Journal of Cryptology

, Volume 32, Issue 3, pp 1026–1069 | Cite as

Efficient Constant-Round Multi-party Computation Combining BMR and SPDZ

  • Yehuda Lindell
  • Benny PinkasEmail author
  • Nigel P. Smart
  • Avishay Yanai


Recently, there has been huge progress in the field of concretely efficient secure computation, even while providing security in the presence of malicious adversaries. This is especially the case in the two-party setting, where constant-round protocols exist that remain fast even over slow networks. However, in the multi-party setting, all concretely efficient fully secure protocols, such as SPDZ, require many rounds of communication. In this paper, we present a constant-round multi-party secure computation protocol that is fully secure in the presence of malicious adversaries and for any number of corrupted parties. Our construction is based on the constant-round protocol of Beaver et al. (the BMR protocol) and is the first version of that protocol that is concretely efficient for the dishonest majority case. Our protocol includes an online phase that is extremely fast and mainly consists of each party locally evaluating a garbled circuit. For the offline phase, we present both a generic construction (using any underlying MPC protocol) and a highly efficient instantiation based on the SPDZ protocol. Our estimates show the protocol to be considerably more efficient than previous fully secure multi-party protocols.


Secure multiparty computation (MPC) Garbled circuits Concrete efficiency BMR SPDZ 



The first and fourth authors were supported in part by the European Research Council under the European Union’s Seventh Framework Programme (FP/2007-2013)/ERC consolidators grant agreement no. 615172 (HIPS). The second author was supported under the European Union’s Seventh Framework Program (FP7/2007-2013) grant agreement no. 609611 (PRACTICE), and by a grant from the Israel Ministry of Science, Technology and Space (grant 3-10883). The third author was supported in part by ERC Advanced Grant ERC-2010-AdG-267188-CRIPTO, by EPSRC via grant EP/I03126X and by ERC Advanced Grant ERC-2015-AdGIMPaCT. The first and third authors were also supported by an award from EPSRC (grant EP/M012824), from the Ministry of Science, Technology and Space, Israel, and the UK Research Initiative in Cyber Security. The first, second and fourth authors were supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.


