How to Choose Suitable Secure Multiparty Computation Using Generalized SPDZ

“…and needs to produce a regularized superaccumulator as a vector of 𝛼 2𝑤-bit integers, where 𝛼 = ⌈ 2 𝑒 +𝑚 𝑤 ⌉. 4.1.1 The Overall Construction. To perform the conversion, the computation needs to determine the position within the superaccumulator where the mantissa is to be written based on exponent [𝑝], represent the mantissa as 𝛽 superaccumulator blocks, and write the blocks in the right locations without disclosing what locations within the superaccumulator those are.…”

“…When the number of participants is not large, an alternative is to cast each local share in Z 2 as a share in Z 2 𝑘 and have the parties compute XOR of those values over Z 2 𝑘 . This approach is used in Araki et al [4] in the three-party setting with honest majority based on replicated secret sharing (RSS) that costs two consecutive multiplications. The approach of Mohassel and Rindal [40] would also require the same communication in two rounds, but the use of the three-party OT procedure in that work reduces the number of rounds to one.…”

“…The implications are that both protocols can internally use 64-bit arithmetic and the increase in the ring size does not impact communication in bytes. Therefore, communication and the number of rounds of the protocol from [20] are also the same as those numbers for the protocol from [4]. Had we chosen 𝑘 = 32 or 𝑘 = 64, the gap in performance between our protocol and that from [20] would increase due to the need of the later to increase the communication size and use a longer data type for the computation.…”

Secure and Accurate Summation of Many Floating-Point Numbers

“…and needs to produce a regularized superaccumulator as a vector of 𝛼 2𝑤-bit integers, where 𝛼 = ⌈ 2 𝑒 +𝑚 𝑤 ⌉. 4.1.1 The Overall Construction. To perform the conversion, the computation needs to determine the position within the superaccumulator where the mantissa is to be written based on exponent [𝑝], represent the mantissa as 𝛽 superaccumulator blocks, and write the blocks in the right locations without disclosing what locations within the superaccumulator those are.…”

“…When the number of participants is not large, an alternative is to cast each local share in Z 2 as a share in Z 2 𝑘 and have the parties compute XOR of those values over Z 2 𝑘 . This approach is used in Araki et al [4] in the three-party setting with honest majority based on replicated secret sharing (RSS) that costs two consecutive multiplications. The approach of Mohassel and Rindal [40] would also require the same communication in two rounds, but the use of the three-party OT procedure in that work reduces the number of rounds to one.…”

“…The implications are that both protocols can internally use 64-bit arithmetic and the increase in the ring size does not impact communication in bytes. Therefore, communication and the number of rounds of the protocol from [20] are also the same as those numbers for the protocol from [4]. Had we chosen 𝑘 = 32 or 𝑘 = 64, the gap in performance between our protocol and that from [20] would increase due to the need of the later to increase the communication size and use a longer data type for the computation.…”

Secure and Accurate Summation of Many Floating-Point Numbers

“…Finally, multiple cryptographic approaches have been proposed for secure aggregation, including (i) general secure multi-party computation techniques [9,23,48,49] that are built on the garbled circuits and oblivious transfer techniques; (ii) secure computation using more recent cryptographic approaches such as homomorphic encryption and its variants [3,5,15,25,31]. However, these two kinds of secure computation solutions have limitations with regards to either the large volumes of ciphertexts that need to be transferred or the inefficiency of computations involved (i.e., unacceptable computation time).…”

FedV: Privacy-Preserving Federated Learning over Vertically Partitioned Data

Private Decision Tree Evaluation with Constant Rounds via (Only) SS-3PC over Ring