Re: [proposals] Why are multi-party computation solutions the only ones that should be considered? (#7) from Ben Savage on 2022-02-11 (public-patcg@w3.org from February 2022)

From: Ben Savage <btsavage@fb.com>
Date: Fri, 11 Feb 2022 08:24:23 +0000
To: Kiran Gopinath <kiran.gopinath@gmail.com>, "public-patcg@w3.org" <public-patcg@w3.org>
Message-ID: <PH0PR15MB435116FF3936D33E19F34FE0A0309@PH0PR15MB4351.namprd15.prod.outlook.com>

We did touch on this topic.

Here's the relevant snippet from the minutes<https://docs.google.com/document/d/1ZH_UOOMSFG5X-l72wIFeQ7h69FFi5S_R_eTyH5JYm4I/edit?usp=sharing>:



Ekr: comment- I do not feel that using a Trusted Execution Environments are feasible at all. There is a lot of work on attacking, and it’s trivial with physical access.  Side-channel attacks are not in the SGX threat model.


Charlie: Great point . The point of the flight is that these things are not foolproof. I would say it is a marginal improvement but not worseless


Ekr: we need low value to attacker

Ben S: I‘m uninterested in trusted execution envs for another reason. it seems that there is  a limited supply of trusted hardware in the world. This approach will run across this problem

________________________________
From: Kiran Gopinath <kiran.gopinath@gmail.com>
Sent: Thursday, February 10, 2022 11:39 PM
To: public-patcg@w3.org <public-patcg@w3.org>
Subject: Re: [proposals] Why are multi-party computation solutions the only ones that should be considered? (#7)

Wondering if confidential computing<https://confidentialcomputing.io/> was or is being considered as an option by anyone.

On Thu, 10 Feb 2022 at 14:24, Martin Thomson via GitHub <sysbot+gh@w3.org<mailto:sysbot%2Bgh@w3.org>> wrote:
@alextcone, I just changed the name back (I agree that the discussion stopped making sense under James' new title).

To @michaelkleber's question, the logic is simple:

1. Requirement: We want to design an aggregation system in which no single [malicious|compromised] party can get non-aggregated data
2. (Unstated requirements): the system produces useful information; the system does not cost inordinately much; etc....
3. Analysis: MPC is most likely outcome.

Like @eriktaubeneck, this isn't an absolute position, it's a prediction or even a guess about what is most likely to work.  It's not saying that alternatives don't exist, but that they seem less likely to be able to address the requirement.


--
GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/patcg/proposals/issues/7#issuecomment-1035592648 using your GitHub account


--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 11 February 2022 08:24:43 UTC