Preprocessing Based Verification of Multiparty Protocols with Honest Majority

Peeter Laud 1 , Alisa Pankova 2 , and Roman Jagomägis 3
  • 1 Cybernetica AS,
  • 2 Cybernetica AS, University of Tartu, STACC
  • 3 Cybernetica AS,


This paper presents a generic “GMW-style” method for turning passively secure protocols into protocols secure against covert attacks, adding relatively cheap offline preprocessing and post-execution verification phases. Our construction performs best with a small number of parties, and its main benefit is the total cost of the online and the offline phases. In the preprocessing phase, each party generates and shares a sufficient amount of verified multiplication triples that will be later used to assist that party’s proof. The execution phase, after which the computed result is already available to the parties, has only negligible overhead that comes from signatures on sent messages. In the postprocessing phase, the verifiers repeat the computation of the prover in secret-shared manner, checking that they obtain the same messages that the prover sent out during execution. The verification preserves the privacy guarantees of the original protocol. It is applicable to protocols doing computations over finite rings, even if the same protocol performs its computation over several distinct rings. We apply our verification method to the Sharemind platform for secure multiparty computations (SMC), evaluate its performance and compare it to other existing SMC platforms offering security against stronger than passive attackers.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Aumann, Y., and Lindell, Y. Security against covert adversaries: Efficient protocols for realistic adversaries. J. Cryptology 23, 2 (2010), 281–343.

  • [2] Baum, C., Damgård, I., and Orlandi, C. Publicly auditable secure multi-party computation. In Security and Cryptography for Networks - 9th International Conference, SCN 2014. Proceedings (2014), M. Abdalla and R. D. Prisco, Eds., vol. 8642 of LNCS, Springer, pp. 175–196.

  • [3] Baum, C., Damgård, I., Toft, T., and Zakarias, R. Better preprocessing for secure multiparty computation. In Applied Cryptography and Network Security: 14th International Conference, ACNS 2016. Proceedings (2016), M. Manulis, A.-R. Sadeghi, and S. Schneider, Eds., Springer International Publishing, pp. 327–345.

  • [4] Baum, C., Orsini, E., and Scholl, P. Efficient secure multiparty computation with identifiable abort. In Theory of Cryptography - 14th International Conference, TCC 2016-B, 2016, Proceedings, Part I (2016), M. Hirt and A. D. Smith, Eds., vol. 9985 of LNCS, pp. 461–490.

  • [5] Beaver, D. Efficient multiparty protocols using circuit randomization. In CRYPTO (1991), J. Feigenbaum, Ed., vol. 576 of LNCS, Springer, pp. 420–432.

  • [6] Bogdanov, D., Jõemets, M., Siim, S., and Vaht, M. How the estonian tax and customs board evaluated a tax fraud detection system based on secure multi-party computation. In Financial Cryptography, FC 2015, Revised Selected Papers (2015), R. Böhme and T. Okamoto, Eds., vol. 8975 of LNCS, Springer, pp. 227–234.

  • [7] Bogdanov, D., Kamm, L., Kubo, B., Rebane, R., Sokk, V., and Talviste, R. Students and taxes: a privacy-preserving study using secure computation. PoPETs 2016, 3 (2016), 117–135.

  • [8] Bogdanov, D., Laur, S., and Willemson, J. Sharemind: A framework for fast privacy-preserving computations. In ESORICS (2008), S. Jajodia and J. López, Eds., vol. 5283 of LNCS, Springer, pp. 192–206.

  • [9] Bogdanov, D., Niitsoo, M., Toft, T., and Willemson, J. High-performance secure multi-party computation for data mining applications. Int. J. Inf. Sec. 11, 6 (2012), 403–418.

  • [10] Bogdanov, D., Talviste, R., and Willemson, J. Deploying secure multi-party computation for financial data analysis (short paper). In Financial Cryptography (2012), A. D. Keromytis, Ed., vol. 7397 of LNCS, Springer, pp. 57–64.

  • [11] Brakerski, Z., Gentry, C., and Vaikuntanathan, V. (leveled) fully homomorphic encryption without bootstrapping. In Innovations in Theoretical Computer Science 2012 (2012), S. Goldwasser, Ed., ACM, pp. 309–325.

  • [12] Brickell, J., and Shmatikov, V. Privacy-preserving graph algorithms in the semi-honest model. In ASIACRYPT (2005), B. K. Roy, Ed., vol. 3788 of LNCS, Springer, pp. 236–252.

  • [13] Burkhart, M., Strasser, M., Many, D., and Dimitropoulos, X. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. In USENIX Security Symposium (2010), pp. 223–239.

  • [14] Canetti, R. Universally composable security: A new paradigm for cryptographic protocols. In FOCS (2001), IEEE Computer Society, pp. 136–145.

