A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation

Research output: Contribution to journalArticlepeer-review

52 Scopus citations


In the setting of secure multiparty computation, a set of n parties with private inputs wish to jointly compute some functionality of their inputs. One of the most fundamental results of secure computation was presented by Ben-Or, Goldwasser, and Wigderson (BGW) in 1988. They demonstrated that any n-party functionality can be computed with perfect security, in the private channels model. When the adversary is semi-honest, this holds as long as t< n/ 2 parties are corrupted, and when the adversary is malicious, this holds as long as t< n/ 3 parties are corrupted. Unfortunately, a full proof of these results was never published. In this paper, we remedy this situation and provide a full proof of security of the BGW protocol. This includes a full description of the protocol for the malicious setting, including the construction of a new subprotocol for the perfect multiplication protocol that seems necessary for the case of n/ 4 ≤ t< n/ 3.

Original languageEnglish
Pages (from-to)58-151
Number of pages94
JournalJournal of Cryptology
Issue number1
StatePublished - 1 Jan 2017

Bibliographical note

Publisher Copyright:
© 2015, International Association for Cryptologic Research.


This work was funded by the European Research Council under the European Union’s Seventh Framework Programme (FP/2007-2013)/ERC Grant Agreement No. 239868, and by the the israel science foundation (Grant No. 189/11).

FundersFunder number
Seventh Framework ProgrammeFP/2007-2013
European Research Council239868
Israel Science Foundation189/11


    • BGW
    • Cryptographic protocols
    • Multiparty computation
    • Perfect security


    Dive into the research topics of 'A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation'. Together they form a unique fingerprint.

    Cite this