Cryptology ePrint Archive: Report 2017/519

Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case

Nishanth Chandran and Juan Garay and Payman Mohassel and Satyanarayana Vusirikala

Abstract: These are exciting times for secure multi-party computation (MPC). While the feasibility of constant-round and actively secure MPC has been known for over two decades, the last few years have witnessed a flurry of designs and implementations that make its deployment a palpable reality. To our knowledge, however, existing concretely efficient MPC constructions are only for up to three parties.

In this paper we design and implement a new actively secure 5PC protocol tolerating two corruptions that requires $8$ rounds of interaction, only uses fast symmetric-key operations, and incurs~60\% less communication than the passively secure state-of-the-art solution [CCS 2016]. For example, securely evaluating the AES circuit when the parties are in different regions of the U.S. and Europe only takes $1.8$s which is $2.6\times$ faster than the passively secure 5PC in the same environment.

Instrumental for our efficiency gains (less interaction, only symmetric key primitives) is a new 4-party primitive we call \emph{Attested OT}, which in addition to Sender and Receiver involves two additional ``assistant parties'' who will attest to the respective inputs of both parties, and which might be of broader applicability in practically relevant MPC scenarios. Finally, we also show how to generalize our construction to $n$ parties with similar efficiency properties where the corruption threshold is $t \approx \sqrt n$, and propose a combinatorial problem which, if solved optimally, can yield even better corruption thresholds for the same cost.

Category / Keywords: cryptographic protocols / Actively Secure MPC, Implementation

Date: received 2 Jun 2017

Contact author: nichandr at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20170605:135605 (All versions of this report)

Short URL: ia.cr/2017/519

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]