- From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
- Date: Thu, 31 Mar 2022 03:22:16 +0000
- To: public-patcg@w3.org
Nigel Smart is unable to make it, but sent this summary (with permission to share here to the group): > 1. TEEs > 1. Fast to process data > 2. You need to trust the person holding the TEE to not run a side-channel attack. These have not yet been run on non-crypto code [to my knowledge] on a TEE, but that is going to be easier than breaking crypto code on a TEE IMHO. Side-channels are inherently going to be a problem with TEEs as the basic computer architecture is inherently full of deep pipelines, caches and prediction mechanisms. This is not going to go away soon; we have had 30 years of computer architecture work going in the other direction. > 2. MPC > 1. Can process some things very very fast. > 2. Requires multiple parties > 3. Here the real business benefit is not really processing private information, but allowing different parties to come together to unlock data which they could not [or did not want to] do before. More *partnership* enhancing technology rather than *privacy* enhancing technology. > > This last point is often missed in industry when I talk to them. Private computing is in some sense a poor analogy. There is no point computing something privately if the thing you compute breaks privacy [50% of all proposed applications I have seen do exactly this]. To apply MPC or TEEs one may need to re-engineer the end application, which may be impossible [a lot of data science workflows have this problem]. This wipes out another 25% of the proposals that come across my desk for applications. That leaves 25% of *existing* applications *potentially* suitable. Rule out another 90% due to the tech not being fast enough and you get the small percentage for which TEE/MPC/FHE can be *currently* applied. > > However, the important point above is about *existing* applications. The real benefit is doing stuff, and opening new opportunities, which were not available before. Thus the term "private compute" makes people think of taking some existing computation and making it private. This leads to straight jacketed thinking, so IMHO its best to avoid such terms and concentrate on "*partnership* enabling technologies". > - Even TEEs require two parties, the one who has the TEE and the > one who sends the data to it. > - FHE has two parties. The one who computes, and the one who > decrypts > - MPC obviously has more than one party ;-) -- GitHub Notification of comment by eriktaubeneck Please view or discuss this issue at https://github.com/patcg/meetings/issues/39#issuecomment-1084031361 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 31 March 2022 03:22:17 UTC