The protocol scales linearly with respect to the number of participants, but as you can tell, each participant needs to do a lot of time-consuming computations.
Each participant needs to maintain custody of the hardware during the process of the ceremony, and then destroy the hardware afterward. If it was your turn, you'd do some stuff for an hour, and then it's the next person's turn in a round-robin circle. You had to wait maybe ~8 hours before it was your turn again. The protocol involved three rounds of this.
Nobody can abort (players commit to their moves in advance to defend against adaptive attacks) and so there needs to be a time when all N participants are available for the entire duration of the ceremony. This makes it very sensitive to scheduling problems.
If you want to do your own MPC, you also need to perform very expensive fast-fourier transforms in between round 1 and 2. In our ceremony that required a very beefy 128-core server and it still took over an hour.
I actually just found a log file from the ceremony's coordinator server (not a privileged server, just handles messages and archives them) which shows the timings of everything, which is kind of fun:
unabridged|8 years ago
ewillbefull|8 years ago
The protocol scales linearly with respect to the number of participants, but as you can tell, each participant needs to do a lot of time-consuming computations.
Each participant needs to maintain custody of the hardware during the process of the ceremony, and then destroy the hardware afterward. If it was your turn, you'd do some stuff for an hour, and then it's the next person's turn in a round-robin circle. You had to wait maybe ~8 hours before it was your turn again. The protocol involved three rounds of this.
Nobody can abort (players commit to their moves in advance to defend against adaptive attacks) and so there needs to be a time when all N participants are available for the entire duration of the ceremony. This makes it very sensitive to scheduling problems.
If you want to do your own MPC, you also need to perform very expensive fast-fourier transforms in between round 1 and 2. In our ceremony that required a very beefy 128-core server and it still took over an hour.
I actually just found a log file from the ceremony's coordinator server (not a privileged server, just handles messages and archives them) which shows the timings of everything, which is kind of fun:
https://gist.github.com/ebfull/fde1e167ba35ca67e086ca458eabc...