Ensuring Integrity of Persistence Files
Closed this issue · 4 comments
Hi, we’re working with a client interface where clients connect, provide input, and then disconnect immediately afterward. (Essentially, the client that provides input doesn't need to be the one receiving the output.) Our setup requires continuously accepting new values from different clients, so we're using read_from_file and write_to_file to back up each new value provided.
The challenge we're facing is that a malicious party could potentially modify the persistence file, causing discrepancies between what we read_from_file and what we originally write_to_file, when we spin up mpc program to receive another client input.
We're exploring potential solutions to prevent this. One idea is to implement something similar to an output delivery protocol by tagging the secret-shared portions with random identifiers before calling write_to_file, allowing us to detect any unauthorized modifications.
However, we're unsure how to approach this, as write_to_file appears to function as a black box as instruction, definitely outside Python. Could you suggest alternative approaches, or provide guidance on whether our proposed solution makes sense?
Thanks!
I'm not really sure what to make of this. Are you assuming a malicious party that generally has access to the machine that the code runs on? In this case, the corruption model of malicious MPC kicks and the integrity is either guaranteed by the replicative properties of the secret secret sharing or the MAC in the secret sharing, and the output protocols run checks. Of course, the different protocol have different thresholds for how many parties can corrupted this way. On the other hand, if you aim for storage away from the computation parties (like a network folder), I would suggest you use encryption and authentication with keys held by the computation parties individually, for which there should be solutions available.
Thank you for the clarification! Basically, I would like to confirm that MPC protocols with functions write_to_file and read_from_file maintain the same security guarantees as those without using these functions (even in a malicious MPC setting). Specifically, is running two consecutive MPC protocols—where the first ends with write_to_file and the second begins with read_from_file—equivalent, in terms of security, to running the two protocols in a single continuous session?
If it's the same protocol with the same logical parties, I don't see any difference to keeping the shares in memory as it's just a difference kind of storage with the same security considerations.
Appreciate! Thanks very much :)