Real World Crypto 2021 - Session 3: Multi-Party Computation


Prev | Up | Next

Session video

Yehuda Lindell (Bar Ilan Uni / Unbound Tech) / Lessons and Challenges in Deploying (Heavy) MPC in Different Environments video slides

Key management / key protection in software - virtual HSMs - endpoint security with virtual smartcards.

RSA Key Generation in an adversarial environment is intensively computational for MPC. It takes many iterations to find a modulus, and most candidates are discarded. An ‘honesty’ proof selects one.

Omer Schlomovits (ZenGo-X) / The Red Wedding: Playing Attacker in MPC Ceremonies video slides

dogbyte attack - every optimisation requires a proof of security (found in Ethereum?, related to ZK proofs)

octopus attacks - careful definition of ‘active coordinator model’

Threshold RSA key gen: multiple parties contribute to agree on modulus; environment could be adversarial : a majority could be dishonest!

presenter reviewed a design called ‘Diogenes’ designed to do the above

Rishabh Poddar (UC Berkeley) / Senate: A Maliciously Secure MPC Platform for Federated Analytics video slides

Collaborative analysis of data (e.g. medical, collected from patients) is very hard using normal database tools because of privacy contraints. But can be done where contributors send encrypted data, using MPC. Protocol should succeed even where dishonest parties are present.

MPC protocols for this are represented as a ‘monolithic circuit’ doesn’t scale well because all parties have to be be involved even where their input isn’t needed. Such protocols have very high overhead.

The goal is to find ways to decompose the protocol without compromising security.
A risk is that intermediate results may be revealed. Adversaries could inject invalid intermediate inputs, or inconsistent inputs.

Author’s ‘Senate’ protocol defines a way of doing this securely. It defines new ‘circuit primitives’ that can be used to realize SQL operators securely.