Paper 2022/1248

Fully-Secure MPC with Minimal Trust

Yuval Ishai, Technion, Israel
Arpita Patra, Indian Institute of Science, India
Sikhar Patranabis, IBM Research India
Divya Ravi, Aarhus University, Denmark
Akshayaram Srinivasan, Tata Institute of Fundamental Research, India

The task of achieving full security (with guaranteed output delivery) in secure multiparty computation (MPC) is a long-studied problem. Known impossibility results (Cleve, STOC 86) rule out general solutions in the dishonest majority setting. In this work, we consider solutions that use an external trusted party (TP) to bypass the impossibility results, and study the minimal requirements needed from this trusted party. In particular, we restrict ourselves to the extreme setting where the size of the TP is independent of the size of the functionality to be computed (called “small” TP) and this TP is invoked only once during the protocol execution. We present several positive and negative results for fully-secure MPC in this setting. -- For a natural class of protocols, specifically, those with a universal output decoder, we show that the size of the TP must necessarily be exponential in the number of parties. This result holds irrespective of the computational assumptions used in the protocol. The class of protocols to which our lower bound applies is broad enough to capture prior results in the area, implying that the prior techniques necessitate the use of an exponential-sized TP. We additionally rule out the possibility of achieving information-theoretic full security (without the restriction of using a universal output decoder) using a “small” TP in the plain model (i.e., without any setup). -- In order to get around the above negative result, we consider protocols without a universal output decoder. The main positive result in our work is a construction of such a fully-secure MPC protocol assuming the existence of a succinct Functional Encryption scheme. We also give evidence that such an assumption is likely to be necessary for fully-secure MPC in certain restricted settings. -- Finally, we explore the possibility of achieving full-security with a semi-honest TP that could collude with other malicious parties (which form a dishonest majority). In this setting, we show that even fairness is impossible to achieve regardless of the “small TP” requirement.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in TCC 2022
Multiparty Computationfull securitytrusted partyfunctional encryption
Contact author(s)
yuval ishai @ gmail com
arpita @ iisc ac in
sikhar patranabis @ ibm com
divya @ cs au dk
akshayaram @ berkeley edu
2023-08-03: revised
2022-09-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yuval Ishai and Arpita Patra and Sikhar Patranabis and Divya Ravi and Akshayaram Srinivasan},
      title = {Fully-Secure MPC with Minimal Trust},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1248},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.