Paper 2017/214

Low Cost Constant Round MPC Combining BMR and Oblivious Transfer

Carmit Hazay, Peter Scholl, and Eduardo Soria-Vazquez


In this work, we present two new universally composable, actively secure, constant round multi-party protocols for generating BMR garbled circuits with free-XOR and reduced costs. (1) Our first protocol takes a generic approach using any secret-sharing based MPC protocol for binary circuits, and a correlated oblivious transfer functionality. (2) Our specialized protocol uses secret-sharing based MPC with information-theoretic MACs. This approach is less general, but requires no additional correlated OTs to compute the garbled circuit. In both approaches, the underlying secret-sharing based protocol is only used for one secure $F_2$ multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant round MPC for binary circuits is not much more expensive than practical, non-constant round protocols. We demonstrate the practicality of our second protocol with an implementation, and perform experiments with up to $9$ parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous BMR-based protocols by 60 times.

Note: Fixed minor issues.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2017
Contact author(s)
eduardo soria-vazquez @ bristol ac uk
carmit hazay @ biu ac il
peter scholl @ cs au dk
2020-04-13: last of 5 revisions
2017-03-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Carmit Hazay and Peter Scholl and Eduardo Soria-Vazquez},
      title = {Low Cost Constant Round MPC Combining BMR and Oblivious Transfer},
      howpublished = {Cryptology ePrint Archive, Paper 2017/214},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.