Threshold Call (2pd): Multi-part specifications

[Brandao, Luis (IntlAssoc)]

Dear MPTC-forum,

The second public draft (2pd) of the Threshold Call will revise/refine the submission logistics, including the section about written specification (M1).

To foster collaboration and modularization, the process will facilitate different teams coming together to work out a submission that avoids duplicate work, promotes consistent notation, and achieves interoperability within a template approach. The possibility described ahead, for collaboration between teams, is encouraged (when it simplifies the process) but not required.

The idea to incorporate in the 2pd is to allow the "written specification" (component M1) to modularly specify more than one "crypto-system" (threshold scheme, ZKP, or main building block contributed for the body of reference material). Each crypto-system can be associated with a responsible subteam, not required to be the entire team. The document includes some common parts ("preliminaries" and "backmatter"), defining consistent notation, some building blocks, networking assumptions, references, and possibly even a large portion of the security analysis. Yet, the single PDF document then separates various "Crypto-System" (or families of crypto-systems) into several "parts" (imagine a "part" as a chapter, which then contains various sections) that can be claimed by different sub-teams.

Here is a toy example: Two teams (Team1 and Team2) are each aiming to submit a threshold scheme (TS) for a primitive of type “a”, and another threshold scheme for a primitive of type “b”. All these threshold schemes (TS_1a, TS_1b, TS_2a, TS_2b) use as common building blocks two related gadgets (G_c and G_d) and one ZKP (ZKP_E) and a corresponding related gadget (G_f). The ZKP and its related gadget (G_f) were primarily designed by another team (Team3), which is encouraged to join the effort. Combining efforts, a super-team Union{Team1, Team2, Team3}, composed of the three subteams, submits a single package that modularly organizes the specification of the various crypto-systems, overall reducing redundancy as compared to separate packages submitted by the various teams.

The composition of each (sub)team is identified in association with the corresponding proposed crypto-systems. For example, the resulting specification could have the following Crypto-system “parts”:

• Part I (by Team1+Team2): Gadgets G_c, G_d

• Part II (by Team3): ZKP ZKP_e and gadget G_f

• Part III (by Team1): Threshold schemes TS_1a, TS_1b

• Part IV: (by Team2): Threshold schemes TS_2a, TS_2b

In other words, teams with related proposals can choose their preference between making joint submissions of multiple crypto-systems (such as exemplified), or separate submissions.

A different use-case can be one where a single team develops various crypto-systems of different types, but the crypto-systems are closely related in terms of building blocks, system model, assumptions, etc. The team can also choose to organize a submission with a specification with various "parts", if it improves the specification and analysis, instead of multiple separate specifications. 

The "reference implementation" component (M2) would include one repository with at least one folder or subfolder per crypto-system, with the corresponding core code. As useful, the core code for any crypto-system can also call code included in other folders (e.g., compilers, networking primitives, other crypto-libraries, and/or other building blocks). Note: the 2pd will combine the "execution instructions" component (old "M3") into "M2".

The "experimental evaluation" component (M3 [old "M4"]) of the submission evaluates all crypto-systems, with an easier ability to use a common evaluation structure, and (when applicable) directly comparing various crypto-systems.

We welcome feedback about this structure.

Thank you in advance for considering this question.

--

Regards, Luís

(On behalf of the MPTC Project)

P.S. During WPEC 2024 (virtual; free attendance) this week (Sep 24–26), there will be various presentations about FHE, MPC and ZKP, which are in scope of the Threshold Call. There will also be a short presentation with some notes about the upcoming second public draft of the Threshold Call.

--

Luís Brandão

Foreign Guest Researcher at NIST (Contractor via Strativia)