mirror of
https://github.com/tlsnotary/website.git
synced 2026-01-08 22:38:08 -05:00
5 lines
827 B
Markdown
5 lines
827 B
Markdown
To ensure malicious security of the Garbled Circuits 2PC, TLSNotary uses the [Dual Execution protocol](https://securecomputation.org/docs/pragmaticmpc.pdf) (see Section 7.6).
|
|
|
|
DualEX inherently leaks n bits of private input with probability $\frac{1}{2^n}$. This is not a problem during the TLS handshake when the private inputs are symmetric keys or hash pre-images. Leaking n bits does not give the adversary any advantage, since with the same probability the adversary may have guessed those bits while brute-forcing the key or the pre-image.
|
|
|
|
However, the leakage becomes a problem when encrypting the request or decrypting the response, since leaking even 1 bit of the plaintext may be catastrophic for the User's privacy. To overcome this leakage, we use a variant of DualEx where privacy is guaranteed only for the User. |