Paper 2017/1230

Overdrive: Making SPDZ Great Again

Marcel Keller, Valerio Pastro, and Dragos Rotaru


SPDZ denotes a multiparty computation scheme in the preprocessing model based on somewhat homomorphic encryption (SHE) in the form of BGV. At CCS '16, Keller et al. presented MASCOT, a replacement of the preprocessing phase using oblivious transfer instead of SHE, improving by two orders of magnitude on the SPDZ implementation by Damgård et al. (ESORICS '13). In this work, we show that using SHE is faster than MASCOT in many aspects: - We present a protocol that uses semi-homomorphic (addition-only) encryption. For two parties, our BGV-based implementation is 6 times faster than MASCOT on a LAN and 20 times faster in a WAN setting. The latter is roughly the reduction in communication. - We show that using the proof of knowledge in the original work by Damgård et al. (Crypto '12) is more efficient in practice than the one used in the implementation mentioned above by about one order of magnitude. - We present an improvement to the verification of the aforementioned proof of knowledge that increases the performance with a growing number of parties, doubling it for 16 parties.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in EUROCRYPT 2018
Multiparty computationsomewhat homomorphic encryptionBGVzero-knowledge proofs of knowledge
Contact author(s)
dragos rotaru @ bristol ac uk
2018-02-09: last of 2 revisions
2017-12-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marcel Keller and Valerio Pastro and Dragos Rotaru},
      title = {Overdrive: Making SPDZ Great Again},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1230},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.