# Efficient Constant-Round Multi-party Computation Combining BMR and SPDZ

## Abstract

Recently, there has been huge progress in the field of concretely efficient secure computation, even while providing security in the presence of *malicious adversaries*. This is especially the case in the two-party setting, where constant-round protocols exist that remain fast even over slow networks. However, in the multi-party setting, all concretely efficient fully secure protocols, such as SPDZ, require many rounds of communication. In this paper, we present a *constant-round* multi-party secure computation protocol that is fully secure in the presence of malicious adversaries and for any number of corrupted parties. Our construction is based on the constant-round protocol of Beaver et al. (the BMR protocol) and is the first version of that protocol that is *concretely* efficient for the dishonest majority case. Our protocol includes an online phase that is extremely fast and mainly consists of each party locally evaluating a garbled circuit. For the offline phase, we present both a generic construction (using any underlying MPC protocol) and a highly efficient instantiation based on the SPDZ protocol. Our estimates show the protocol to be considerably more efficient than previous fully secure multi-party protocols.

## Keywords

Secure multiparty computation (MPC) Garbled circuits Concrete efficiency BMR SPDZ## Notes

### Acknowledgements

The first and fourth authors were supported in part by the European Research Council under the European Union’s Seventh Framework Programme (FP/2007-2013)/ERC consolidators grant agreement no. 615172 (HIPS). The second author was supported under the European Union’s Seventh Framework Program (FP7/2007-2013) grant agreement no. 609611 (PRACTICE), and by a grant from the Israel Ministry of Science, Technology and Space (grant 3-10883). The third author was supported in part by ERC Advanced Grant ERC-2010-AdG-267188-CRIPTO, by EPSRC via grant EP/I03126X and by ERC Advanced Grant ERC-2015-AdGIMPaCT. The first and third authors were also supported by an award from EPSRC (grant EP/M012824), from the Ministry of Science, Technology and Space, Israel, and the UK Research Initiative in Cyber Security. The first, second and fourth authors were supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.

## References

- 1.D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols, in
*22nd STOC*, pp. 503–513, 1990Google Scholar - 2.A. Ben-David, N. Nisan, B. Pinkas, M. P. Fairplay, A system for secure multi-party computation, in
*ACM CCS*, pp. 257–266, 2008Google Scholar - 3.A. Ben-Efraim, Y. Lindell, E. Omri, Optimizing semi-honest secure multiparty computation for the internet, in
*ACM CCS*, pp. 578–590, 2016Google Scholar - 4.A. Ben-Efraim, Y. Lindell, E. Omri, Efficient scalable constant-round MPC via garbled circuits, in
*ASIACRYPT*, pp. 471–498, 2017Google Scholar - 5.M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, in
*20th STOC*, pp. 1–10, 1988Google Scholar - 6.D. Chaum, C. Crépeau, I. Damgård, Multiparty unconditionally secure protocols, in
*20th STOC*, pp. 11–19, 1988Google Scholar - 7.S. G. Choi, J. Katz, A. J. Malozemoff, V. Zikas, Efficient three-party computation from cut-and-choose, in
*CRYPTO*, pp. 513–530, 2014Google Scholar - 8.R. Cleve, Limits on the security of coin flips when half the processors are faulty (extended abstract), in
*18th STOC*, pp. 364–369, 1986Google Scholar - 9.I. Damgård, Y. Ishai, Constant-round multiparty computation using a black-box pseudorandom generator, in
*CRYPTO*, pp. 378–394, 2005Google Scholar - 10.I. Damgård, M. Keller, E. Larraia, C. Miles, N. P. Smart, Implementing AES via an actively/covertly secure dishonest-majority MPC protocol, in
*SCN*, pp. 241–263, 2012Google Scholar - 11.I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, N. P. Smart, Practical covertly secure MPC for dishonest majority—or: Breaking the SPDZ limits, in
*ESORICS*, pp. 1–18, 2013Google Scholar - 12.I. Damgård, V. Pastro, N. P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in
*CRYPTO*, pp. 643–662, 2012Google Scholar - 13.P. Feldman, S. Micali, An optimal probabilistic protocol for synchronous byzantine agreement.
*SIAM Journal on Computing***26**(4), 873–933 (1997)MathSciNetCrossRefzbMATHGoogle Scholar - 14.O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in
*19th STOC*, pp. 218–229, 1987Google Scholar - 15.S. Goldwasser, Y. Lindell, Secure computation without agreement, in
*DISC*, pp. 17–32, 2002Google Scholar - 16.C. Hazay, P. Scholl, E. Soria-Vazquez, Low cost constant round MPC combining BMR and oblivious transfer, in
*ASIACRYPT*, pp. 598–628, 2017Google Scholar - 17.Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in
*CRYPTO*, pp. 572–591, 2008Google Scholar - 18.J. Katz, R. Ostrovsky, A. D. Smith, Round efficiency of multi-party computation with a dishonest majority, in
*EUROCRYPT*, pp. 578–595, 2003Google Scholar - 19.M. Keller, E. Orsini, P. Scholl, MASCOT: faster malicious arithmetic secure computation with oblivious transfer, in
*ACM CCS, 2016*, pp. 830–842, 2016Google Scholar - 20.M. Keller, P. Scholl, N. P. Smart, An architecture for practical actively secure MPC with dishonest majority, in
*ACM CCS*, pp. 549–560, 2013Google Scholar - 21.M. Keller, A. Yanai, Efficient maliciously secure multiparty computation for RAM, in
*EUROCRYPT, 2018*, pp. 91–124, 2018Google Scholar - 22.E. Larraia, E. Orsini, N. P. Smart, Dishonest majority multi-party computation for binary circuits, in
*CRYPTO, 2014*, pp. 495–512, 2014Google Scholar - 23.Y. Lindell, Fast cut-and-choose based protocols for malicious and covert adversaries, in
*CRYPTO*, pp. 1–17, 2013Google Scholar - 24.Y. Lindell, B. Riva, Cut-and-choose yao-based secure computation in the online/offline and batch settings, in
*CRYPTO*, pp. 476–494, 2014Google Scholar - 25.Y. Lindell, N. P. Smart, E. Soria-Vazquez, More efficient constant-round multi-party computation from BMR and SHE, in
*14th TCC 2016-B*, pp. 554–581, 2016Google Scholar - 26.J. B. Nielsen, P. S. Nordholt, C. Orlandi, S. S. Burra, A new approach to practical active-secure two-party computation, in
*CRYPTO*, pp. 681–700, 2012Google Scholar - 27.R. Pass, Bounded-concurrent secure multi-party computation with a dishonest majority, in
*36th STOC*, pp. 232–241, 2004Google Scholar - 28.M. C. Pease, R. E. Shostak, L. Lamport, Reaching agreement in the presence of faults.
*Journal of ACM***27**(2), 228–234 (1980)MathSciNetCrossRefzbMATHGoogle Scholar - 29.B. Pinkas, T. Schneider, N. P. Smart, S. C. Williams, Secure two-party computation is practical, in
*ASIACRYPT*, pp. 250–267, 2009Google Scholar - 30.T. Rabin, M. Ben-Or, Verifiable secret sharing and multiparty protocols with honest majority, in
*21st STOC*, pp. 73–85, 1989Google Scholar - 31.P. Rogaway,
*The round complexity of secure protocols*. PhD thesis, Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1991Google Scholar - 32.A. C. Yao, Protocols for secure computations, in
*23rd FOCS*, pp. 160–164, 1982Google Scholar