It’s almost time for the multiparty computation session at #realworldcrypto and I’m super excited to see new examples of practical applicationspic.twitter.com/w1r7SeZ2An
-
-
Also, shout out to
@IARPAnews which is current running the HECTOR program on usable MPC compilersPrikaži ovu nit -
Ok this is getting very in the weeds (in a good way) about the Tradeoffs of different MPC framework approaches
Prikaži ovu nit -
We are now getting into the dirty laundry of all the issues with documentation in some frameworks
Prikaži ovu nit -
Two of the *best* documented are the (DARPA-funded!) SCALE-MAMBA and Sharemind.pic.twitter.com/VSWbepN1Nr
Prikaži ovu nit -
Sharemind was supported by the DARPA PROCEED program, while SCALE-MAMBA is suported by both the Brandeis and RACE programs.
Prikaži ovu nit -
-
(A question for the previous talk is who you would trust with actually sensitive data- only framework named was Cybernetica’s Sharemind because professionals are actively being paid to support it)
Prikaži ovu nit -
(That’s not to say it’s the only one trustable, the speaker was just being conservative in her recommendations)
Prikaži ovu nit -
(Interestingly, this talk has received more questions/comments then any other talk at
#realworldcrypto so far)Prikaži ovu nit -
-
Noooo, this talk isn’t about MPC, just “multiple parties doing cryptography”. Not gonna lie, I’m disappointed
Prikaži ovu nit -
Now we’re talking about a service to find things like devices of your friends. Can’t imagine what the privacy issues with that would be
(*whispers* sometimes it’s the computation itself that is privacy-leaking)pic.twitter.com/yhc5xAgf6q
Prikaži ovu nit -
Now speaker is explaining how they can locate your Apple device while it is offline.
Prikaži ovu nit -
So this whole talk is gonna be about how only the people you want to track you can track you.
Prikaži ovu nit -
Linking to
@durumcrustulum’s thread on this talk https://twitter.com/durumcrustulum/status/1215286857241591809?s=21 …https://twitter.com/durumcrustulum/status/1215286857241591809 …
Prikaži ovu nit -
Next talk! Building new hash functions for zero knowledge. Why do we need different ones? Because SHA has a giant circuit/R1CS description and they want smaller ones for protocol efficiencypic.twitter.com/EyTTVFKcno
Prikaži ovu nit -
ZCash v1.0 took 45 seconds just for a SHA-2 use (within the ZK proof statement)pic.twitter.com/9RKd7zXpja
Prikaži ovu nit -
This is a really interesting (if niche) area of cryptography- building crypto primitives that won’t be used in the wild, but rather will only (?) be used in the description language for other crypto primitives (MPC in the Head-based ZK is another area for this)
Prikaži ovu nit -
Want to use more finite field-type hashes (like Pedersen commitment based) because R1CS is basically field arithmetic so it’s much more compactly representable (versus SHA which is more intuitively describable as a Boolean circuit)pic.twitter.com/hP4lZTSVCz
Prikaži ovu nit -
Side note- what can possibly go wrong when we roll new crypto to build a currency
Prikaži ovu nit -
What follows was a description how their new hash has fewer S-Box operations because the degree of the polynomial (thinking about this as an arithmetic circuit) is the same... so who needs more of them
(huh)pic.twitter.com/4UX7upHACw
Prikaži ovu nit -
Their hash functions are *really* small (in terms of R1CS size) vs even Pedersen hashpic.twitter.com/Zomb3wIEsB
Prikaži ovu nit -
-
Aaaaand now time for questions. That was quite a session. Wish there had been more actual MPC but whatever, I’m biased
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
