Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority

Conference paper

DOI: 10.1007/978-3-642-32009-5_39

Volume 7417 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Ben-Sasson E., Fehr S., Ostrovsky R. (2012) Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority. In: Safavi-Naini R., Canetti R. (eds) Advances in Cryptology – CRYPTO 2012. Lecture Notes in Computer Science, vol 7417. Springer, Berlin, Heidelberg


In the setting of unconditionally-secure MPC, where dishonest players are unbounded and no cryptographic assumptions are used, it was known since the 1980’s that an honest majority of players is both necessary and sufficient to achieve privacy and correctness, assuming secure point-to-point and broadcast channels. The main open question that was left is to establish the exact communication complexity.

We settle the above question by showing an unconditionally-secure MPC protocol, secure against a dishonest minority of malicious players, that matches the communication complexity of the best known MPC protocol in the honest-but-curious setting. More specifically, we present a new n-player MPC protocol that is secure against a computationally-unbounded malicious adversary that can adaptively corrupt \(t < n/2\) of the players. For polynomially-large binary circuits that are not too unshaped, our protocol has an amortized communication complexity of \(O(n \log n + \kappa /n^{const})\) bits per multiplication (i.e. AND) gate, where \(\kappa \) denotes the security parameter and \({const}\in \mathbb {Z}\) is an arbitrary non-negative constant. This improves on the previously most efficient protocol with the same security guarantee, which offers an amortized communication complexity of \(O(n^2 \kappa )\) bits per multiplication gate. For any \(\kappa \) polynomial in n, the amortized communication cty of our protocol matches the \(O(n \log n)\) bit communication complexity of the best known MPC protocol with passive security.

We introduce several novel techniques that are of independent interest and we believe will have wider applicability. One is a novel idea of computing authentication tags by means of a mini MPC, which allows us to avoid expensive double-sharings; the other is a batch-wise multiplication verification that allows us to speedup Beaver’s “multiplication triples”.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  1. 1.Department of Computer ScienceTechnionHaifaIsrael
  2. 2.Microsoft Research New-EnglandCambridgeUSA
  3. 3.Centrum Wiskunde & Informatica (CWI)AmsterdamThe Netherlands
  4. 4.Department of Computer Science and Department of MathematicsUCLALos AngelesUSA