1. Practical Fully Secure Three-Party Computation via Sublinear Distributed Zero-Knowledge Proofs 2019 CCS MPC ZK
    Elette Boyle, Niv Gilboa, Yuval Ishai and Ariel Nof
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    @misc{cryptoeprint:2019:1390,
    author = {Elette Boyle and Niv Gilboa and Yuval Ishai and Ariel Nof},
    title = {Practical Fully Secure Three-Party Computation via Sublinear Distributed Zero-Knowledge Proofs},
    howpublished = {Cryptology ePrint Archive, Report 2019/1390},
    year = {2019},
    note = {\url{https://eprint.iacr.org/2019/1390}},
    }

Secure multiparty computation enables a set of parties to securely carry out a joint computation on their private inputs without revealing anything but the output. A particularly motivated setting is that of three parties with a single corruption (hereafter denoted 3PC). This 3PC setting is particularly appealing for two main reasons: (1) it admits more efficient MPC protocols than in other standard settings; (2) it allows in principle to achieve full security (and fairness).

Highly efficient protocols exist within this setting with security against a semi-honest adversary; however, a significant gap remains between these and protocols with stronger security against a malicious adversary.

In this paper, we narrow this gap within concretely efficient protocols. More explicitly, we have the following contributions:

  • Concretely Efficient Malicious 3PC. We present an optimized 3PC protocol for arithmetic circuits over rings with (amortized) communication of 1 ring element per multiplication gate per party, matching the best semi-honest protocols. The protocol applies also to Boolean circuits, significantly improving over previous protocols even for small circuits.

Our protocol builds on recent techniques of Boneh et al.\ (Crypto 2019) for sublinear zero-knowledge proofs on distributed data, together with an efficient semi-honest protocol based on replicated secret sharing (Araki et al., CCS 2016).

We present a concrete analysis of communication and computation costs, including several optimizations. For example, for 40-bit statistical security, and Boolean circuit with a million (nonlinear) gates, the overhead on top of the semi-honest protocol can involve less than 0.5KB of communication {\em for the entire circuit}, while the computational overhead is dominated by roughly 30 multiplications per gate in the field F247. In addition, we implemented and benchmarked the protocol for varied circuit sizes.

  • Full Security. We augment the 3PC protocol to further provide full security (with guaranteed output delivery) while maintaining amortized 1 ring element communication per party per multiplication gate, and with hardly any impact on concrete efficiency. This is contrasted with the best previous 3PC protocols from the literature, which allow a corrupt party to mount a denial-of-service attack without being detected.
  1.