Paper 2011/136

A Full Proof of the BGW Protocol for Perfectly-Secure Multiparty Computation

Gilad Asharov and Yehuda Lindell


In the setting of secure multiparty computation, a set of $n$ parties with private inputs wish to jointly compute some functionality of their inputs. One of the most fundamental results of secure computation was presented by Ben-Or, Goldwasser and Wigderson (BGW) in 1988. They demonstrated that any $n$-party functionality can be computed with \emph{perfect security}, in the private channels model. When the adversary is semi-honest this holds as long as $t<n/2$ parties are corrupted, and when the adversary is malicious this holds as long as $t<n/3$ parties are corrupted. Unfortunately, a full proof of these results was never published. In this paper, we remedy this situation and provide a full proof of security of the BGW protocol. This includes a full description of the protocol for the malicious setting, including the construction of a new subprotocol for the perfect multiplication protocol that seems necessary for the case of $n/4\leq t<n/3$.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in Joc 2017
perfect securitymultiparty computationBGW
Contact author(s)
lindell @ biu ac il
2018-01-08: last of 7 revisions
2011-03-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gilad Asharov and Yehuda Lindell},
      title = {A Full Proof of the BGW Protocol for Perfectly-Secure Multiparty Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2011/136},
      year = {2011},
      doi = {10.1007/s00145-015-9214-4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.