1. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case 2017 CCS Implementation MPC
    Nishanth Chandran, Juan A. Garay, Payman Mohassel, and Satyanarayana Vusirikala
    [View PDF on acmccs.github.io]
    [Show BibTex Citation]

    author = {Zhu, Ruiyu and Huang, Yan and Cassel, Darion},
    title = {Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries},
    year = {2017},
    isbn = {9781450349468},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3133956.3134070},
    doi = {10.1145/3133956.3134070},
    booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security},
    pages = {245–257},
    numpages = {13},
    keywords = {scalable actively-secure computation},
    location = {Dallas, Texas, USA},
    series = {CCS ’17}

While the feasibility of constant-round and actively secure MPC has been known for over two decades, the last few years have witnessed a flurry of designs and implementations that make its deployment a palpable reality. To our knowledge, however, existing concretely efficient MPC constructions are only for up to three parties.

In this paper we design and implement a new actively secure 5PC protocol tolerating two corruptions that requires 8 rounds of interaction, only uses fast symmetric-key operations, and incurs 60% less communication than the passively secure state-of-the-art solution from the work of Ben-Efraim, Lindell, and Omri [CCS 2016]. For example, securely evaluating the AES circuit when the parties are in different regions of the U.S. and Europe only takes 1.8s which is 2.6x faster than the passively secure 5PC in the same environment.

Instrumental for our efficiency gains (less interaction, only symmetric key primitives) is a new 4-party primitive we call Attested OT, which in addition to Sender and Receiver involves two additional “assistant parties” who will attest to the respective inputs of both parties, and which might be of broader applicability in practically relevant MPC scenarios. Finally, we also show how to generalize our construction to n parties with similar efficiency properties where the corruption threshold is t ≈ √n, and propose a combinatorial problem which, if solved optimally, can yield even better corruption thresholds for the same cost.