Paper 2020/451

Maliciously Secure Matrix Multiplication with Applications to Private Deep Learning

Hao Chen, Miran Kim, Ilya Razenshteyn, Dragos Rotaru, Yongsoo Song, and Sameer Wagh


Computing on data in a manner that preserve the privacy is of growing importance. Multi-Party Computation (MPC) and Homomorphic Encryption (HE) are two cryptographic techniques for privacy-preserving computations. In this work, we have developed efficient UC-secure multiparty protocols for matrix multiplications and two-dimensional convolutions. We built upon the SPDZ framework and integrated the state-of-the-art HE algorithms for matrix multiplication. Our protocol achieved communication cost linear only in the input and output dimensions and not on the number of multiplication operations. We eliminate the ``triple sacrifice'' step of SPDZ to improve efficiency and simplify the zero-knowledge proofs. We implemented our protocols and benchmarked them against the SPDZ LowGear variant (Keller et al. Eurocrypt'18). For multiplying two square matrices of size 128, we reduced the communication cost from 1.54 GB to 12.46 MB, an improvement of over two orders of magnitude that only improves with larger matrix sizes. For evaluating all convolution layers of the ResNet-50 neural network, the communication reduces cost from 5 TB to 41 GB.

Note: Extended version of the published paper.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MINOR revision.AsiaCrypt 2020
cryptographic protocolsmulti-party computationhomomorphic encryptiondishonest majoritymatrix triples
Contact author(s)
swagh @ alumni princeton edu
haoche @ microsoft com
miran kim @ uth tmc edu
ilyaraz @ microsoft com
dragos rotaru @ esat kuleuven be
yongsoo song @ microsoft com
2021-03-23: last of 2 revisions
2020-04-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hao Chen and Miran Kim and Ilya Razenshteyn and Dragos Rotaru and Yongsoo Song and Sameer Wagh},
      title = {Maliciously Secure Matrix Multiplication with Applications to Private Deep Learning},
      howpublished = {Cryptology ePrint Archive, Paper 2020/451},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.