Going Beyond Dual Execution: MPC for Functions with Efficient Verification

Carmit Hazay, Abhi Shelat, Muthuramakrishnan Venkitasubramaniam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


The dual execution paradigm of Mohassel and Franklin (PKC’06) and Huang, Katz and Evans (IEEE ’12) shows how to achieve the notion of 1-bit leakage security at roughly twice the cost of semi-honest security for the special case of two-party secure computation. To date, there are no multi-party computation (MPC) protocols that offer such a strong trade-off between security and semi-honest performance. Our main result is to address this shortcoming by designing 1-bit leakage protocols for the multi-party setting, albeit for a special class of functions. We say that function f(x, y) is efficiently verifiable by g if the running time of g is always smaller than f and if and only if. In the two-party setting, we first improve dual execution by observing that the “second execution” can be an evaluation of g instead of f, and that by definition, the evaluation of g is asymptotically more efficient. Our main MPC result is to construct a 1-bit leakage protocol for such functions from any passive protocol for f that is secure up to additive errors and any active protocol for g. An important result by Genkin et al. (STOC ’14) shows how the classic protocols by Goldreich et al. (STOC ’87) and Ben-Or et al. (STOC ’88) naturally support this property, which allows to instantiate our compiler with two-party and multi-party protocols. A key technical result we prove is that the passive protocol for distributed garbling due to Beaver et al. (STOC ’90) is in fact secure up to additive errors against malicious adversaries, thereby, yielding another powerful instantiation of our paradigm in the constant-round multi-party setting. As another concrete example of instantiating our approach, we present a novel protocol for computing perfect matching that is secure in the 1-bit leakage model and whose communication complexity is less than the honest-but-curious implementations of textbook algorithms for perfect matching.

Original languageEnglish
Title of host publicationPublic-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
EditorsAggelos Kiayias, Markulf Kohlweiss, Petros Wallden, Vassilis Zikas
Number of pages29
ISBN (Print)9783030453879
StatePublished - 2020
Event23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020 - Edinburgh, United Kingdom
Duration: 4 May 20207 May 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12111 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020
Country/TerritoryUnited Kingdom

Bibliographical note

Publisher Copyright:
© 2020, International Association for Cryptologic Research.


  • Dual execution
  • Greedy algorithms
  • Secure computation
  • Semi-honest security


Dive into the research topics of 'Going Beyond Dual Execution: MPC for Functions with Efficient Verification'. Together they form a unique fingerprint.

Cite this