Question about the fundamental security of MPC


could you use a Dark DAO-like paradigm to break MPC-based computations?

everyone sends their share to an SGX machine, which only releases the info/bribes if enough shares are collected?


I don’t see this as a new attack vector, it’s just one way to obfuscate collusion - but assuming some amount of honest participants (even as low as 1 node) is part of the threat model with MPC.

In practice, there are several ways to make collusion impractical:

  1. Nodes run their MPC computations inside of an enclave - making leakage of shares hard (think about it as compounding the security of both together). I believe that in time, with TEEs becoming more robust, this would become extremely infeasible and more expensive than it’s worth.

  2. With a very large network and the committees approach (assuming each committee is large enough), it would be very hard to coordinate a collusion. Even if there are services that make it easy.

  3. For really sensitive applications, we should allow for user-centric computations, where users can ensure they hold at least one share of the information.

There are other arguments as well, for example, I believe that the overall utility of playing honest is higher, compared to trying to actively hurt the system in something that would yield short-term higher gains (but potentially no gains in the future - if the system as a whole fails).

Overall, I think such attacks would be more expensive than the utility they’d provide, which would break their viability.