Real World Crypto 2021 - Session 3: Multi-Party ComputationRWC2021 · Real World Crypto
Key management / key protection in software - virtual HSMs - endpoint security with virtual smartcards.
RSA Key Generation in an adversarial environment is intensively computational for MPC. It takes many iterations to find a modulus, and most candidates are discarded. An ‘honesty’ proof selects one.
dogbyte attack - every optimisation requires a proof of security (found in Ethereum?, related to ZK proofs)
octopus attacks - careful definition of ‘active coordinator model’
Threshold RSA key gen: multiple parties contribute to agree on modulus; environment could be adversarial : a majority could be dishonest!
presenter reviewed a design called ‘Diogenes’ designed to do the above
Collaborative analysis of data (e.g. medical, collected from patients) is very hard using normal database tools because of privacy contraints. But can be done where contributors send encrypted data, using MPC. Protocol should succeed even where dishonest parties are present.
MPC protocols for this are represented as a ‘monolithic circuit’ doesn’t scale well because all parties have to be be involved even where their input isn’t needed. Such protocols have very high overhead.
The goal is to find ways to decompose the protocol without compromising security.
A risk is that intermediate results may be revealed. Adversaries could inject invalid intermediate inputs, or inconsistent inputs.
Author’s ‘Senate’ protocol defines a way of doing this securely. It defines new ‘circuit primitives’ that can be used to realize SQL operators securely.