SMPC WIP

chapter-smpc/chapter.tex

@@ -73,6 +73,31 @@ of our design.
 
 \section{The Fundamentals of Multiparty Computation}
 
+Secure Multiparty Computation can be separated into two broad classes of approaches: Garbled Circuits, and Secret
+Sharing-based techniques. Garbled Circuit techniques model the computation as a circuit of binary logic components such
+as logic gates. They are well-suited for implementing cryptographic primitives such as conventional symmetric ciphers
+such as AES or hash functions such as the SHA-2 series. Secret Sharing-based techniques model computation as an
+arithmetic circuit made from components such as arithmetic operations. While they can also work in binary, they often
+support operations on larger finite fields. Secret sharing-based techniques are efficient processing integer numbers,
+but can have higher overhead in processing using many bitwise operations such as ciphers or cryptographic hash
+functions.
+
+\subsection{Security Models in MPC}
+
+MPC schemes are usually evaluated assuming one of three adversary levels: \emph{Semi-Honest}, \emph{Covert} or
+\emph{Malicious} adversaries. A \emph{Semi-Honest} adversary is an adversary that follows the protocol as specified, but
+that outside the protocol's execution may collude arbitrarily with other parties to reveal the secret inputs of other
+parties. A \emph{Covert} adversary is an adversary that additionally may cheat during the protocol's execution, but only
+in ways that cannot be detected by other parties. Finally, a \emph{Malicious} adversary is one that can deviate from
+the protocol's execution arbitrarily~\cite{aumannSecurityCovertAdversaries2010}. The covert adversary model most closely
+captures the requirements of a real-world scenario where a small number of cooperating parties runs the protocol, since
+in such settings cheating parties can easily be excluded once identified. The malicious adversary model captures
+real-world settings where parties do not have stable identities such as peer-to-peer settings. The semi-honest model is
+mostly interesting as a research tool since protocols assuming a semi-honest adversary can often be upgraded to covert
+or malicious security at some performance tradeoff. In a practical setting, a semi-honest secure MPC protocol would not
+provide additional security over just having one party run the computation except in some situations where inadvertent
+side-channel leakage is a concern.
+
 \subsection{Fundamental Primitives}
 \subsubsection{Secret Sharing}
 \subsubsection{Oblivious Transfer}
@@ -88,7 +113,6 @@ of our design.
 \subsubsection{OT extensions}
 \subsubsection{Constant-Round MPC}
 
-\subsection{Security Models in MPC}
 
 \subsection{Performance}
 
@@ -96,6 +120,10 @@ of our design.
 
 \subsection{Solutions}
 
+\subsection{Hardware Security Applied to MPC}
+
+Hardware security primitives can be applied in several roles in an MPC protocol.  
+
 \section{A High-Performance IHSM for MPC Applications}
 
 \subsection{MPC in HSMs}
@@ -108,7 +136,7 @@ see that a single, modern server-class CPU is sufficient for an useful amount of
 A naive implementation might attempt to implement MPC using an HSM by simply offloading all cryptographic operations to
 the HSM. In practice, this is not a workable solution due to the slow processing speed of conventional HSMs.
 Conventional HSMs commonly use smartphone-class SoCs, which lag behind server CPUs in processing speed by several orders
-of magniude.
+of magnitude.
 \todo{Cite some HSM/MPC papers here.}
 
 In the near term, absent radical developments in either MPC theory or in the speed and power efficiency of processing