Best of both worlds in secure computation, with low communication overhead

Abstract

When performing a secure multiparty computation with a few hundred parties, using the best protocols known today, bandwidth constraints are the primary bottleneck. A long line of work demonstrates that n parties can compute a circuit C of depth d while communicating O(| C| log | C| + poly(d, n) field elements per party, as long as a majority of parties are honest. However, in the malicious majority setting, a lot less is known. The work of Nielsen and Ranellucci is the first to provide constant-overhead in the communication complexity when a majority of parties are malicious;their result demonstrates feasibility, but is quite complex and impractical. In this work, we construct a new MPC protocol in the pre-processing model. We introduce a new middle-ground:our protocol has low communication and provides robustness when a majority of parties are honest, and gives security with abort (possibly with higher communication cost) when a majority of players are malicious. Robustness is impossible when a majority of parties are malicious;viewing the increased communication complexity as a form of denial of service, similar to an abort, we view our result as providing the “best of both worlds”.