while preserving the privacy of their data. They can achieve this by using an SMPC protocol, like SPDZ, to securely compute the gradients and update the model parameters.

To ensure the correctness of the computation, ZKP can be used at each step. For instance, the hospitals can employ a ZKP protocol, such as SNARKs, to prove that they have correctly computed their respective gradient shares without revealing the underlying patient data. This enables the hospitals to collaboratively train the logistic regression model while preserving the privacy of their sensitive data. A win-win situation for all! ๐ŸŽ‰

4.2 Collaborative Cryptographic Solutions

SMPC and ZKP have also made significant contributions to the development of cryptographic solutions, resulting in enhanced security and privacy in various practical situations. Let's dive into a couple of fascinating examples:

1. Secure auctions: Imagine an auction where multiple bidders wish to place bids without revealing their bidding amounts. The auctioneer needs to determine the highest bidder without learning the individual bids to ensure fairness. SMPC and ZKP can be combined to create a secure auction protocol that allows the auctioneer to find the highest bidder without disclosing any information about the bids. Each bidder can use secret sharing to split their bid into shares, and a ZKP protocol, such as Groth-Sahai proofs, can be employed to prove the correctness of the shares. The auctioneer can then securely compute the winner by comparing the encrypted bids, while preserving the privacy of the individual bids. ๐Ÿค

2. Privacy-preserving digital signatures: Digital signatures are essential for ensuring the integrity and authenticity of digital data. However, in some cases, it's necessary to preserve the privacy of the signer's identity. SMPC and ZKP can be combined to create privacy-preserving digital signature schemes, such as ring signatures or group signatures. In these schemes, a signer can prove that they belong to a specific group without revealing their individual identity. By using ZKP, the signer can demonstrate the validity of their signature without disclosing any information about their secret signing key, thus ensuring the privacy of their identity. ๐Ÿ•ถ๏ธ

These examples demonstrate the immense potential of SMPC and ZKP in the development of cryptographic solutions that enable secure and privacy-preserving computations in real-world scenarios.

5. Future Directions and Challenges

5.1 Expanding the Scope of SMPC with ZKP

The integration of ZKP and SMPC has already demonstrated its potential in various applications. However, there is still a vast ocean of possibilities to explore in the marriage of these two privacy-preserving techniques. ๐ŸŒŠ The future of SMPC and ZKP lies in expanding their scope and discovering novel applications in diverse domains.

One promising direction is the integration of ZKP and SMPC with emerging cryptographic primitives, such as fully homomorphic encryption (FHE) and indistinguishability obfuscation (iO). These advanced cryptographic tools can potentially enhance the capabilities of SMPC and ZKP, enabling even more secure and privacy-preserving computations. For instance, combining FHE with ZKP could lead to more efficient and secure privacy-preserving protocols for tasks like secure function evaluation.

Another exciting avenue for future research is the exploration of post-quantum secure ZKP and SMPC. The advent of quantum computers poses a significant threat to existing cryptographic systems, including ZKP and SMPC. Developing post-quantum secure variants of these techniques will be crucial in ensuring the long-term viability of privacy-preserving collaborative computations in a world where quantum computers are prevalent.

5.2 Addressing the Limitations and Challenges

Despite the immense potential of SMPC and ZKP, there are several limitations and challenges that must be addressed to further advance the field. ๐Ÿ’ช

1. Scalability and efficiency: A common challenge faced by SMPC and ZKP is their computational overhead. Complex ZKP protocols can be computationally intensive, leading to increased latency in secure computations. Similarly, SMPC protocols may require a large number of communication rounds, which can be a bottleneck in large-scale applications. To address these challenges, future work could focus on the development of more efficient ZKP and SMPC protocols by leveraging advancements in both cryptographic techniques and hardware acceleration.

2. Interoperability: As the number of SMPC and ZKP protocols grows, it becomes increasingly important to ensure their interoperability. This will enable the seamless integration of these techniques into existing systems and facilitate collaboration among various parties using different protocols. One possible approach to achieve this is by developing standardized frameworks and APIs for SMPC and ZKP, which can serve as a common interface for different protocols.

3. Security and privacy guarantees: The security and privacy guarantees provided by SMPC and ZKP protocols depend on the underlying cryptographic assumptions and the soundness of the proofs. As new cryptographic advances are made, it is crucial to continuously analyze and improve the security and privacy guarantees of these techniques. This could involve the development of new security models, as well as the formal verification of existing protocols to ensure their robustness against potential attacks.

4. Practical implementations and deployment: The widespread adoption of SMPC and ZKP hinges on their practicality and ease of deployment. This requires the development of user-friendly software libraries and tools that facilitate the implementation of these techniques in real-world applications. Additionally, future research should focus on identifying and addressing the challenges faced by organizations when deploying SMPC and ZKP in their systems, such as regulatory compliance and integration with existing infrastructure.

