Cryptology ePrint Archive: Report 2017/519

Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case

Nishanth Chandran and Juan A. Garay and Payman Mohassel and Satyanarayana Vusirikala

Abstract: While the feasibility of constant-round and actively secure MPC has been known for over two decades, the last few years have witnessed a flurry of designs and implementations that make its deployment a palpable reality. To our knowledge, however, existing concretely efficient MPC constructions are only for up to three parties.

In this paper we design and implement a new actively secure 5PC protocol tolerating two corruptions that requires $8$ rounds of interaction, only uses fast symmetric-key operations, and incurs~60\% less communication than the passively secure state-of-the-art solution from the work of Ben-Efraim, Lindell, and Omri [CCS 2016]. For example, securely evaluating the AES circuit when the parties are in different regions of the U.S. and Europe only takes $1.8$s which is $2.6\times$ faster than the passively secure 5PC in the same environment.

Instrumental for our efficiency gains (less interaction, only symmetric key primitives) is a new 4-party primitive we call \emph{Attested OT}, which in addition to Sender and Receiver involves two additional ``assistant parties'' who will attest to the respective inputs of both parties, and which might be of broader applicability in practically relevant MPC scenarios. Finally, we also show how to generalize our construction to $n$ parties with similar efficiency properties where the corruption threshold is $t \approx \sqrt n$, and propose a combinatorial problem which, if solved optimally, can yield even better corruption thresholds for the same cost.

Category / Keywords: cryptographic protocols / Actively Secure MPC, Implementation

Original Publication (in the same form): ACM CCS 2017

Date: received 2 Jun 2017, last revised 7 Sep 2017

Contact author: nichandr at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20170907:075740 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]