Tandem is an SMPC engine implementing the WRK171 protocol as a non-blocking FSM, with an OT extension and optimizations based on ALSZ132 and a base OT implementation based on ABKLX213.
For the time being, Tandem only supports two-party computation.
Please note:
The present is still an alpha release. Caution is therefore recommended when using it. Although the engine is secure, no highly-sensitive data should yet depend on it.
If you find any bugs, encounter unexpected behavior or have suggestions on how to improve Tandem, please let us know by opening an issue.
The following is a very high-level description of how the Tandem engine works. For a more detailed approach, please refer to the code-level documentation, starting here.
The protocol implemented by the Tandem engine rests on the exchange of encrypted messages between two parties: the Contributor
and the Evaluator
. The Contributor
provides an input to the MPC protocol and always sends the first message. The Evaluator
evaluates the circuit (together with its input) and decrypts the output.
Both Contributor
and Evaluator
need three arguments to be initialized: a Garbled Circuit, input gates (an array of bool
s) and an RNG (in this case ChaCha20Rng
). When the Contributor
is initialized, its original state is determined and an encrypted message is generated. The Evaluator
is initialized with an original state but no message. Rather, it awaits a message from the Contributor
.
The protocol starts when the Contributor
sends its initial message to the Evaluator
. Based on the received message, the Evaluator
sends another encrypted message to the Contributor
and transitions into a new state. Receiving the message from the Evaluator
, the Contributor
sends a new message and transitions into a new state. This back-and-forth communication takes place a total of six times. When the final message is received by the Evaluator
, the output is decrypted and the protocol ends.