Multiparty Computation from Threshold Homomorphic Encryption

  • Ronald Cramer
  • Ivan Damgård
  • Jesper B. Nielsen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2045)


We introduce a new approach to multiparty computation (MPC) basing it on homomorphic threshold crypto-systems. We show that given keys for any sufficiently efficient system of this type,general MPC protocols for n parties can be devised which are secure against an active adversary that corrupts any minority of the parties. The total number of bits broadcast is O(nk|C|),where k is the security parameter and |C| is the size of a (Boolean) circuit computing the function to be securely evaluated. An earlier proposal by Franklin and Haber with the same complexity was only secure for passive adversaries,while all earlier protocols with active security had complexity at least quadratic in n. We give two examples of threshold cryptosystems that can support our construction and lead to the claimed complexities.


Security Parameter Commitment Scheme Arithmetic Circuit Honest Party Corrupted Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. ACM88.
    Proceedings of the Twentieth Annual ACM STOC, Chicago, Illinois, 2–4 May 1988.Google Scholar
  2. BB89.
    J. Bar-Ilan and D. Beaver. Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In Proc. ACM PODC'89, pages 201–209, 1989.Google Scholar
  3. Bea91.
    D. Beaver. Foundations of secure interactive computing. In Joan Feigenbaum, editor, Advances in Cryptology-Crypto '91, pages 377–391, Berlin, 1991. Springer-Verlag. LNCS Vol. 576.Google Scholar
  4. BGW88.
    Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In ACM [ACM88], pages 1–10.Google Scholar
  5. Can00.
    Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143–202, winter 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  6. CCD88.
    David Chaum, Claude Crépeau, and Ivan Damgård. Multiparty unconditionally secure protocols (extended abstract). In ACM [ACM88], pages 11–19.Google Scholar
  7. CD98.
    Ronald Cramer and Ivan Damgaard. Zero-knowledge proofs for finite field arithmetic, or: Can zero-knowledge be for free. In Hugo Krawczyk, editor, Advances in Cryptology-Crypto '98, pages 424–441, Berlin, 1998. Springer-Verlag. LNCS Vol. 1462.CrossRefGoogle Scholar
  8. CDM00.
    Ronald Cramer, Ivan Damgård, and Ueli Maurer. General secure multiparty computation from any linear secret-sharing scheme. In Bart Preneel, editor, Advances in Cryptology-EuroCrypt 2000, pages 316–334, Berlin, 2000. Springer-Verlag. LNCS Vol. 1807.CrossRefGoogle Scholar
  9. CDN00.
    Ronald Cramer, Ivan B. Damgård, and Jesper B. Nielsen. Multiparty computation from threshold homomorphic encryption. Research Series RS-00-14, BRICS, Department of Computer Science, University of Aarhus, June 2000. Updated version available at Cryptology ePrint Archive, record
  10. CDS94.
    R. Cramer, I. B. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Yvo Desmedt, editor, Advances in Cryptology-Crypto '94, pages 174–187, Berlin, 1994. Springer-Verlag. LNCS Vol. 839.Google Scholar
  11. DJ01.
    Ivan Damgård and Mads Jurik. A generalisation,a simplification and some applications of paillier’s probabilistic public-key system. In Public Key Cryptography, Fourth International Workshop on Practice and Theory in Public Key Cryptography, PKC 2001, Proceedings, 2001. LNCS. Obtainable from Scholar
  12. DK01.
    Ivan Damgård and Maciej Koprowski. Practical threshold RSA signatures without a trusted dealer. In these proceedings.Google Scholar
  13. FH96.
    Matthew Franklin and Stuart Haber. Joint encryption and message-efficient secure computation. Journal of Cryptology, 9(4): 217–232, Autumn 1996.zbMATHCrossRefMathSciNetGoogle Scholar
  14. FPS00.
    P. Fouque, G. Poupard, and J. Stern. Sharing decryption in the context of voting or lotteries. In Proceedings of Financial Crypto 2000, 2000.Google Scholar
  15. GMW87.
    Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the Nineteenth Annual ACM STOC, pages 218–229, New York City, 25–27 May 1987.Google Scholar
  16. GRR98.
    R. Gennaro, M. Rabin, and T. Rabin. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proc. ACM PODC'98, 1998.Google Scholar
  17. GV87.
    O. Goldreich and R. Vainish. How to solve any protocol problem — an efficiency improvement. In Carl Pomerance, editor, Advances in Cryptology-Crypto '87, pages 73–86, Berlin, 1987. Springer-Verlag. LNCS Vol. 293.Google Scholar
  18. KK91.
    Kaoru Kurosawa and Motoo Kotera. A multiparty protocol for modulo operations. Technical Report SCIS 91-3B, 1991.Google Scholar
  19. Kur91.-Kaoru Kurosawa. Zero knowledge interactive proof system for modulo operations. In IEICE Trans., volume E74, pages 2124–2128, 1991.Google Scholar
  20. MH00.
    Bartosz Przydatek, Martin Hirt, and Ueli M. Maurer. Efficient secure multiparty computation. In Tatsuaki Okamoto, editor, Advances in Cryptology-ASIACRYPT 2000, pages 143–161, Berlin, 2000. Springer. LNCS Vol. 1976.Google Scholar
  21. MJ00.
    Ari Juels and Markus Jakobsson. Mix and match: Secure function evaluation via ciphertexts. In Tatsuaki Okamoto, editor, Advances in Cryptology-ASIACRYPT 2000, pages 162–177, Berlin, 2000. Springer. LNCS Vol. 1976.Google Scholar
  22. MR91.
    S. Micali and P. Rogaway. Secure computation. In Joan Feigenbaum, editor, Advances in Cryptology-Crypto '91, pages 392–404, Berlin, 1991. Springer-Verlag. LNCS Vol. 576.Google Scholar
  23. pac96.
    Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.Google Scholar
  24. Pai99.
    P. Paillier. Public-key cryptosystems based on composite degree residue classes. In Jacques Stern, editor, Advances in Cryptology-EuroCrypt '99, pages 223–238, Berlin, 1999. Springer-Verlag. LNCS Vol. 1592.Google Scholar
  25. Sho00.
    Victor Shoup. Practical threshold signatures. In Bart Preneel, editor, Advances in Cryptology-EuroCrypt 2000, pages 207–220, Berlin, 2000. Springer-Verlag. LNCS Vol. 1807.CrossRefGoogle Scholar
  26. Yao82.
    Andrew C. Yao. Protocols for secure computations (extended abstract). In 23rd Annual Symposium on Foundations of Computer Science,pages 160–164, Chicago, Illinois, 3–5 November 1982. IEEE.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Ronald Cramer
    • 1
  • Ivan Damgård
    • 1
  • Jesper B. Nielsen
    • 1
  1. 1.BRICS Department of Computer ScienceUniversity of ÅrhusArhus CDenmark

Personalised recommendations