Here are some thoughts on the proposal.
Stacked filtering
Can we stack multiple detection layers (successively narrowing down to a lower false positive rate)?
I think it would be possible using either FMD1 or FMD2 constructions from FMD paper, Section 5.
For FMD parameter \gamma, we would have a detection layer of \gamma TEE nodes. Filtering is sequential, starting with the public shielded state pool \mathsf{BB}_0. Each node filters the output of the previous node at rate p=1/2. Overall rate would be 2^{-\gamma};, i.e. the smallest possible rate.
- receiver keypair (pk_1,sk_1),\ldots (pk_\gamma,sk_\gamma)
- flag ciphertexts f_m:=(ct_1,\ldots,ct_\gamma) for shielded private state m published in the shielded state pool \mathsf{BB}_0
- node i\in[\gamma] is given detection key (i,sk_i) and filters \mathsf{BB}_{i-1}
Node i filters out \mathsf{BB}_{i-1} by decrypting ct_i using sk_i. Results in \mathsf{BB}_{i}\subseteq\mathsf{BB}_{i-1} containing only pairs (m,f_m) with decryption matching bit 1. \mathsf{BB}_\gamma contains all receiver private states + false positives at the lowest rate p=2^{-n}.
Avoiding correlating private state across users
If a single TEE holds detection keys for all users, then compromising the TEE can trigger correlation attacks across users private states.
To make this harder, split users detection keys evenly across multiple TEEs. Thus, a single TEE holds only a fraction of the total detection keys. Credits to this TEEs Penumbra brainstorming.
Making detection keys useless in the public shielded state pool \mathsf{BB}_0
This is blurry, but might be worth exploring. The idea is to use a mix layer before running through the detection layer.
- sender puts the flag ciphertext f_m in a ‘locked box’ in \mathsf{BB}_0.
- unlock the boxes by passing \mathsf{BB}_0 through a mix-and-rencrypt layer. The output would be pool a \mathsf{BB}'_0 with all shielded states m_i locked in boxes (encrypted under receiver’s key), and all flag ciphertexts unboxed (decrypted) under the joint decryption key of the mix nodes
- pass \mathsf{BB}'_0 to the detection layer
The claim/goal is that at the detection layer, nodes can identify receiver’s private states using the unboxed flags, but do not know to which private states belong in \mathsf{BB}_0. Thus, a compromised detection key cannot be used to test in \mathsf{BB}_0. An attacker would need to compromise all mixing nodes to correlate. Otherwise, only an upper bound of the receiver’s private state is leaked.