Secure Multi-party Computation Minimizing Online Rounds

  • Seung Geol Choi
  • Ariel Elbaz
  • Tal Malkin
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)


Multi-party secure computations are general important procedures to compute any function while keeping the security of private inputs. In this work we ask whether preprocessing can allow low latency (that is, small round) secure multi-party protocols that are universally-composable (UC). In particular, we allow any polynomial time preprocessing as long as it is independent of the exact circuit and actual inputs of the specific instance problem to solve, with only a bound k on the number of gates in the circuits known.

To address the question, we first define the model of “Multi-Party Computation on Encrypted Data” (mp-ced), implicitly described in [FH96],[JJ00],[CDN01],[DN03]. In this model, computing parties establish a threshold public key in a preprocessing stage, and only then private data, encrypted under the shared public key, is revealed. The computing parties then get the computational circuit they agree upon and evaluate the circuit on the encrypted data. The \(\textsc{mp-ced}\) model is interesting since it is well suited for modern computing environments, where many repeated computations on overlapping data are performed.

We present two different round-efficient protocols in this model:
  • The first protocol generates k garbled gates in the preprocessing stage and requires only two (online) rounds.

  • The second protocol generates a garbled universal circuit of size O(k logk) in the preprocessing stage, and requires only one (online) round (i.e., an obvious lower bound), and therefore it can run asynchronously.

Both protocols are secure against an active, static adversary controlling any number of parties. When the fraction of parties the adversary can corrupt is less than half, the adversary cannot force the protocols to abort.

The \(\textsc{mp-ced}\) model is closely related to the general Multi-Party Computation (mpc) model and, in fact, both can be reduced to each other. The first (resp. second) protocol above naturally gives protocols for three-round (resp. two-round) universally composable \(\textsc{mpc}\) secure against active, static adversary controlling any number of parties (with preprocessing).


Computing with Encrypted Data Multi-Party Computation Public key Cryptography Cryptographic Protocols Universal Composition 


  1. [aik05]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications. In: IEEE Conference on Computational Complexity, pp. 260–274 (2005)Google Scholar
  2. [b00]
    Beaver, D.: Minimal-latency secure function evaluation. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 335–350. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. [bl96]
    Boneh, D., Lipton, R.: Algorithms for black-box fields and their application to cryptography. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996)Google Scholar
  4. [bmr90]
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC), pp. 503–513 (1990)Google Scholar
  5. [c01]
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145 (2001)Google Scholar
  6. [cdn01]
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. [cds94]
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  8. [cej+07]
    Choi, S.G., Elbaz, A., Juels, A., Malkin, T., Yung, M.: Two-party computing with encrypted data. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 298–314. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. [cf01]
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. [ckl03]
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. [clos02]
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proc. 34th Annual ACM Symposium on Theory of Computing (STOC), pp. 494–503 (2002)Google Scholar
  12. [dh76]
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  13. [di05]
    Damgård, I., Ishai, Y.: Constant-round multiparty computation using a black-box pseudorandom generator. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 378–394. Springer, Heidelberg (2005)Google Scholar
  14. [di06]
    Damgård, I., Ishai, Y.: Scalable secure multiparty computation. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 501–520. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. [dik+08]
    Damgård, I., Ishai, Y., Krøigaard, M., Nielsen, J.B., Smith, A.: Scalable multiparty computation with nearly optimal work and resilience. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 241–261. Springer, Heidelberg (2008)Google Scholar
  16. [dn03]
    Damgård, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003)Google Scholar
  17. [e85]
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  18. [f87]
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proc. 28th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 427–437 (1987)Google Scholar
  19. [fh96]
    Franklin, M.K., Haber, S.: Joint encryption and message-efficient secure computation. joc. 9(4), 217–232 (1996)zbMATHMathSciNetGoogle Scholar
  20. [fs86]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  21. [g09]
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (to appear, 2009)Google Scholar
  22. [gikr01]
    Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: The round complexity of verifiable secret sharing and secure multicast. In: Proc. 33rd Annual ACM Symposium on Theory of Computing (STOC), pp. 580–589 (2001)Google Scholar
  23. [gmw87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pp. 218–229. ACM Press, New York (1987)Google Scholar
  24. [hk07]
    Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. [ik00]
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: FOCS, pp. 294–304 (2000)Google Scholar
  26. [iklp06]
    Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: On combining privacy with guaranteed output delivery in secure multiparty computation. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 483–500. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. [ips08]
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer - efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)Google Scholar
  28. [jj00]
    Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 162. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  29. [ko04]
    Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335–354. Springer, Heidelberg (2004)Google Scholar
  30. [kos03]
    Katz, J., Ostrovsky, R., Smith, A.: Round efficiency of multi-party computation with a dishonest majority. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 578–595. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. [ks08]
    Kolesnikov, V., Schneider, T.: A practical universal circuit construction and secure evaluation of private functions. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 83–97. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. [lp09]
    Lindell, Y., Pinkas, B.: A proof of security of yao’s protocol for two-party computation. J. Cryptology 22(2), 161–188 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  33. [NO09]
    Nielsen, J.B., Orlandi, C.: LEGO for two-party secure computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009)Google Scholar
  34. [RAD78]
    Rivest, R., Adelman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: DeMillo, R., Dobkin, D., Jones, A., Lipton, R. (eds.) Foundations of Secure Computation, pp. 169–179. Academic Press, London (1978)Google Scholar
  35. [s79]
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  36. [syy99]
    Sander, T., Young, A., Yung, M.: Non-interactive cryptocomputing for NC1. In: Proc. 40th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 554–567 (1999)Google Scholar
  37. [sco+01]
    Santis, A.D., Crescenzo, G.D., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  38. [ty98]
    Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  39. [v76]
    Valiant, L.G.: Universal circuits (preliminary report). In: Proc. 8th Annual ACM Symposium on Theory of Computing (STOC), pp. 196–203 (1976)Google Scholar
  40. [y82]
    Yao, A.: Protocols for secure computations (extended abstract). In: Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 160–164 (1982)Google Scholar
  41. [y86]
    Yao, A.: How to generate an exchange secrets. In: Proc. 27th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Seung Geol Choi
    • 1
  • Ariel Elbaz
    • 1
  • Tal Malkin
    • 1
  • Moti Yung
    • 2
  1. 1.Columbia University 
  2. 2.Google Inc. & Columbia University 

Personalised recommendations