Abstract
The difference between theory and practice often rests on one major factor: efficiency. In distributed systems, communication is usually expensive, and protocols designed for practical use must require as few rounds of communication and as small messages as possible.
A secure multiparty protocol to compute function F is a protocol that, when each player i of n players starts with private input x i, provides each participant i with F(x 1,...x n) without revealing more information than what can be derived from learning the function value. Some number l of players may be corrupted by an adversary who may then change the messages they send. Recent solutions to this problem have suffered in practical terms: while theoretically using only polynomially-many rounds, in practice the constants and exponents of such polynomials are too great. Normally, such protocols express F as a circuit C F, call on each player to secretly sharex i, and proceed to perform “secret addition and multiplication” on secretly shared values. The cost is proportional to the depth of C F times the cost of secret multiplication; and multiplication requires several rounds of interaction.
We present a protocol that simplifies the body of such a protocol and significantly reduces the number of rounds of interaction. The steps of our protocol take advantage of a new and counterintuitive technique for evaluating a circuit; set every input to every gate in the circuit completely at random, and then make corrections. Our protocol replaces each secret multiplication — multiplication that requires further sharing, addition, zero-knowledge proofs, and secret reconstruction — that is used during the body of a standard protocol by a simple reconstruction of secretly shared values, thereby reducing rounds by an order of magnitude. Furthermore, these reconstructions require only broadcast messages (but do not require Byzantine Agreement). The simplicity of broadcast and reconstruction provides efficiency and ease of implementation. Our transformation is simple and compatible with other techniques for reducing rounds.
Research supported by AT&T Bell Laboratories, Murray Hill, NJ.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J. Bar-Ilan, D. Beaver. “Non-Cryptographic Fault-Tolerant Computing in a Constant Expected Number of Rounds of Interaction.” Proceedings of PODC, ACM, 1989, 201–209.
D. Beaver. “Secure Multiparty Protocols and Zero Knowledge Proof Systems Tolerating a Faulty Minority.” To appear, J. Cryptology. An earlier version appeared as “Secure Multiparty Protocols Tolerating Half Faulty Processors.” Proceedings of Crypto 1989, ACM, 1989.
D. Beaver. Security, Fault Tolerance, and Communication Complexity in Distributed Systems. PhD Thesis, Harvard University, Cambridge, 1990.
D. Beaver, S. Goldwasser. “Multiparty Computation with Faulty Majority.” Proceedings of the 30th FOCS, IEEE, 1989, 468–473.
D. Beaver, S. Haber. “Cryptographic Protocols Provably Secure Against Dynamic Adversaries.” Submitted to FOCS 91.
D. Beaver, S. Micali, P. Rogaway. “The Round Complexity of Secure Protocols.” Proceedings of the 22st STOC, ACM, 1990, 503–513.
M. Ben-Or, S. Goldwasser, A. Wigderson. “Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation.” Proceedings of the 20th STOC, ACM, 1988, 1–10.
D. Chaum, C. Crépeau, I. Damgård. “Multiparty Unconditionally Secure Protocols.” Proceedings of the 20th STOC, ACM, 1988, 11–19.
Z. Galil, S. Haber, M. Yung. “Cryptographic Computation: Secure Fault-Tolerant Protocols and the Public-Key Model.” Proceedings of Crypto 1987, Springer-Verlag, 1988, 135–155.
O. Goldreich, S. Micali, A. Wigderson. “Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design.” Proceedings of the 27th FOCS, IEEE, 1986, 174–187.
O. Goldreich, S. Micali, A. Wigderson. “How to Play Any Mental Game, or A Completeness Theorem for Protocols with Honest Majority.” Proceedings of the 19th STOC, ACM, 1987, 218–229.
S. Goldwasser, L. Levin. “Fair Computation of General Functions in Presence of Immoral Majority.” Proceedings of Crypto 1990.
S. Haber. Multi-Party Cryptographic Computation: Techniques and Applications, PhD Thesis, Columbia University, 1988.
T. Rabin, M. Ben-Or. “Verifiable Secret Sharing and Multiparty Protocols with Honest Majority.” Proceedings of the 21st STOC, ACM, 1989, 73–85.
A. Shamir. “How to Share a Secret.” Communications of the ACM, 22 (1979), 612–613.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1992 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Beaver, D. (1992). Efficient Multiparty Protocols Using Circuit Randomization. In: Feigenbaum, J. (eds) Advances in Cryptology — CRYPTO ’91. CRYPTO 1991. Lecture Notes in Computer Science, vol 576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46766-1_34
Download citation
DOI: https://doi.org/10.1007/3-540-46766-1_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-55188-1
Online ISBN: 978-3-540-46766-3
eBook Packages: Springer Book Archive