The BGW Perfectly-Secure MPC Protocol for Linear Functions

Abstract

AbstractIn this chapter, we present the classic perfectly-secure MPC protocol due to Ben-Or, Goldwasser and Wigderson [25], popularly known as the BGW MPC protocol. Here our focus will be on secure computation of linear functions. We present the formal security definition of MPC and prove the security in the simulation paradigm. Using the secure linear function evaluation method, we then construct protocol for a special linear function involving the product of a public matrix and a secret vector. This special linear function will then be used for building the BGW protocol for any function in the next chapter. We conclude the chapter mentioning the issues that BGW protocol for linear functions may have while facing a malicious adversary. The BGW MPC protocol is a generic MPC protocol, which allows the parties to securely compute any finite function. The set of mutually-distrusting parties is denoted by \(\mathcal {P}= \{P_1, \ldots , P_n \}\). The distrust in the system is modelled by a centralized entity called adversary, denoted by \(\textsf{Adv}\), who can control any subset of at most t parties out of the n parties during the protocol execution.