Diversity and tradeoffs in MPC standardization

Abstract. In this talk we will argue on the need to standardize diverse protocols with different tradeoffs. It isn’t possible to determine a specific protocol or tool as a “winner” due to the different deployment needs. Some examples of this needed diversity include: honest majority versus dishonest majority, low bandwidth versus low computation (there is very often such a tradeoff), efficiency versus computational assumptions, complexity of implementation versus complexity of the security proof, and so on. There are also questions regarding the security model (is adaptive security needed, is proactive security needed, etc.) There is no “right answer” as to which model is the “right one” as there is no “right answer” as to what hardness assumptions are “reasonable”. This makes standardization a challenge. However, this difficulty can be mitigated by standardizing multiple options and allowing deployers to make a choice depending on their specific setting, efficiency requirements and risk appetite. We will also raise questions (with no good answers) regarding how to deal with the natural advancement of tools in this area, so that standardization serves to advance rather than impede the field.

[Slides]