Paper 2018/482

SPDZ2k: Efficient MPC mod 2^k for Dishonest Majority

Ronald Cramer, Ivan Damgård, Daniel Escudero, Peter Scholl, and Chaoping Xing


Most multi-party computation protocols allow secure computation of arithmetic circuits over a finite field, such as the integers modulo a prime. In the more natural setting of integer computations modulo $2^{k}$, which are useful for simplifying implementations and applications, no solutions with active security are known unless the majority of the participants are honest. We present a new scheme for information-theoretic MACs that are homomorphic modulo $2^k$, and are as efficient as the well-known standard solutions that are homomorphic over fields. We apply this to construct an MPC protocol for dishonest majority in the preprocessing model that has efficiency comparable to the well-known SPDZ protocol (Damgård et al., CRYPTO 2012), with operations modulo $2^k$ instead of over a field. We also construct a matching preprocessing protocol based on oblivious transfer, which is in the style of the MASCOT protocol (Keller et al., CCS 2016) and almost as efficient.

Note: Fixed a bug in the batch MAC check protocol, explained in Section 3.4. The online communication is now O(k+s) bits per opening, instead of O(k).

Available format(s)
Publication info
A minor revision of an IACR publication in CRYPTO 2018
Contact author(s)
escudero @ cs au dk
2022-03-31: revised
2018-05-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ronald Cramer and Ivan Damgård and Daniel Escudero and Peter Scholl and Chaoping Xing},
      title = {SPDZ2k: Efficient MPC mod 2^k for Dishonest Majority},
      howpublished = {Cryptology ePrint Archive, Paper 2018/482},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.