Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [multiparty-computation]

Multi-party computation (MPC) allows a set of parties, each with a private input, to securely and jointly perform any computation over their inputs.

Multi-party computation (MPC) allows a set of parties, each with a private input, to securely and jointly perform any computation over their inputs. Secure multi-party computation — also known as *"secure computation or "multi-party computation (MPC)" — is a subfield of cryptography. The goal of this field is to create methods that enable parties to jointly compute a function over their inputs, while at the same time keeping these inputs private.

510 questions
11
votes
2 answers

Real world use cases of Multi-Party Computation

Most of the research papers give imaginary applications of multi-party computation. Either they talk about Yao's millionares' problem or two or more corporates willing to compute some intrustion detection stuff collectively on their private data…
sashank
  • 6,174
  • 4
  • 32
  • 67
9
votes
5 answers

Is it possible to find the product of two numbers without knowing the two numbers?

I'm doing a thought experiment: Alice chooses a number $a$ and Bob $b$. They send $A(a)$ and $B(b)$ to Charlie. He performs $C(A(a), B(b))$ and gets $ab$. Do there exist not easily reversible functions $A, B, C$ for which the above is true? I'm a…
Dominik Teiml
  • 191
  • 3
8
votes
1 answer

BGW Theorem 2- Does this proof work?

I was reading the original BGW paper. Great paper. I'm confused about Theorem 2, though. The Theorem states, "There are functions for which there are no n/2-private protocols." The proof is simply that two players cannot compute an OR without one of…
danxinnoble
  • 663
  • 3
  • 13
7
votes
1 answer

Secure function evaluation for Boolean formulae

Under the assumption that "secure" encryption exists, secure evaluation of functions represented by Boolean circuits is possible by Yao's garbling scheme [Y1]. My question is whether secure evaluation of functions represented by Boolean formulae is…
ckamath
  • 5,188
  • 2
  • 21
  • 41
7
votes
2 answers

Motivation for the definition of statistical distance

Statistical distance is a widely used measure in cryptography for comparing two distributions. One can define various other measures for capturing the differences between two distributions, but why do we prefer to use statistical distance? What is…
sun
  • 540
  • 2
  • 12
6
votes
0 answers

Distributed generation of random integers with prescribed sum

While reading this document I came across the following problem. Assume you have $n$ clients. The clients need to generate random integers in $\mathbb{Z}_p$, say $T_i$ for $i \in \{1, \ldots, n\}$, such that $\sum_{i=1}^n T_i = 0$ in $\mathbb{Z}_p$.…
Tilen Marc
  • 133
  • 6
6
votes
1 answer

Simulation-based proofs - advice tape of reduction algorithm

I am currently reading Yehuda Lindell's amazing tutorial on simulation proof technique and trying to write my own proof for the first time. In page 4 of this tutorial it is mentioned that [...] The value $a$ must therefore be written on the advice…
Mhy
  • 398
  • 3
  • 14
6
votes
1 answer

What is malicious privacy?

This paper says in the appendix, At a high-level, malicious privacy is defined similar to malicious security, but with a modified ideal functionality that is corruptible, meaning that the adversary can control what it outputs. So does malicious…
somuns Miller
  • 63
  • 1
  • 6
5
votes
1 answer

Security of secure two-party computation with a trusted dealer during offline phase?

In the SecureML paper, one can assume that two non-colluding servers can run secure two-party computation protocol based on secret sharing with the help of a third party (client). The client would send correlated randomness to the servers in offline…
mallea
  • 1,605
  • 1
  • 9
  • 21
5
votes
1 answer

Communication Complexity of Equality comparison (Catrina and de Hoogh)

I was reading secure MPC protocol for finding a secret representation of whether a secret value equals zero, from Catrina and de Hoogh (summarized here). In the paper, the communication complexity costs are measured in terms of "invocations of a…
danxinnoble
  • 663
  • 3
  • 13
5
votes
1 answer

SPDZ protocol: how expensive is it to generate the multiplicative triples?

I am currently reading the full version of the SPDZ protocol. I understand that the online phase does multiplication with computational and communication complexity $O(n)$ by using Beaver's multiplicative triples as explained $\Pi_{Online}$ (Fig 1,…
danxinnoble
  • 663
  • 3
  • 13
4
votes
0 answers

Are there secure MPC schemes that support uneven load balancing between the parties?

In a scenario in which some of the parties have more data / compute power / trust reputation (or other meaningful properties) than other parties - are there known methods to do secure multiparty computation with load balancing that takes into…
dilettante
  • 41
  • 2
4
votes
1 answer

Multi-party computation with untrusted nodes?

Let $L = [b_1, \dots, b_k]$ be a list of blocks of a file. I want to compute the function $f = h(g(b_1), \dots, g(b_k))$ on $N$ untrusted nodes such that: Anyone can be reasonable convinced (with high probability) of the correctness of the…
user47376
  • 193
  • 1
  • 5
4
votes
2 answers

Practical implementations of Multiparty computations

Are there any practical implementations and or software platforms to prototype applications based on MPC ?
sashank
  • 6,174
  • 4
  • 32
  • 67
4
votes
2 answers

Is it possible to perform an MPC protocol to compute a product in a polynomial ring?

I hope not to be asking much, but I have N parties, each one holding a polynomial in with 0-1 coefficients and fixed degree $n-1$. I was wandering if it is possible (I mean feasible) to compute the product of all of these polynomials with an MPC…
user31482
  • 41
  • 1
1
2 3 4 5 6