MPC Mode
Introduction
The Multi-Party Computation (MPC) in this project is primarily used to enable secure collaboration between the Prover and the Notary for encryption and decryption operations in a TLS connection, ensuring data privacy and verifiability.
The Prover requests data from the Server via TLS while collaborating with the Verifier in a secure and privacy-preserving Multi-Party Computation (MPC) process.
The Prover selectively discloses data to the Verifier.
The Verifier validates the data.
The Verifier and Prover jointly compute the key for TLS communication with the Server. However, since the Verifier only holds a portion of the key, it cannot decrypt the ciphertext.
MPC Mode allows the Prover to selectively disclose data to the Verifier. Before sharing, the Prover can redact sensitive data to protect privacy. This capability can be combined with Zero-Knowledge Proofs (ZKP) (see ZKP). Through ZKPs, the Prover can demonstrate specific attributes or properties of the redacted data without revealing the data itself. This enables the Verifier to confirm certain characteristics or conditions of the data without accessing its actual content.
Thus, selective disclosure combined with zero-knowledge proofs provides a method to ensure data usability while preserving privacy.
Attestation Generation Sequence Diagram
1. TLS Session Stage
The Prover (P) initiates an MPC-TLS connection request to the Notary (N).
The Prover sends TLS handshake data to the Notary.
The Notary verifies the handshake data and records session parameters, establishing a secure foundation for subsequent operations.
2. Data Submission Stage
The Prover submits the TranscriptCommitConfig configuration to the Notary, including encoded commitments or hash ranges.
The Notary generates a Merkle Tree Root based on the submitted data for data integrity and consistency verification.
3. Attestation Generation Stage
The Notary constructs the AttestationBody, incorporating connection information, keys, and commitment data.
The Notary signs the attestation body with its private key, generating a signed attestation.
The Notary returns the signed attestation to the Prover.
4. Presentation Building Stage
The Prover selects the data range to disclose (sent/received data).
The Prover generates a TranscriptProof and combines it with an IdentityProof.
The Prover sends the completed Presentation to the Verifier.
5. Verification Stage
The Verifier validates the received presentation:
Verifies the signature's validity to ensure the attestation has not been tampered with.
Checks the consistency of the commitment to confirm data integrity.
Reconstructs a partial transcript (PartialTranscript) to complete the verification process.
Last updated
Was this helpful?