Unconditionally Secure Computation with Reduced Interaction

  • Ivan DamgårdEmail author
  • Jesper Buus Nielsen
  • Rafail Ostrovsky
  • Adi Rosén
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9666)


We study the question of how much interaction is needed for unconditionally secure multiparty computation. We first consider the number of messages that need to be sent to compute a Boolean function with semi-honest security, where all n parties learn the result. We consider two classes of functions called t-difficult and t-very difficult functions, where t refers to the number of corrupted players. For instance, the AND of an input bit from each player is t-very difficult while the XOR is t-difficult but not t-very difficult. We show lower bounds on the message complexity of both types of functions, considering two notions of message complexity called conservative and liberal, where conservative is the more standard one. In all cases the bounds are \(\varOmega (nt)\). We also show (almost) matching upper bounds for \(t=1\) and functions in a rich class \(PSM_\mathsf{eff}\) including non-deterministic log-space, as well as a stronger upper bound for the XOR function. In particular, we find that the conservative message complexity of 1-very difficult functions in \(PSM_\mathsf{eff}\) is 2n, while the conservative message complexity for XOR (and \(t=1\)) is \(2n-1\). Next, we consider round complexity. It is a long-standing open problem to determine whether all efficiently computable functions can also be efficiently computed in constant-round with unconditional security. Motivated by this, we consider the question of whether we can compute any function securely, while minimizing the interaction of some of the players? And if so, how many players can this apply to? Note that we still want the standard security guarantees (correctness, privacy, termination) and we consider the standard communication model with secure point-to-point channels. We answer the questions as follows: for passive security, with \(n=2t+1\) players and t corruptions, up to t players can have minimal interaction, i.e., they send 1 message in the first round to each of the \(t+1\) remaining players and receive one message from each of them in the last round. Using our result on message complexity, we show that this is (unconditionally) optimal. For malicious security with \(n=3t+1\) players and t corruptions, up to t players can have minimal interaction, and we show that this is also optimal.



Work done in part while some of the authors visited Simons Institute. First and second author acknowledge support from the Danish National Research Foundation and The National Science Foundation of China (under the grant 61061130540) for the Sino-Danish Center for the Theory of Interactive Computation, within which part of this work was performed; and also from the CFEM research center (supported by the Danish Strategic Research Council) within which part of this work was performed. The second author was partially supported by the European Research Council Starting Grant 279447, the second partially supported by the European Research Council Advanced Grant MPCPRO. The third author acknowledges partial support by NSF grants 09165174, 1065276, 1118126 and 1136174, US-Israel BSF grant 2008411, OKAWA Foundation Research Award, IBM Faculty Research Award, Xerox Faculty Research Award, B. John Garrick Foundation Award, Teradata Research Award, and Lockheed-Martin Corporation Research Award. This material is also based upon work supported in part by DARPA Safeware program. The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government. Research by the fourth author partially supported by ANR project RDAM.


  1. [BDGK91]
    Bar-Noy, A., Deng, X., Garay, J.A., Kameda, T.: Optimal amortized distributed consensus (extended abstract). In: Toueg, S., Spirakis, P.G., Kirousis, L.M. (eds.) WDAG 1991. LNCS, vol. 579, pp. 95–107. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  2. [BGT13]
    Boyle, E., Goldwasser, S., Tessaro, S.: Communication locality in secure multi-party computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 356–376. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. [BGW88]
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Simon, J. (ed.) Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, USA, 2–4 May 1988, pp. 1–10. ACM (1988)Google Scholar
  4. [Can00]
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  5. [CCD87]
    Chaum, D., Crépeau, C., Damgård, I.B.: Multiparty unconditionally secure protocols (abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, p. 462. Springer, Heidelberg (1988)Google Scholar
  6. [CCG+15]
    Chandran, N., Chongchitmate, W., Garay, J.A., Goldwasser, S., Ostrovsky, R., Zikas, V.: The hidden graph model: communication locality and optimal resiliency with adaptive faults. In: Proceedings of the Conference on Innovations in Theoretical Computer Science, ITCS, Rehovot, Israel, 11–13 January 2015, pp. 153–162 (2015)Google Scholar
  7. [CK93]
    Chor, B., Kushilevitz, E.: A communication-privacy tradeoff for modular addition. Inf. Process. Lett. 45(1), 205–210 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  8. [DPP14]
    Data, D., Prabhakaran, M.M., Prabhakaran, V.M.: On the communication complexity of secure computation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 199–216. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  9. [DZ13]
    Damgård, I., Zakarias, S.: Constant-overhead secure computation of Boolean circuits using preprocessing. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 621–641. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. [FKN94]
    Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation (extended abstract). In: Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, Montréal, Québec, Canada, 23–25 May 1994, pp. 554–563 (1994)Google Scholar
  11. [GIPR]
    Gonen, M., Ishai, Y., Prabhabkahan, M., Rosulek, M.: Private communication (unpublished work)Google Scholar
  12. [IK97]
    Ishai,Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: ISTCS, pp. 174–184 (1997)Google Scholar
  13. [IK00]
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: Proceedings of the 41st Annual Symposium on Foundations of Computer Science, pp. 294–304. IEEE (2000)Google Scholar
  14. [KKMO00]
    Kilian, J., Kushilevitz, E., Micali, S., Ostrovsky, R.: Reducibility and completeness in private computations. SIAM J. Comput. 29(4), 1189–1208 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  15. [PW92]
    Pfitzmann, B., Waidner, M.: Unconditional byzantine agreement for any number of faulty processors. In: Finkel, A., Jantzen, M. (eds.) STACS 1992. LNCS, vol. 577, pp. 339–350. Springer, Heidelberg (1992)Google Scholar
  16. [RB89]
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washigton, USA, 14–17 May 1989, pp. 73–85. ACM (1989)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Ivan Damgård
    • 1
    Email author
  • Jesper Buus Nielsen
    • 1
  • Rafail Ostrovsky
    • 2
  • Adi Rosén
    • 3
  1. 1.Department of Computer ScienceAarhus UniversityAarhusDenmark
  2. 2.UCLALos AngelesUSA
  3. 3.CNRS and Université Paris DiderotParisFrance

Personalised recommendations