Private Computation Abstraction (MPC and TEEs) #14
Conversation
There was a problem hiding this comment.
Lots of comments here. I'm not happy with the tail end of this, but I'm running out of steam for doing suggestions.
The build-up is fairly solid though. I've some points on framing throughout.
I couldn't identify where to put the DP piece in; that might need some more thought.
Co-authored-by: Martin Thomson <[email protected]>
|
Thanks Martin, very helpful feedback. Merged a bunch of the suggestions in, and will spend some more time continuing to iterate. |
|
Is there a value in noting the potential for combining private computation methods i.e., TEEs and MPCs being leveraged for different aspects of workflows? |
|
@bmayd, if we choose something other than TEE, then that technology could be used to fortify the operational security of any alternative. I don't believe that this would be a strict requirement from our perspective as a prospective client of these services, but it is an option that becomes available if we are less than perfectly certain about the operational practices of a potential MPC participant (for example). |
|
Nit: this doc talks briefly about privacy budgeting in the privacy section. It also talks about trust and security in the MPC and TEE private computation options, but only in the context of keeping the data and computation private. Would it make sense to explicitly cover how to make privacy budgeting trusted? |
|
From the introduction:
I suggest instead of Privacy, we make the first bullet: Purpose Limitation: User-agents are reasonably assured that the API is purpose constrained such that no party can acquire data outputs other than what is intended and expected by the user-agent, given the inputs it provides. Add bullets for verifiable input and auditability: Verifiable Input: Parties using the API are reasonably assured that data provided by user-agents is accurate, reliable and honest. Auditability: Parties providing data to, or receiving data from, the API can receive reports identifying: when, how, by whom and to whom data was communicated; when, how and by whom data and processed. Correctness: Parties receiving the intended result can verify that the protocol is executed correctly and that the amount a result can be skewed, intentionally by adding noise, or by malicious input, is bounded, known and reported. |
Co-authored-by: Martin Thomson <[email protected]>
There was a problem hiding this comment.
Thanks @eriktaubeneck for this writeup. In general it looks good to me, although I have one major comment about the min size of coordinator networks.
Adding suggestions from @martinthomson and @csharrison. Thanks both! Co-authored-by: Charlie Harrison <[email protected]> Co-authored-by: Martin Thomson <[email protected]>
|
Thank you @martinthomson @bmayd @marianapr @palenica @csharrison for all the feedback. THIS IS STILL A DRAFT, so I'm going to merge it at this point incorporating that feedback. We also opened a bunch new issues, where we can continue to discuss some of these individual points: @AramZS we might have a whole mess of agenda topics for our next meeting 😜 |
This pull request attempts to add "private computation" as an abstraction, which can be (potentially) be achieved by both MPC and TEEs. This avoids the need to include a specific technology in the standard, and enables web platform vendors (i.e. implementers) to decide which constructions to support.
It also proposes that web platform vendors can choose their specific privacy budget allotment (which is somewhat tied to the ability to support multiple private computation construction.