  • [15] Catrina, O., and de Hoogh, S. Secure multiparty linear programming using fixed-point arithmetic. In ESORICS (2010), D. Gritzalis, B. Preneel, and M. Theoharidou, Eds., vol. 6345 of LNCS, Springer, pp. 134–150.

  • [16] Cramer, R., Damgård, I., and Ishai, Y. Share conversion, pseudorandom secret-sharing and applications to secure computation. In Theory of Cryptography, Second Theory of Cryptography Conference, TCC 2005, Proceedings (2005), J. Kilian, Ed., vol. 3378 of LNCS, Springer, pp. 342–362.

  • [17] Cunningham, R., Fuller, B., and Yakoubov, S. Catching MPC cheaters: Identification and openability. Cryptology ePrint Archive, Report 2016/611, 2016.

  • [18] Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J. B., and Toft, T. Unconditionally secure constant-rounds multiparty computation for equality, comparison, bits and exponentiation. In TCC (2006), S. Halevi and T. Rabin, Eds., vol. 3876 of LNCS, Springer, pp. 285–304.

  • [19] Damgård, I., Geisler, M., Krøigaard, M., and Nielsen, J. B. Asynchronous Multiparty Computation: Theory and Implementation. In Public Key Cryptography (2009), S. Jarecki and G. Tsudik, Eds., vol. 5443 of LNCS, Springer, pp. 160–179.

  • [20] Damgård, I., Geisler, M., and Nielsen, J. B. From passive to covert security at low cost. In TCC (2010), D. Micciancio, Ed., vol. 5978 of LNCS, Springer, pp. 128–145.

  • [21] Damgård, I., Keller, M., Larraia, E., Miles, C., and Smart, N. P. Implementing AES via an actively/covertly secure dishonest-majority MPC protocol. In Security and Cryptography for Networks - 8th International Conference, SCN 2012. Proceedings (2012), I. Visconti and R. D. Prisco, Eds., vol. 7485 of LNCS, Springer, pp. 241–263.

  • [22] Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., and Smart, N. P. Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits. In ESORICS (2013), J. Crampton, S. Jajodia, and K. Mayes, Eds., vol. 8134 of LNCS, Springer, pp. 1–18.

  • [23] Damgård, I., Nielsen, J. B., Nielsen, M., and Ranellucci, S. Gate-scrambling revisited - or: The tinytable protocol for 2-party secure computation. Cryptology ePrint Archive, Report 2016/695, 2016.

  • [24] Damgård, I., Pastro, V., Smart, N. P., and Zakarias, S. Multiparty computation from somewhat homomorphic encryption. In Safavi-Naini and Canetti [52], pp. 643–662.

  • [25] Damgård, I., Toft, T., and Zakarias, R. W. Fast multiparty multiplications from shared bits. Cryptology ePrint Archive, Report 2016/109, 2016.

  • [26] Damgård, I., and Zakarias, S. Constant-overhead secure computation of boolean circuits using preprocessing. In TCC (2013), pp. 621–641.

  • [27] Damiani, E., Bellandi, V., Cimato, S., Gianini, G., Spindler, G., Grenzer, M., Heitmüller, N., and Schmechel, P. PRACTICE Deliverable D31.2: risk-aware deployment and intermediate report on status of legislative developments in data protection, October 2015. Available from

  • [28] Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., and Zeitouni, S. Automated synthesis of optimized circuits for secure computation. In Ray et al. [51], pp. 1504–1517.

  • [29] Demmler, D., Schneider, T., and Zohner, M. ABY - A framework for efficient mixed-protocol secure two-party computation. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 (2015), The Internet Society.

  • [30] Franklin, M. K., Gondree, M., and Mohassel, P. Communication-efficient private protocols for longest common subsequence. In CT-RSA (2009), M. Fischlin, Ed., vol. 5473 of LNCS, Springer, pp. 265–278.

  • [31] Frederiksen, T. K., Keller, M., Orsini, E., and Scholl, P. A Unified Approach to MPC with Preprocessing Using OT. In Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, 2015, Proceedings, Part I (2015), T. Iwata and J. H. Cheon, Eds., vol. 9452 of LNCS, Springer, pp. 711–735.

  • [32] Furukawa, J., Lindell, Y., Nof, A., and Weinstein, O. High-throughput secure three-party computation for malicious adversaries and an honest majority. In Advances in Cryptology - EUROCRYPT 2017, Proceedings, Part II (2017), J. Coron and J. B. Nielsen, Eds., vol. 10211 of LNCS, pp. 225–255.

  • [33] Goldreich, O., Micali, S., and Wigderson, A. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In STOC (1987), ACM, pp. 218–229.

  • [34] Kamm, L., and Willemson, J. Secure floating point arithmetic and private satellite collision analysis. International Journal of Information Security (2014), 1–18.

