Paper 2014/102

Actively Secure Private Function Evaluation

Payman Mohassel, Saeed Sadeghian, and Nigel P. Smart


We propose the first general framework for designing actively secure private function evaluation (PFE), not based on universal circuits. Our framework is naturally divided into pre-processing and online stages and can be instantiated using any generic actively secure multiparty computation (MPC) protocol. Our framework helps address the main open questions about efficiency of actively secure PFE. On the theoretical side, our framework yields the first actively secure PFE with linear complexity in the circuit size. On the practical side, we obtain the first actively secure PFE for arithmetic circuits with $O(g \cdot \log g)$ complexity where $g$ is the circuit size. The best previous construction (of practical interest) is based on an arithmetic universal circuit and has complexity $O(g^5)$. We also introduce the first linear Zero-Knowledge proof of correctness of ``extended permutation" of ciphertexts (a generalization of ZK proof of correct shuffles) which maybe of independent interest.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2014
Contact author(s)
pmohasse @ cpsc ucalgary ca
sadeghis @ ucalgary ca
nigel @ cs bris ac uk
2014-12-18: last of 2 revisions
2014-02-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Payman Mohassel and Saeed Sadeghian and Nigel P.  Smart},
      title = {Actively Secure Private Function Evaluation},
      howpublished = {Cryptology ePrint Archive, Paper 2014/102},
      year = {2014},
      doi = {10.1007/978-3-662-45608-8_26},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.