Paper 2016/505

MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer

Marcel Keller, Emmanuela Orsini, and Peter Scholl


We consider the task of secure multi-party computation of arithmetic circuits over a finite field. Unlike Boolean circuits, arithmetic circuits allow natural computations on integers to be expressed easily and efficiently. In the strongest setting of malicious security with a dishonest majority — where any number of parties may deviate arbitrarily from the protocol — most existing protocols require expensive public-key cryptography for each multiplication in the preprocessing stage of the protocol, which leads to a high total cost. We present a new protocol that overcomes this limitation by using oblivious transfer to perform secure multiplications in general finite fields with reduced communication and computation. Our protocol is based on an arithmetic view of oblivious transfer, with careful consistency checks and other techniques to obtain malicious security at a cost of less than 6 times that of semi-honest security. We describe a highly optimized implementation together with experimental results for up to five parties. By making extensive use of parallelism and SSE instructions, we improve upon previous runtimes for MPC over arithmetic circuits by more than 200 times.

Note: Full version

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.ACM CCS 2016
Multi-party computationoblivious transfer
Contact author(s)
M Keller @ bristol ac uk
Emmanuela Orsini @ bristol ac uk
Peter Scholl @ bristol ac uk
2016-09-14: last of 3 revisions
2016-05-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marcel Keller and Emmanuela Orsini and Peter Scholl},
      title = {MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer},
      howpublished = {Cryptology ePrint Archive, Paper 2016/505},
      year = {2016},
      doi = {10.1145/2976749.2978357},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.