  • [35] Katz, J., Ranellucci, S., and Wang, X. Authenticated garbling and efficient maliciously secure multi-party computation. Cryptology ePrint Archive, Report 2017/189, 2017.

  • [36] Keller, M., Orsini, E., and Scholl, P. MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In Proceedings of the 2016 ACM CCS, 2016 (2016), E. R. Weippl, S. Katzenbeisser, C. Kruegel, A. C. Myers, and S. Halevi, Eds., ACM, pp. 830–842.

  • [37] Kerik, L., Laud, P., and Randmets, J. Optimizing MPC for robust and scalable integer and floating-point arithmetic. In Proceedings of WAHC’16 - 4th Workshop on Encrypted Computing and Applied Homomorphic Cryptography (2016), M. Brenner and K. Rohloff, Eds.

  • [38] Kreuter, B., Shelat, A., and Shen, C. Billion-gate secure computation with malicious adversaries. In Proceedings of the 21th USENIX Security Symposium, 2012 (2012), T. Kohno, Ed., USENIX Association, pp. 285–300.

  • [39] Krips, T., and Willemson, J. Hybrid model of fixed and floating point numbers in secure multiparty computations. In Information Security - 17th International Conference, ISC 2014. Proceedings (2014), S. S. M. Chow, J. Camenisch, L. C. K. Hui, and S. Yiu, Eds., vol. 8783 of LNCS, Springer, pp. 179–197.

  • [40] Lamport, L., Shostak, R., and Pease, M. The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4, 3 (July 1982), 382–401.

  • [41] Laud, P., and Pankova, A. Verifiable Computation in Multiparty Protocols with Honest Majority. In Provable Security - 8th International Conference, ProvSec 2014. Proceedings (2014), S. S. M. Chow, J. K. Liu, L. C. K. Hui, and S. Yiu, Eds., vol. 8782 of LNCS, Springer, pp. 146–161.

  • [42] Laud, P., and Pettai, M. Secure multiparty sorting protocols with covert privacy. In Proceedings of Nordsec 2016 (2016).

  • [43] Laud, P., and Randmets, J. A domain-specific language for low-level secure multiparty computation protocols. In Proceedings of the 22nd ACM SIGSAC CCS, 2015 (2015), ACM, pp. 1492–1503.

  • [44] Laur, S., Willemson, J., and Zhang, B. Round-Efficient Oblivious Database Manipulation. In Proceedings of the 14th International Conference on Information Security. ISC’11 (2011), pp. 262–277.

  • [45] Lindell, Y., and Riva, B. Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries. In Ray et al. [51], pp. 579–590.

  • [46] Mohassel, P., Orobets, O., and Riva, B. Efficient Server-Aided 2PC for Mobile Phones. Proceedings of Privacy Enhancing Technologies 2016, 2 (2016), 82–99.

  • [47] Nielsen, J. B., Nordholt, P. S., Orlandi, C., and Burra, S. S. A new approach to practical active-secure two-party computation. In Safavi-Naini and Canetti [52], pp. 681–700.

  • [48] Paillier, P. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT (1999), pp. 223–238.

  • [49] Pettai, M., and Laud, P. Automatic proofs of privacy of secure multi-party computation protocols against active adversaries. In IEEE 28th Computer Security Foundations Symposium, CSF 2015 (2015), C. Fournet, M. W. Hicks, and L. Viganò, Eds., IEEE, pp. 75–89.

  • [50] Pullonen, P. Actively secure two-party computation: Efficient Beaver triple generation. Master’s thesis, University of Tartu, Aalto University, 2013.

  • [51] Ray, I., Li, N., and Kruegel, C., Eds. Proceedings of the 22nd ACM CCS, Denver, CO, USA, October 12-6, 2015 (2015), ACM.

  • [52] Safavi-Naini, R., and Canetti, R., Eds. Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2012. Proceedings (2012), vol. 7417 of LNCS, Springer.

  • [53] Shamir, A. How to share a secret. Commun. ACM 22, 11 (1979), 612–613.

  • [54] Spini, G., and Fehr, S. Cheater detection in SPDZ multiparty computation. In Information Theoretic Security - 9th International Conference, ICITS 2016, Revised Selected Papers (2016), A. C. A. Nascimento and P. Barreto, Eds., vol. 10015 of LNCS, pp. 151–176.

  • [55] Vaht, M. The Analysis and Design of a Privacy-Preserving Survey System. Master’s thesis, Institute of Computer Science, University of Tartu, 2015.

  • [56] Wang, X., Ranellucci, S., and Katz, J. Authenticated garbling and efficient maliciously secure two-party computation. Cryptology ePrint Archive, Report 2017/030, 2017.


Journal + Issues