Advances in Cryptology – EUROCRYPT 2013

Volume 7881 of the series Lecture Notes in Computer Science pp 575-591

Multi-party Computation of Polynomials and Branching Programs without Simultaneous Interaction

  • S. Dov GordonAffiliated withApplied Communication Sciences
  • , Tal MalkinAffiliated withColumbia University
  • , Mike RosulekAffiliated withUniversity of Montana
  • , Hoeteck WeeAffiliated withGeorge Washington University

* Final gross prices may vary according to local VAT.

Get Access


Halevi, Lindell, and Pinkas (CRYPTO 2011) recently proposed a model for secure computation that captures communication patterns that arise in many practical settings, such as secure computation on the web. In their model, each party interacts only once, with a single centralized server. Parties do not interact with each other; in fact, the parties need not even be online simultaneously.

In this work we present a suite of new, simple and efficient protocols for secure computation in this “one-pass” model. We give protocols that obtain optimal privacy for the following general tasks:

  • Evaluating any multivariate polynomial F(x 1, …, x n ) (modulo a large RSA modulus N), where the parties each hold an input x i .

  • Evaluating any read once branching program over the parties’ inputs.

As a special case, these function classes include all previous functions for which an optimally private, one-pass computation was known, as well as many new functions, including variance and other statistical functions, string matching, second-price auctions, classification algorithms and some classes of finite automata and decision trees.