  1. 1.
    D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols, in 22nd STOC, pp. 503–513, 1990Google Scholar
  2. 2.
    A. Ben-David, N. Nisan, B. Pinkas, M. P. Fairplay, A system for secure multi-party computation, in ACM CCS, pp. 257–266, 2008Google Scholar
  3. 3.
    A. Ben-Efraim, Y. Lindell, E. Omri, Optimizing semi-honest secure multiparty computation for the internet, in ACM CCS, pp. 578–590, 2016Google Scholar
  4. 4.
    A. Ben-Efraim, Y. Lindell, E. Omri, Efficient scalable constant-round MPC via garbled circuits, in ASIACRYPT, pp. 471–498, 2017Google Scholar
  5. 5.
    M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, in 20th STOC, pp. 1–10, 1988Google Scholar
  6. 6.
    D. Chaum, C. Crépeau, I. Damgård, Multiparty unconditionally secure protocols, in 20th STOC, pp. 11–19, 1988Google Scholar
  7. 7.
    S. G. Choi, J. Katz, A. J. Malozemoff, V. Zikas, Efficient three-party computation from cut-and-choose, in CRYPTO, pp. 513–530, 2014Google Scholar
  8. 8.
    R. Cleve, Limits on the security of coin flips when half the processors are faulty (extended abstract), in 18th STOC, pp. 364–369, 1986Google Scholar
  9. 9.
    I. Damgård, Y. Ishai, Constant-round multiparty computation using a black-box pseudorandom generator, in CRYPTO, pp. 378–394, 2005Google Scholar
  10. 10.
    I. Damgård, M. Keller, E. Larraia, C. Miles, N. P. Smart, Implementing AES via an actively/covertly secure dishonest-majority MPC protocol, in SCN, pp. 241–263, 2012Google Scholar
  11. 11.
    I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, N. P. Smart, Practical covertly secure MPC for dishonest majority—or: Breaking the SPDZ limits, in ESORICS, pp. 1–18, 2013Google Scholar
  12. 12.
    I. Damgård, V. Pastro, N. P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in CRYPTO, pp. 643–662, 2012Google Scholar
  13. 13.
    P. Feldman, S. Micali, An optimal probabilistic protocol for synchronous byzantine agreement. SIAM Journal on Computing 26(4), 873–933 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in 19th STOC, pp. 218–229, 1987Google Scholar
  15. 15.
    S. Goldwasser, Y. Lindell, Secure computation without agreement, in DISC, pp. 17–32, 2002Google Scholar
  16. 16.
    C. Hazay, P. Scholl, E. Soria-Vazquez, Low cost constant round MPC combining BMR and oblivious transfer, in ASIACRYPT, pp. 598–628, 2017Google Scholar
  17. 17.
    Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in CRYPTO, pp. 572–591, 2008Google Scholar
  18. 18.
    J. Katz, R. Ostrovsky, A. D. Smith, Round efficiency of multi-party computation with a dishonest majority, in EUROCRYPT, pp. 578–595, 2003Google Scholar
  19. 19.
    M. Keller, E. Orsini, P. Scholl, MASCOT: faster malicious arithmetic secure computation with oblivious transfer, in ACM CCS, 2016, pp. 830–842, 2016Google Scholar
  20. 20.
    M. Keller, P. Scholl, N. P. Smart, An architecture for practical actively secure MPC with dishonest majority, in ACM CCS, pp. 549–560, 2013Google Scholar
  21. 21.
    M. Keller, A. Yanai, Efficient maliciously secure multiparty computation for RAM, in EUROCRYPT, 2018, pp. 91–124, 2018Google Scholar
  22. 22.
    E. Larraia, E. Orsini, N. P. Smart, Dishonest majority multi-party computation for binary circuits, in CRYPTO, 2014, pp. 495–512, 2014Google Scholar
  23. 23.
    Y. Lindell, Fast cut-and-choose based protocols for malicious and covert adversaries, in CRYPTO, pp. 1–17, 2013Google Scholar
  24. 24.
    Y. Lindell, B. Riva, Cut-and-choose yao-based secure computation in the online/offline and batch settings, in CRYPTO, pp. 476–494, 2014Google Scholar
  25. 25.
    Y. Lindell, N. P. Smart, E. Soria-Vazquez, More efficient constant-round multi-party computation from BMR and SHE, in 14th TCC 2016-B, pp. 554–581, 2016Google Scholar
  26. 26.
    J. B. Nielsen, P. S. Nordholt, C. Orlandi, S. S. Burra, A new approach to practical active-secure two-party computation, in CRYPTO, pp. 681–700, 2012Google Scholar
  27. 27.
    R. Pass, Bounded-concurrent secure multi-party computation with a dishonest majority, in 36th STOC, pp. 232–241, 2004Google Scholar
  28. 28.
    M. C. Pease, R. E. Shostak, L. Lamport, Reaching agreement in the presence of faults. Journal of ACM 27(2), 228–234 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    B. Pinkas, T. Schneider, N. P. Smart, S. C. Williams, Secure two-party computation is practical, in ASIACRYPT, pp. 250–267, 2009Google Scholar
  30. 30.
    T. Rabin, M. Ben-Or, Verifiable secret sharing and multiparty protocols with honest majority, in 21st STOC, pp. 73–85, 1989Google Scholar
  31. 31.
    P. Rogaway, The round complexity of secure protocols. PhD thesis, Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1991Google Scholar
  32. 32.
    A. C. Yao, Protocols for secure computations, in 23rd FOCS, pp. 160–164, 1982Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Yehuda Lindell
    • 1
  • Benny Pinkas
    • 1
    Email author
  • Nigel P. Smart
    • 2
    • 3
  • Avishay Yanai
    • 1
  1. 1.Department of Computer ScienceBar-Ilan University Ramat GanIsrael
  2. 2.Department of Computer ScienceUniversity of BristolBristolUK
  3. 3.imec-COSIC, KU LeuvenLeuvenBelgium

Personalised recommendations