# How to Solve any Protocol Problem - An Efficiency Improvement (Extended Abstract)

## Abstract

Consider *n* parties having local inputs *x* _{1},*x* _{2},...,*x* _{n} respectively. and wishing to compute the value *f*(*x* _{1},...,*x* _{n}). where *f* is a predetermined function. Loosely speaking. an *n*-party protocol for this purpose has *maximum privacy if* whatever a subset of the users can efficiently compute when participating in the protocol, they can also compute from their local inputs and the value *f*(*x* _{1},..., *x* _{n}).

Recently, Goldreich, Micali and Wigderson have presented a polynomial-time algorithm that, given a Turing machine for computing the function *f*. outputs an *n*-party protocol with maximum privacy for distributively Computing *f*(*x* _{1},...,*x* _{n}). The maximum privacy protocol output uses as a subprotocol a maximum privacy two-party protocol for computing a particular simple function *p* _{1}(·,·). More recently, Haber and Micali have improved the efficiency of the above *n*-party protocols, using a maximum privacy two-party protocol for computing another particular function *p* _{2}(·,·). Both works use a *general* result of Yao in order to implement protocols for the *particular* functions *p* _{1}, and *p* _{2}.

In this paper, we present direct solutions to the above two particular protocol problems, avoiding the use of Yao’s general result. In fact. we present two alternative approaches for solving both problems. The first approach consists of a simple reduction of these two problems to a variant of *Oblivious Transfer*. The second approach consists of designing direct solutions to these two problems, assuming the intractability or the Quadratic Residuosity problem. Both approaches yield simpler and more efficient solutions than the ones obtained by Yao’s result.

## Keywords

Turing Machine Local Output Quadratic Residue Oblivious Transfer Local Input## References

- [Bar]Barrington, D.A., “Bounded-Width Polynomial-Size Branching Programs Recognize Exactly Those Languages in
*NC*^{1}”,*Proc. 18th STOC*, 1986, pp. 1–5.Google Scholar - [CGMA]Chor, B., S. Goldwasser, S. Micali, and B. Awerbuch. “Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults”,
*Proc. 26th FOCS*, 1985, pp. 383–395.Google Scholar - [Coh]Cohen, J.D., “Secret Sharing Homomorphisms: Keeping Shares of a Secret”, technical report YALEU/DCS/TR-453. Yale University, Dept. of Computer Science, Feb. 1986. Presented in
*Crypto86*, 1986.Google Scholar - [DH]Diffie, W., and M.E. Hellman, “New Directions in Cryptography”,
*IEEE Tram. on Inform. Theory*, Vol. IT-22, No. 6, November 1976, pp. 644–654.MathSciNetCrossRefGoogle Scholar - [EGL]Even, S., O. Goldreich, and A. Lempel, “A Randomized Protocol for Signing Contracts”.
*CACM*, Vol. 28. No. 6, 1985. pp. 637–647.MathSciNetCrossRefGoogle Scholar - [GMW1]Goldreich, O., S. Micali, and A. Wigderson, “Proofs that Yield Nothing But their Validity and a Methodology of Cryptographic Protocol Design”,
*Proc. 27th FOCS*, 1986.Google Scholar - [GMW2]Goldreich, O., S. Micali, and A. Wigderson, “How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority”,
*Proc. 19th STOC*, 1987.Google Scholar - [GM]Goldwasser, S., and S. Micali, “Probabilistic Encryption”,
*JCSS*, Vol. 28, No. 2, 1984, pp. 270–299.MathSciNetzbMATHGoogle Scholar - [GMR]Goldwasser, S., S. Micali, and C. Rackoff, “Knowledge Complexity of Interactive Proofs”,
*Proc. 17th STOC*, 1985, pp. 291–304.Google Scholar - [HM]Haber, S., and S. Micali, private communication, 1986.Google Scholar
- [Y1]Yao, A.C., “Theory and Applications of Trapdoor Functions”,
*Proc. of the 23rd IEEE Symp. on Foundation of computer Science*, 1982, pp. 80–91.Google Scholar - [Y2]Yao, A.C., “How to Generate and Exchange Secrets”,
*Proc. 27th FOCS*, 1986.Google Scholar