Paper 2015/058

Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems

Berry Schoenmakers and Meilof Veeningen


Multiparty computation can be used for privacy-friendly outsourcing of computations on private inputs of multiple parties. A computation is outsourced to several computation parties; if not too many are corrupted (e.g., no more than half), then they cannot determine the inputs or produce an incorrect output. However, in many cases, these guarantees are not enough: we need correctness even if /all/ computation parties may be corrupted; and we need that correctness can be verified even by parties that did not participate in the computation. Protocols satisfying these additional properties are called ``universally verifiable''. In this paper, we propose a new security model for universally verifiable multiparty computation, and we present a practical construction, based on a threshold homomorphic cryptosystem. We also develop a multiparty protocol for jointly producing non-interactive zero-knowledge proofs, which may be of independent interest.

Note: Full version of the ACNS proceedings version

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
multiparty computationverifiabilityFiat-Shamir heuristicthreshold homomorphic cryptosystem
Contact author(s)
m veeningen @ tue nl
2015-05-20: revised
2015-01-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Berry Schoenmakers and Meilof Veeningen},
      title = {Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems},
      howpublished = {Cryptology ePrint Archive, Paper 2015/058},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.