Lyron Co Ting Keh
@lyronctk
Crazy question raised by traitor tracing: How much money would it take to betray your friend? Traitor tracing is the best mitigation we have for server side privacy breaches (the core of the MPC v TEE discussion) MPC == "server that stores your data" is split between 10 people, users are hoping they don't get together to peek TEE == "server that stores your data" is a fancy box that's hard to break in to, users are hoping Google doesn't peek Unclear which one's better. Both are bad for the same reason: peeking historically hasn't been punishable Not good. Crypto rests on bad actors getting punished. It's why staking is so important How to make peeking punishable? For TEEs, there's no active proposal. For MPC, there is, and it's called traitor tracing. Traitor tracing == a way for a someone to prove their friend peeked via math i.e. If me and my buddy peek together. We're both traitors. My buddy can turn on me and slash me to oblivion
2 replies
0 recast
3 reactions
Lyron Co Ting Keh
@lyronctk
Used to only be possible for the case where "server" is one person, but recent work by [Dan Boneh, Aditi Partap, Lior Rotem] figured it out for the case where "server" is many people Incredible work! Massive stride toward swinging the pendulum heavily towards MPC > TEE No victory lap yet though. Still a big non-technical problem: my buddy needs to betray me Really tough to get the economics in place to incentivize this behavior, esp since my buddy and I can make lots of money by continuing being traitors So cryptographic part closer to "solved". Cryptoeconomic part, not close. Conclusion: Jury still out on MPC v TEE, though this was a big step toward making MPC better
2 replies
0 recast
0 reaction
ncitron.eth
@ncitron.eth
I've never understood the interest in this kind of research because collusion can always be done within a TEE (or even in a second layer of MPC) to ensure that no party can whistleblow.
1 reply
0 recast
1 reaction
