Actively Private and Correct MPC Scheme in t<n/2 from Passively Secure Schemes with Small Overhead

Recently, several efforts to implement and use an unconditionally secure multi-party computation (MPC) scheme have been put into practice. These implementations are passively secure MPC schemes in which an adversary must follow the MPC schemes. Although passively secure MPC schemes are efficient, passive security has the strong restriction concerning the behavior of the adversary. We investigate how secure we can construct MPC schemes while maintaining comparable efficiency with the passive case, and propose a construction of an actively secure MPC scheme from passively secure ones. Our construction is secure in the t < n/2 setting, which is the same as the passively secure one. Our construction operates not only the theoretical minimal set for computing arbitrary circuits, that is, addition and multiplication, but also high-level operations such as shuffling and sorting. We do not use the broadcast channel in the construction. Therefore, privacy and correctness are achieved but robustness is absent; if the adversary cheats, a protocol may not be finished but anyone can detect the cheat (and may stop the protocol) without leaking secret information. Instead of this, our construction requires O((cBn + n2)κ) communication that is comparable to one of the best known passively secure MPC schemes, O((cMn + n2) log n), where κ denote the security parameter, cB denotes the sum of multiplication gates and high-level operations, and cM denotes the number of multiplication gates. Furthermore, we implemented our construction and confirmed that its efficiency is comparable to the current fastest passively secure implementation.