We study the problem of Secure Multi-party Computation (SMC) in a model where individual processes contain a tamper-proof security module, and introduce the TrustedPals framework, an efficient smart card based implementation of SMC for any number of participating entities in such a model. Security modules can be trusted by other processes and can establish secure channels between each other. However, their availability is restricted by their host, that is, a corrupted party can stop the computation of its own security module as well as drop any message sent by or to its security module. We show that in this model SMC can be implemented by reducing it to a fault-tolerance problem at the level of security modules. Since the critical part of the computation can be executed locally on the smart card, we can compute any function securely with a protocol complexity which is polynomial only in the number of processes (that is, the complexity does not depend on the function which is computed), in contrast to previous approaches. Having been initially proposed by Yao in 1982 [29], it got its first solution only in 1987, when Goldreich, Micali and Wigderson [16] showed that in a synchronous system with cryptography a majority of honest processes can simulate a centralized trusted third party. This was done by transforming the function F into a computation over a finite field and then showing that addition and multiplication in this finite field could be implemented securely using secret sharing and agreement protocols. It was also shown that a majority of honest processes was necessary for SMC. All existing general solutions to SMC are based on the original idea of Goldreich, Micali and Wigderson [16]. Hence, the message complexity always depends on the function that is computed. For example, the most efficient solution to SMC we are aware of [18] requires communicating O(m • n 3) field elements (m is the number of multiplication gates in F) and at least O(n 2) rounds of communication (in fact, the round complexity also depends on F). Thus, despite solutions, many practitioners have been prevented to attempting to implement general SMC due to lack of efficiency. Recently, there has been an increasing interest in SMC which probably stems from the growing importance and the difficulty to implement fault-tolerance in combination with security in today's networks. In fact, in the concluding remarks on the COCA project, Zhou, Schneider and van Renesse [30] call to investigate practical secure multi-party computation. Related Work. In 2003, MacKenzie, Oprea and Reiter [21] presented a tool which could securely compute a two-party function over a finite field of a specific form. Later, Malkhi et al. [22] presented Fairplay, a general solution of twoparty secure computation. Both papers follow the initial approach proposed by Goldreich, Micali and Wigderson [16], that is, they make extensive use of compilers that translate the function F into one-pass boolean circuits. Iliev and Smith [19] report in yet unpublished work on perform...
