Side-Channel-Attack Resistance

While some alternative confidential execution platforms such as TEEs (Trusted Execution Environments) rely on hardware to obfuscate sensitive information, this has enabled numerous types of side-channel attacks (for reference see sgx.fail) on them since their inception, leaving them vulnerable to information extraction and manipulation and thereby nullifying their privacy guarantees. In contrast, BDOZ exclusively relies on computational and information-theoretic security, meaning neither a malicious peer nor a majority of them can extract or falsify information as long as the security assumptions are met.

While this is true in theory, some insecure MPC implementations may still be vulnerable to so-called timing attacks, whereby an attacker will deduce some information about another peer’s private shares by registering slight variations in latency while receiving data, as some local operations take more or less time depending on the value of the operands. The solution is to always rely on constant-time operations locally, which makes it impossible to extract information using this method. The Arcium Network's MPC implementations are hence implemented in constant time.

Last updated