In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit. In both approaches, the underlying secret-sharing-based protocol is only used for one actively secureF2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_2$$\end{document}multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.

中文翻译：

---

结合 BMR 和 Oblivious Transfer 的低成本恒定圆形 MPC

在这项工作中，我们提出了两种新的主动安全、恒定轮多方计算 (MPC) 协议，其安全性可防止所有错误。我们的协议都从一个主动安全的 MPC 协议开始，它可能在电路深度上具有线性轮复杂度，并将其编译成基于乱码电路的恒定轮协议，开销非常低。我们的第一个协议采用通用方法，使用任何基于秘密共享的 MPC 协议用于二进制电路，以及相关的不经意传输功能。我们的第二个协议建立在基于秘密共享的 MPC 和信息理论 MAC 的基础上。这种方法不太灵活，基于特定形式的 MPC，但不需要额外的不经意的传输来计算乱码电路。在这两种方法中，底层基于秘密共享的协议仅用于一个主动安全的F2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage {mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_2$$\end{document}每个与门的乘法。一个有趣的结果是，使用当前的技术，二进制电路的恒定循环 MPC 并不比实际的非恒定循环协议昂贵多少。我们通过一个实现来证明我们的第二个协议的实用性，并与多达 9 方安全地计算 AES 和 SHA-256 电路进行实验。我们的运行时间比以前协议在此设置下的最佳性能提高了 60 倍。我们的第一个协议采用通用方法，使用任何基于秘密共享的 MPC 协议用于二进制电路，以及相关的不经意传输功能。我们的第二个协议建立在基于秘密共享的 MPC 和信息理论 MAC 的基础上。这种方法不太灵活，它基于特定形式的 MPC，但不需要额外的不经意的传输来计算乱码电路。