Paper 2019/705

Commodity-Based 2PC for Arithmetic Circuits

Ivan Damgård, Helene Haagh, Michael Nielsen, and Claudio Orlandi


We revisit the framework of Commodity-based Cryptography presented by Beaver (STOC'97) with a focus on updating the framework to fit with modern multiparty computation (MPC) protocols. We study the possibility of replacing the well-known preprocessing model with a commodity-based setting, where a set of independent servers (some of which may be corrupt) provide clients with correlated randomness. From this, the clients then distill correct and secure correlated randomness that they can use during the online phase of the MPC protocol. Beaver showed how to do OT with semi-honest security in the commodity setting. We improve on Beaver's result as follows: In a model where one of two clients and a constant fraction of the servers may be maliciously corrupted, we obtain unconditionally secure multiplication triples and oblivious linear evaluations (OLEs) such that the amortized communication cost of one triple/OLE is a constant number of field elements (when the field is sufficiently large). We also report on results from an implementation of the OLE protocol. Finally, we suggest an approach to practical realization of a commodity based system where servers need no memory and can be accessed asynchronously by clients, but still a maliciously corrupt client cannot get data he should not have access to.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Secure Two-Party ComputationInformation Theoretic SecurityOblivious Linear EvaluationCommodity-based Cryptography
Contact author(s)
orlandi @ cs au dk
2019-12-18: revised
2019-06-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ivan Damgård and Helene Haagh and Michael Nielsen and Claudio Orlandi},
      title = {Commodity-Based 2PC for Arithmetic Circuits},
      howpublished = {Cryptology ePrint Archive, Paper 2019/705},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.