TY - GEN

T1 - Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation

AU - Damgard, Ivan

AU - Fitzi, M.

AU - Kiltz, E.

AU - Nielsen, J.B.

AU - Toft, T.

PY - 2006

Y1 - 2006

N2 - We show that if a set of players hold shares of a value a Î \mathbbFp aFpfor some prime p (where the set of shares is written [a] p ), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a 0] p , ..., [a l-¿-¿1] p such that l = ¿ log2 p ¿, a 0,...,a l¿-¿1¿¿¿{0,1} and a = ¿ i¿=¿0 l-¿-¿1 a i 2 i . Our protocol is secure against active adversaries and works for any linear secret sharing scheme with a multiplication protocol. The complexity of our protocol is O(l log l)(llogl) invocations of the multiplication protocol for the underlying secret sharing scheme, carried out in O(1)(1) rounds.
This result immediately implies solutions to other long-standing open problems such as constant-rounds and unconditionally secure protocols for deciding whether a shared number is zero, comparing shared numbers, raising a shared number to a shared exponent and reducing a shared number modulo a shared modulus.

AB - We show that if a set of players hold shares of a value a Î \mathbbFp aFpfor some prime p (where the set of shares is written [a] p ), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a 0] p , ..., [a l-¿-¿1] p such that l = ¿ log2 p ¿, a 0,...,a l¿-¿1¿¿¿{0,1} and a = ¿ i¿=¿0 l-¿-¿1 a i 2 i . Our protocol is secure against active adversaries and works for any linear secret sharing scheme with a multiplication protocol. The complexity of our protocol is O(l log l)(llogl) invocations of the multiplication protocol for the underlying secret sharing scheme, carried out in O(1)(1) rounds.
This result immediately implies solutions to other long-standing open problems such as constant-rounds and unconditionally secure protocols for deciding whether a shared number is zero, comparing shared numbers, raising a shared number to a shared exponent and reducing a shared number modulo a shared modulus.

U2 - 10.1007/11681878_15

DO - 10.1007/11681878_15

M3 - Conference contribution

SN - 3-540-32731-2

T3 - Lecture Notes in Computer Science

SP - 285

EP - 304

BT - Theory of Cryptography (Proceedings 3rd Theory of Cryptography Conference, TCC 2006, New York NY, USA, March 4-7, 2006)

A2 - Halevi, S.

A2 - Rabin, T.

PB - Springer

ER -