Cassie Heart pfp
Cassie Heart
@cassie
Been a while since I took the time to write a threadoor essay, but I feel like there's been an alarming trend that warrants discussion: the rise of "MPC" protocols which are actually glorified networks of trusted operators.
4 replies
8 recasts
39 reactions

Cassie Heart pfp
Cassie Heart
@cassie
What is a trusted operator? In the context of protocols, a network's design can require the participants are trusted – that is, vetted and approved, or trustless – the protocol is inherently secure against participants behaving maliciously.
1 reply
0 recast
0 reaction

Cassie Heart pfp
Cassie Heart
@cassie
This applies to everything from a blockchain (Bitcoin, for example, is trustless, whereas the current iteration of Optimism is trusted/single sequencer) to file sharing (BitTorrent is trustless, an SFTP server is trusted).
1 reply
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
In MPC, a common trusted operator would be a Trusted Execution Environment (TEE), e.g. Intel SGX, Amazon Nitro. These environments create a chain of custody asserting the code executed in the TEE is only what was intended and the only extractible information is the output intended to be delivered from the TEE.
1 reply
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
Much of the research in the MPC space has been on maliciously secure protocols. This along with how academic the space is, has made it hard for non-academics to see there is a spectrum where protocols may require some or all operators to be trusted, or may be completely trustless by design.
1 reply
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
This has, intentionally or not, lead to the goodwill of the security of trustless MPC to be co-opted by MPC protocols with trusted operators. The flexibility of the term has resulted in a rise of companies which opt for the far easier work of using trusted operators. This has extremely dangerous consequences.
1 reply
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
TEEs do not have mathematical proofs of security, and are frequently fallible – SGX, for example, has been broken many times over, and these revelations are simply public scrutiny. Consider that TEEs may also be compromised by design, for specific actors: https://twitter.com/matthew_d_green/status/1703959863796158678
1 reply
0 recast
1 reaction