Obligatory `CA` attribute in MP-SPDZ SSL certificate avoids using/re-using registered certificate of parties
Fed-BioMed requires to have dynamic parties for MPC where number of active parties may change from one experiment to another. Different parties will be launched based on researcher decision (selected nodes).
The problem in shamir
protocol, it is required to have certificates (pem) of each party in advance. So, we developed a module that user can register other parties' certificates in advance, and the information is saved in the database. Certificates of the parties are taken from DB based on node ids that will participate training and they are written in Player-Data directory by respecting P.pem format. However, it is not enough because MP-SPDZ also identifies parties based on CN (COMMON_NAME) attribute of the certificate and CN
should respect corresponding certificate file name. In Fed-BioMed, we can not set static party numbers in advance because it can change from one experiment to another. So, certificate (CN
) is set once (in order to register it on the remote parties), and it is not possible to use it because CN
does not match the file name of the certificate.
In this issue I will share possible solutions that can be implemented.