Paper 2021/690

On Communication Models and Best-Achievable Security in Two-Round MPC

Aarushi Goel, Abhishek Jain, Manoj Prabhakaran, and Rajeev Raghunath


Recently, a sequence of works have made strong advances in two-round (i.e., round-optimal) secure multi-party computation (MPC). In the honest-majority setting -- the focus of this work -- Ananth et al. [CRYPTO'18, EC'19], Applebaum et al. [TCC'18, EC'19] and Garg et al. [TCC'18] have established the feasibility of general two-round MPC in standard communication models involving broadcast (BC) and private point-to-point (P2P) channels. In this work, we set out to understand what features of the communication model are necessary for these results, and more broadly the design of two-round MPC. Focusing our study on the plain model -- the most natural model for honest-majority MPC -- we obtain the following results: 1. Dishonest majority from Honest majority: In the two round setting, honest-majority MPC and dishonest-majority MPC are surprisingly close, and often equivalent. This follows from our results that the former implies 2-message oblivious transfer, in many settings. (i) We show that without private point-to-point (P2P) channels, i.e., when we use only broadcast (BC) channels, honest-majority MPC implies 2-message oblivious transfer. (ii) Furthermore, this implication holds even when we use both P2P and BC, provided that the MPC protocol is robust against ``fail-stop'' adversaries. 2. Best-Achievable Security: While security with guaranteed output delivery (and even fairness) against malicious adversaries is impossible in two rounds, nothing is known with regards to the ``next best'' security notion, namely, security with identifiable abort (IA). We show that IA is also impossible to achieve with honest-majority even if we use both P2P and BC channels. However, if we replace P2P channels with a ``bare'' (i.e., untrusted) public-key infrastructure (PKI), then even security with guaranteed output delivery (and hence IA) is possible to achieve. These results ``explain'' that the reliance on P2P channels (together with BC) in the recent two-round protocols in the plain model was in fact necessary, and that these protocols couldn't have achieved a stronger security guarantee, namely, IA. Overall, our results (put together with prior works) fully determine the best-achievable security for honest-majority MPC in different communication models in two rounds. As a consequence, they yield the following hierarchy of communication models: BC < P2P < BC+P2P < BC+PKI This shows that BC channel is the weakest communication model, and that BC+PKI model is strictly stronger than BC+PTP model.

Available format(s)
Publication info
A minor revision of an IACR publication in TCC 2021
Secure multiparty computationTwo roundsCommunication channelsoblivious transfer
Contact author(s)
aarushig @ cs jhu edu
abhishek @ cs jhu edu
mp @ cse iitb ac in
mrrajeev @ cse iitb ac in
2021-11-03: revised
2021-05-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aarushi Goel and Abhishek Jain and Manoj Prabhakaran and Rajeev Raghunath},
      title = {On Communication Models and Best-Achievable Security in Two-Round MPC},
      howpublished = {Cryptology ePrint Archive, Paper 2021/690},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.