Lyron Co Ting Keh
@lyronctk
Crazy question raised by traitor tracing: How much money would it take to betray your friend? Traitor tracing is the best mitigation we have for server side privacy breaches (the core of the MPC v TEE discussion) MPC == "server that stores your data" is split between 10 people, users are hoping they don't get together to peek TEE == "server that stores your data" is a fancy box that's hard to break in to, users are hoping Google doesn't peek Unclear which one's better. Both are bad for the same reason: peeking historically hasn't been punishable Not good. Crypto rests on bad actors getting punished. It's why staking is so important How to make peeking punishable? For TEEs, there's no active proposal. For MPC, there is, and it's called traitor tracing. Traitor tracing == a way for a someone to prove their friend peeked via math i.e. If me and my buddy peek together. We're both traitors. My buddy can turn on me and slash me to oblivion
2 replies
0 recast
3 reactions
Lyron Co Ting Keh
@lyronctk
Used to only be possible for the case where "server" is one person, but recent work by [Dan Boneh, Aditi Partap, Lior Rotem] figured it out for the case where "server" is many people Incredible work! Massive stride toward swinging the pendulum heavily towards MPC > TEE No victory lap yet though. Still a big non-technical problem: my buddy needs to betray me Really tough to get the economics in place to incentivize this behavior, esp since my buddy and I can make lots of money by continuing being traitors So cryptographic part closer to "solved". Cryptoeconomic part, not close. Conclusion: Jury still out on MPC v TEE, though this was a big step toward making MPC better
2 replies
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
- All credit goes to the authors of "Accountability for Misbehavior in Threshold Decryption via Threshold Traitor Tracing"! Link to paper in replies - Term MPC here really refers to threshold decryption, a subcomponent - Lots of technicalities swept under rug
1 reply
0 recast
0 reaction
Hang Yin
@h4x3rotab
Why do you think ppl should debate on MPC vs TEE? It seems to me TEE the fancy box can just apply to MPC nodes to make it much harder to break, with just a tiny amount of overhead or cost. As such, when TEE is used as a defense-in-depth, I suppose much less staking is needed to achieve same level security.
0 reply
0 recast
0 reaction
