In our setting there are a number of clients $C_1,\ldots,C_n$ with inputs $x_1,\ldots,x_n$. The clients want to delegate a secure computation of $f(x_1,\ldots,x_n)$ to a set of untrusted workers $W_1,\ldots,W_m$. We want do so in such a way that as long as there is at least one honest worker (and everyone else might be actively corrupted) the following holds: * the privacy of the inputs is preserved; * output of the computation is correct (in particular workers cannot change the inputs of honest clients).
We propose a solution where the clients' work is minimal and the interaction pattern simple (one message to upload inputs, one to receive results), while at the same time reducing the overhead for the workers to a minimum. Our solution is generic and can be instantiated with any underlying reactive MPC protocol where linear operations are ``for free''. In contrast previous solutions were less generic and could only be instantiated for specific numbers of clients/workers.Category / Keywords: cryptographic protocols / outsourcing of computation, secure multiparty computation, verifiable computation Original Publication (with major differences): ACM CCSW 2014