Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration of SH and Malicious Shuffle #1260

Open
danielmasny opened this issue Sep 6, 2024 · 0 comments
Open

Integration of SH and Malicious Shuffle #1260

danielmasny opened this issue Sep 6, 2024 · 0 comments

Comments

@danielmasny
Copy link
Collaborator

Ideally we would hide the details of the shuffle from the caller. The caller just specifies the context which is either SH or Malicious. When invoking shuffle, the context would determine which shuffle protocol is executed.

The high level idea is that shuffle runs the following subroutines:

  • Upgrade Inputs
  • Shuffle Protocol on Upgraded Inputs
  • Downgrade Shuffle Protocol Output

In the semi-honest setting, Upgrade and Downgrade do nothing and the Shuffle Protocol Output only consists of the output shares.

In the malicious setting, Upgrade generates a set of key. For each input row, we use this set of keys (which are secret shared) to compute a MAC tag and append it to the row. During the Downgrade, the tag is verified using the keys (which are revealed in MPC) and the Shuffle Protocol Output. The Shuffle Protocol Output contains the output shares together with the messages sent between the Helpers during the shuffle protocol which need to be verified as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielmasny