Publicly Auditable MPC-as-a-Service with succinct verification and universal setup

Abstract

In recent years, multiparty computation as a service (MPCaaS) has gained popularity as a way to build distributed privacy-preserving systems like blockchain trusted parameter setup ceremonies, and digital asset auctions. We argue that for many such applications, we should also require that the MPC protocol is publicly auditable, meaning that anyone can check the given computation is carried out correctly – even if the server nodes carrying out the computation are all corrupt. In a nutshell, the way to make an MPC protocol auditable is to combine an underlying MPC protocol with a verifiable computing proof (in particular, a SNARK). Building a general purpose MPCaaS from existing constructions would require us to perform a costly “trusted setup” every time we wish to run a new or modified application. To address this, we provide the first efficient construction for auditable MPC that has a one time universal setup. Despite improving the trusted setup, we match the state-of-the-art in asymptotic performance: the nodes incur a linear computation overhead and constant round communication overhead compared to the underlying MPC, and the audit size and verification are logarithmic in the application circuit size. We also provide an implementation and benchmarks that support our asymptotic analysis in example applications. Furthermore, compared with existing auditable MPC protocols, besides offering a universal setup our construction also has a 3x smaller proof, 3x faster verification time and comparable prover time.