You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 25, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: docs/architecture.md
+23-25Lines changed: 23 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,51 +4,49 @@ sidebar_position: 2
4
4
5
5
# Architecture
6
6
7
-
We use a client-server architecture, where there are 3 parties running all the time while data providers and consumers serve clients, i.e. data providers can go offline after providing their data and data consumers can go offline after querying the results.
7
+
We use a client-server architecture where data providers and consumers delegate MPC computations to three long-running computation parties. This setup balances user experience and data security, allowing participants to submit data without staying online during computation while ensuring privacy through non-colluding servers.
8
8
9
-
The core components are:
9
+
## Components
10
10
11
-
-**Coordination Server**: provides API for data providers and consumers to interact with, and coordinates computation sessions between computation parties.
12
-
-Verifies TLSNotary proof and prevents Sybil attacks.
13
-
-Implements rate-limiting to prevent DoS attacks.
14
-
-**Computation Parties**:
15
-
- Store secret-shared data received from data providers.
16
-
- Perform MPC computations defined in DSL
11
+
-**Coordination Server**: Coordinates communication between data providers, data consumers, and computation parties.
12
+
-Implements basic congestion control, rate-limiting, and sybil prevention to maintain system robustness.
13
+
-Does not access or store plaintext data.
14
+
-**Computation Parties (3 servers)**:
15
+
- Store encrypted data received from data providers.
16
+
- Perform statistical operations defined in MPC while verifying the data matches TLSNotary proof.
17
17
- Return results to data consumers.
18
18
- Each party operates independently to ensure security.
19
-
-**TLSNotary Server**: data providers prove their data using it.
20
-
- Modified from the original TLSNotary server so the proved data is a commitment instead of plaintext. Later in MPC program, we verify the commitment matches the data provider's data.
19
+
-**TLSNotary Server**: Data providers use it to generate proofs confirming their data is authenticated from verified websites.
21
20
-**(Optional) Client API**:
22
-
-It's essentially a data consumer, but it's a REST API service that periodically polls computation parties for results and caches them
23
-
-Provides a simple interface for end users to query statistical results without interacting with the coordination server (and thus triggering MPC computations)
21
+
-Acts as a data consumer by periodically polling computation parties for results and caches them.
22
+
-Offers a simple REST API for end users to query statistical results without directly interacting with the Coordination Server, preventing unnecessary MPC computations.
24
23
25
-
## Workflow
24
+
## System Workflow
26
25
27
26
### Data Proving and Sharing
28
27
29
28
30
29
31
-
1. Data providers prove their balance using the Notary Server and obtain a TLSNotary proof.
32
-
2. Data providers submit the TLSNotary proof to the Coordination Server, signaling their intent to share data.
33
-
3. The Coordination Server instructs computation parties to initiate an MPC session on designated ports and wait for data providers to connect.
34
-
4. Data providers run a client to secret-share their balance with the computation parties.
35
-
- Computation parties verify if the secret-shared balance matches the one in the TLSNotary proof. If not, they reject the data provider.
30
+
1.**Proof Generation**: Data providers use the TLSNotary Server to prove data authenticity.
31
+
2.**Submission**: Data providers submit the TLSNotary proof to the Coordination Server, signaling their intent to share data. The Coordination Server instructs computation parties to initiate an MPC session on designated ports and wait for incoming data.
32
+
3.**Data Sharing**: Data providers use a client to secret-share their data with the computation parties.
33
+
- Computation parties verify the secret-shared data against the TLSNotary proof. Invalid submissions are rejected. Otherwise, store the secret-shared data.
36
34
37
35
### Query Computation
38
36
39
37
40
38
41
-
1. Data consumers submit a query to the Coordination Server, requesting aggregated statistics.
42
-
2. The Coordination Server instructs computation parties to perform MPC on the shared data.
43
-
3. Data consumers retrieve the statistical results from the computation parties through the client interface.
39
+
1.**Query Submission**: Data consumers send a query to the Coordination Server to request aggregated statistics.
40
+
2.**Computation Trigger**: The Coordination Server instructs computation parties to perform MPC on all submitted encrypted data.
41
+
3.**Result Retrieval**: Data consumers obtain the statistical results from computation parties through the client interface.
44
42
45
43
## Security Considerations
46
44
47
-
- Coordination Server:
45
+
-**Coordination Server**:
48
46
- Centralized to streamline coordination but does not access or store plaintext data.
49
47
- Rate-limiting and participant verification reduce the risk of Sybil attacks and DoS.
50
48
- In Binance case, we expose a field "uid" in the TLSNotary proof, which is a unique identifier for each data provider. This way we prevent Sybil attacks by checking if the uid is unique.
51
-
- Notary Server:
49
+
-**Notary Server**:
52
50
- Participants trust the Notary Server to generate a correct proof.
53
-
- By default, we use a local notary whose private keys are exposed, so it's possible for people to forge it. Running a remote notary server can mitigate this risk.
54
-
- Computation Parties: Computation parties must be operated by non-colluding entities to prevent reconstruction of participants' balances.
51
+
- By default, we use a local notary whose private keys are exposed, so it's possible for people to forge it. A trusted party running a remote notary server can mitigate this risk.
52
+
-**Computation Parties**: Computation parties must be operated by non-colluding entities to prevent reconstruction of participants' balances.
Three participants prove and share their followers count on [page 0](https://jernkunpittaya.github.io/followers-page/party_0.html), [page 1](https://jernkunpittaya.github.io/followers-page/party_1.html), and [page 2](https://jernkunpittaya.github.io/followers-page/party_2.html), respectively. We then derive the statistics of all participants using MPC.
This example was built for our [Devcon 2024 demo](https://pse-team.notion.site/MPCStats-Devcon-Demo-Report-3055bb69afd24d60bf8ee8d4fa5f774c). Participants can prove and share their Binance ETH balance in their spot account using the Binance API. We then derive the mean, median, max, and gini index of the balances of all participants, without revealing their individual balances.
0 commit comments