## Cryptology ePrint Archive: Report 2005/066

**Unconditionally Secure Constant Round Multi-Party Computation for Equality, Comparison, Bits and Exponentiation**

*Eike Kiltz*

**Abstract: **In this paper we are interested in efficient and secure constant round
multi-party protocols which provide unconditional security against so called honest-but-curious adversaries.

In particular, we design a novel constant round protocol that converts from shares over Z_q to shares over the integers working for all shared inputs from Z_q. Furthermore, we present a constant round protocol to securely evaluate a shared input on a public polynomial whose running time is linear in the degree of the polynomial. The proposed solution makes use of Chebyshev Polynomials. We show that the latter two protocols can be used to design efficient constant round protocols for the following natural problems:

(i) Equality: Computing shares of the bit indicating if a shared input value equals zero or not. This provides the missing building blocks for many constant round linear algebra protocols from the work of Cramer and Damgaard [CrDa01].
(ii) Comparison: Computing shares of a bit indicating which of two shared inputs is greater.
(iii) Bits: Computing shares of the binary representation of a shared input value.
(iv) Exponentiation: Computing shares of x^a mod q given shares of x, a and q.

Prior to this paper, for all the above mentioned problems, there were in general no efficient constant round protocols known providing unconditional security.

**Category / Keywords: **cryptographic protocols / multi-party computation, unconditional security, secret sharing

**Date: **received 28 Feb 2005, last revised 19 May 2005

**Contact author: **ekiltz at cs ucsd edu

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

**Note: **A bug in the conversion protocol has been fixed in this revision.

**Version: **20050520:001044 (All versions of this report)

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]