Secure Multiparty Computation

A Model For Secure Multiparty Computation

Secure multi-party computation (MPC) can be defined as the problem of n players computing an agreed function of their inputs in a secure way, where security means guaranteeing the correctness of the output as well as the privacy of the players’ inputs, even when some players cheat. Concretely, we assume we have inputs x₁, ..., x_n, where player i knows x_i, and we want to compute f(x₁, ..., x_n) = (y₁, ..., y_n) such that player i is guaranteed to learn y_i, but can get nothing more than that.

An example is the Yao’s millionaire’s problem: two millionaires meet in the street and want to find out who is richer. Can they do this without having to reveal how many millions they each own? The function computed in this case is a simple comparison between two integers. If the result is that the first millionaire is richer, then he knows that the other guy has fewer millions than him, but this should be all the information he learns about the other guy’s fortune

Another example is a voting scheme: here all players have an integer as input, designating the candidate they vote for, and the goal is to compute how many votes each candidate has received. We want to make sure that the correct result of the vote, but only this result, is made public. In these examples, all players learn the same result, i.e, y₁ = ... = y_n, but it can also be useful to have different results for different players. Consider for example the case of a blind signature scheme, which is useful in electronic cash systems. We can think of this as a two-party secure computation where the signer enters his private signing key sk as input, the user enters a message m to be signed, and the function f(sk, m) = (y₁, y₂), where y₁ is for the signer and is empty, and where y₂ is for the user and the signature on m. Again, security means exactly what we want: the user gets the signature and nothing else, while the signer learns nothing new.