1. 20

  2. 7

    Can someone help me parse “maliciously secure”? Seems it’s used broadly in SMPC research, would love a primer (or rather a pointer to one) on what that claim means.

    1. 9

      Here, maliciously secure is about the thread model. It implies that an adversary may arbitrarily deviate from the protocol, may arbitrarily corrupt data, abort the protocol, and more.

      The Pragmatic MPC book has a much better explanation though: https://securecomputation.org/docs/ch2-definingmpc.pdf – chapter 2.3.3:

      A malicious (also known as active) adversary may instead cause corrupted parties to deviate arbitrarily from the prescribed protocol in an attempt to violate security. A malicious adversary has all the powers of a semi-honest one in analyzing the protocol execution, but may also take any actions it wants during protocol execution. Note that this subsumes an adversary that can control, manipulate, and arbitrarily inject messages on the network (even through throughout this book we assume direct secure channels between each pair of parties).

      1. 1

        Appreciate the brief explanation and pointer in the right direction!

      2. 8

        It should mean “it’s secure, and it uses the fact that it’s secure for evil purposes”, but I don’t think that’s what they’re going for.

        1. 2

          … or “The protocol is secure even against certain ‘evil’ adversaries”

          1. 13

            … or “The protocol is secure even against certain ‘evil’ adversaries”

            Isn’t that just “secure”? Because anything less is “not secure”.

            1. 2

              That doesn’t really fall out of the syntax though — you have to read it in an unnatural way.

              Plus I pretty much agree with ansible-rs here. I get it, it’s defining the capabilities of the adversary as being a Mallory, not an Eve, or an Eve who participates but without blowing cover — but A) as soon as you take away even a little bit of context, and try to read it as English, it’s terrible (“Yeah, we’re secure against people who are actually trying to break things for bad reasons!” “Okay, gold star.”), and B) why not just call M-secure “secure”, and E-secure “confidential”?

              Not that I really think there’s a chance of changing anything, I just think it’s an unfortunate sequence of words.

        2. 2

          They also built an SMPC-secured version of Wordle on top of this called “Encryptle.” In addition to the game itself, the web app provides an excellent ELI5 introduction by example to the workings of SMPC: https://encryptle.sine.foundation/

          1. 1

            I feel like this technology is at high risk of overpromising - in particular, if you use it to compute reversible functions then it doesn’t matter that your counterparty kept their input secret.