Threshold Call (2pd): implementation code with external dependencies

[Brandao, Luis (IntlAssoc)]

Dear MPTC-forum,

The second public draft (2pd) of the Threshold Call (NIST IR 8214C) will revise/refine the submission logistics, including the section about reference implementation (M2).

The following considerations take into account that the essential nature of the envisioned process is to build a collection of reference material, rather than being a "competition" process.

External dependencies

Regarding the requirement of reference implementation, the current idea for the upcoming 2pd is as follows:

The reference implementation will include the team's core code, and can include open-source dependencies (e.g., externally developed compilers, crypto libraries, networking libraries, etc). Whereas the initial public draft foreseen only bundled dependencies (to be included along with the packaged code), the current idea for the 2pd is to also allow implementations that refer to open-source external dependencies(i.e., dependencies not bundled with the teams' packaged code). The submitted code still includes a build-script, for automatic downloading and installing the external dependencies. 

While there is value in promoting reproducibility (e.g., by identifying the exact versions of the dependencies), we are aware that this may be difficult. So, in a balancing act, the precision of identification of external dependencies (needed to compile/execute the crypto system, but not included in the submitted code) is left to the submitters' discretion ("do the right thing").

We welcome community suggestions on how teams can strive for a good balance between promoting reproducibilty and using external dependencies, without hindering the ability to make available a compilable/executable reference implementation. Note: in complement to the submission process, teams can (but are not required to) also make available virtual machines and/or container images with a complete environment for their implementation.)

Git posting

Regarding the posting of submitted code, the current idea for the upcoming 2pd is as follows:

The call requests that each submission email includes a commitment to a version of a Git-repository in the team's control and containing the team's code. NIST-MPTC then clones each team's code into a submodule of a GitHub:usnistgov/threshold-crypto repository ("MPTC-repo").

The gathering of code in multiple MPTC-repo submodules is intended to facilitate the public listing of and accessibility to the submitted code. The MPTC-repo will also include a list of links to the teams' Git-repositories, so that anyone who so wishes can easily find ongoing updates performed by the teams, after the submission.

If, in the future, NIST-MPTC decides to set a phase/deadline for updates of the submitted specifications and implementations, the submodules of the MPTC-repo can then also be updated.

We welcome feedback about this structure.

Thank you for your attention.

Luís

(On behalf of the MPTC Project)

--

Luís Brandão

Foreign Guest Researcher at NIST (Contractor via Strativia)