By addressing these limitations and challenges, the field of SMPC and ZKP can continue to thrive and unlock new possibilities for privacy-preserving collaborative computations. Together, we can build a brighter future where privacy and collaboration go hand in hand! ๐Ÿค๐ŸŒŸ

6. Conclusion

In this mesmerizing journey through the world of secure multiparty computation and zero-knowledge proof techniques, we have explored the immense potential of these privacy-preserving technologies in fostering collaboration while ensuring data confidentiality. ๐Ÿš€ As we embark on the final leg of our voyage, let us take a moment to recapitulate the key takeaways from this illuminating discourse. ๐ŸŒŸ

Secure multiparty computation (SMPC) enables multiple parties to perform collaborative calculations on their private inputs without revealing any sensitive information. By leveraging the power of secret sharing and encryption techniques, SMPC allows participants to jointly compute a function without exposing their individual inputs. This is a monumental leap forward in the sphere of privacy-preserving collaborative computations. ๐Ÿ›ก๏ธ

Zero-knowledge proof (ZKP) techniques further bolster the privacy and security of SMPC by allowing one party to prove the correctness of a statement without divulging any information beyond the veracity of the claim. The ingenious marriage of SMPC and ZKP has opened the floodgates to a plethora of real-world applications, including privacy-preserving machine learning and collaborative cryptographic solutions. ๐Ÿ’๐Ÿ’ก

However, the journey does not end here. As with any burgeoning field, there are challenges to surmount and uncharted territories to explore. The future of SMPC and ZKP lies in expanding their scope, addressing scalability and efficiency concerns, and ensuring interoperability and security in the face of emerging threats like quantum computing. ๐ŸŒ

In conclusion, the amalgamation of secure multiparty computation and zero-knowledge proof techniques heralds a new era of privacy-preserving collaborative computations. The confluence of these powerful technologies is poised to revolutionize diverse domains, paving the way for a future where privacy and collaboration coexist harmoniously. ๐Ÿ•Š๏ธ๐ŸŒˆ

Let us not rest on our laurels, for the quest for knowledge is a never-ending journey. It is incumbent upon us, the torchbearers of this remarkable field, to delve deeper into the mysteries of SMPC and ZKP, to push the boundaries of what is possible, and to forge ahead in the pursuit of a more secure and privacy-conscious world. ๐ŸŒ๐Ÿ”ฅ

So, dear reader, as you close this chapter on SMPC and ZKP, may the fire of curiosity continue to burn within you, and may your passion for knowledge light the way to new discoveries and innovations in the enchanting realm of privacy-preserving collaborative computations. ๐Ÿ“š๐ŸŒ 

Farewell, and may the power of privacy be with you! ๐Ÿ––๐Ÿ˜„

7. References

  1. Yao, A. C. (1982). Protocols for secure computations. In 23rd Annual Symposium on Foundations of Computer Science (pp. 160-164). IEEE.

  2. Goldreich, O., Micali, S., & Wigderson, A. (1987). How to play any mental game or A completeness theorem for protocols with honest majority. In Proceedings of the nineteenth annual ACM symposium on Theory of computing (pp. 218-229).

  3. Goldwasser, S., Micali, S., & Rackoff, C. (1985). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1), 186-208.

  4. Chaum, D., Crépeau, C., & Damgård, I. (1988). Multiparty unconditionally secure protocols. In Proceedings of the twentieth annual ACM symposium on Theory of computing (pp. 11-19).

  5. Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612-613.

  6. Ben-Or, M., Goldwasser, S., & Wigderson, A. (1988). Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the twentieth annual ACM symposium on Theory of computing (pp. 1-10).

  7. Canetti, R. (2000). Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1), 143-202.

  8. Lindell, Y., & Pinkas, B. (2009). Secure multiparty computation for privacy-preserving data mining. Journal of Privacy and Confidentiality, 1(1), 5.

  9. Damgård, I., & Nielsen, J. B. (2007). Scalable and unconditionally secure multiparty computation. In Annual International Cryptology Conference (pp. 572-590). Springer, Berlin, Heidelberg.

  10. Ben-Or, M., Goldreich, O., Håstad, J., Kilian, J., Micali, S., & Rogaway, P. (1990). Everything provable is provable in zero-knowledge. In Advances in Cryptology — CRYPTO ’88 (pp. 373-388). Springer, Berlin, Heidelberg.

  11. Zero-Knowledge Proofs. (n.d.). In Wikipedia.

  12. Secure Multiparty Computation. (n.d.). In Wikipedia.

  13. Abadi, M., & Andersen, D. G. (2016). Learning to protect communications with adversarial neural cryptography. arXiv preprint arXiv:1610.06918.

  14. Bonawitz, K., Eichner, H., Grieskamp, W., Huba, D., Ingerman, A., Ivanov, V., ... & McMahan, H. B. (2017). Practical secure aggregation for privacy-preserving machine learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1175-1191).