Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority

In the setting of unconditionally-secure MPC, where dishonest players are unbounded and no cryptographic assumptions are used, it was known since the 1980’s that an honest majority of players is both necessary and sufficient to achieve privacy and correctness, assuming secure point-to-point and broadcast channels. The main open question that was left is to establish the exact communication complexity.

We settle the above question by showing an unconditionally-secure MPC protocol, secure against a dishonest minority of malicious players, that matches the communication complexity of the best known MPC protocol in the honest-but-curious setting. More specifically, we present a new

n

-player MPC protocol that is secure against a computationally-unbounded malicious adversary that can adaptively corrupt

t

 < 

n

/2 of the players. For polynomially-large binary circuits that are not too unshaped, our protocol has an amortized communication complexity of

O

(

n

log

n

 + 

κ

/

n

const

) bits per multiplication (i.e. AND) gate, where

κ

denotes the security parameter and

const

 ∈ ℤ is an arbitrary non-negative constant. This improves on the previously most efficient protocol with the same security guarantee, which offers an amortized communication complexity of

O

(

n

2

κ

) bits per multiplication gate. For any

κ

polynomial in

n

, the amortized communication complexity of our protocol matches the

O

(

n

log

n

) bit communication complexity of the best known MPC protocol with passive security.

We introduce several novel techniques that are of independent interest and we believe will have wider applicability. One is a novel idea of computing authentication tags by means of a

mini MPC

, which allows us to avoid expensive double-sharings; the other is a

batch-wise multiplication verification

that allows us to speedup Beaver’s “multiplication triples”.