lschoe
commented
3 years ago Well, the semantics of mpc.gather() is as follows.
First it's important to understand that this function call won't return a normal value that can be processed right away. Rather, it will return an awaitable object in much the same way as Python's asyncio.gather() does.
So, let's assume a is a secure integer and we run await mpc.gather(a). The result will then be the share of a belonging to the party running (a copy of) the MPyC program. If you run MPyC with m = 1 party you will see the actual value of a because the secret sharing is trivial. But if you look carefully, you will also see that the type of the result is not a secure type anymore, but a finite field type. In other words, await mpc.gather(a) gives you the share in the underlying finite field used for Shamir secret sharing. If you run MPyC with m = 3 parties you'll see meaningless values corresponding to the shares of a.
A related function is mpc.output(), which is also asynchronous. If you run await mpc.output(a) the result will actually be of type int and it represents the value of the secure integer a after all shares have been pooled together for reconstruction in Shamir secret sharing (and after casting the secret which lives in a prime field to an int).
For basic use of MPyC one does not need to bother about mpc.gather(). It's mainly used inside "kernel" routines that need to operate on secret shares directly. However, mpc.output() is commonly used to "open" anything that one wants to output in the clear as the result of a privacy-preserving computation.
cyckun
Hi, a question puzzle me when i read the code in runtime.py, about the function mul(self, a, b), why gather(a)? gather operation will reveal the true value of a to the peer, i think this operation is not secure. is my understanding wrong?