Reflections on trusting distributed trust

TL;DR

This paper proposes a framework for publicly auditable distributed trust systems, enabling organizations to verify trust deployment using secure hardware and append-only logs, addressing deployment challenges.

Contribution

It introduces a novel approach allowing users to audit distributed trust systems post-deployment, using two key building blocks: secure hardware and append-only logs.

Findings

Framework enables efficient, cheap setup of auditable distributed trust systems.

Leverages existing secure hardware and logging implementations.

Provides infrastructure recommendations for easier deployment.

Abstract

Many systems today distribute trust across multiple parties such that the system provides certain security properties if a subset of the parties are honest. In the past few years, we have seen an explosion of academic and industrial cryptographic systems built on distributed trust, including secure multi-party computation applications (e.g., private analytics, secure learning, and private key recovery) and blockchains. These systems have great potential for improving security and privacy, but face a significant hurdle on the path to deployment. We initiate study of the following problem: a single organization is, by definition, a single party, and so how can a single organization build a distributed-trust system where corruptions are independent? We instead consider an alternative formulation of the problem: rather than ensuring that a distributed-trust system is set up correctly by design, what if instead, users can audit a distributed-trust deployment? We propose a framework that enables a developer to efficiently and cheaply set up any distributed-trust system in a publicly auditable way. To do this, we identify two application-independent building blocks that we can use to bootstrap arbitrary distributed-trust applications: secure hardware and an append-only log. We show how to leverage existing implementations of these building blocks to deploy distributed-trust systems, and we give recommendations for infrastructure changes that would make it easier to deploy distributed-trust systems in the future.