Mercury: Constant-Round Protocols for Multi-Party Computation with Rationals

Abstract

Most protocols for secure multi-party computation (MPC) work over fields or rings, which means that encoding techniques are needed to map rational-valued data into the algebraic structure being used. Leveraging an encoding technique introduced in recent work of Harmon et al. that is compatible with any MPC protocol over a prime-order field, we present Mercury—a family of protocols for addition, multiplication, subtraction, and division of rational numbers. Notably, the output of our division protocol is exact (i.e., it does not use iterative methods). Our protocols offer improvements in both round complexity and communication complexity when compared with prior art, and are secure for a dishonest minority of semi-honest parties.

Acknowlegment

The authors warmly thank Professor Jonathan Katz for reading early drafts of this paper, and providing helpful insights and suggestions. This work is fully supported by Algemetric Inc.

A Proofs

Proof

(of Proposition 1). Note that \(\textsf{p}\in \mathcal {P}_{d,\tau }\) can be written as \(\textsf{p}=\sum \limits _ic_ip_i\), where \(\sum \limits _i|c_i|\le \tau \), each \(|c_i|\ge 1\), and each \(p_i\) is a monomial of degree at most d.

Let \(\textsf{p}= \sum \limits _{i=1}^I c_ip_i\). Since \(\deg (p_i)\le d\), the output \(p_i\big (x_1\big /y_1,\ldots ,x_k\big /y_k\big )\) is a fraction of the form

$$\begin{aligned} \frac{a_i}{b_i}=\frac{x_{i_1}x_{i_2}\cdots x_{i_\ell }}{y_{i_1}y_{i_2}\cdots y_{i_\ell }},\text { for some }\ell \le d\text { and } \{i_1,\ldots ,i_\ell \}\subseteq \{1,\ldots ,k\}. \end{aligned}$$

As each \(x_i\big /y_i\in \mathcal {G}_M\), we have \(|a_i|\le X^\ell \le X^d\) and \(|b_i|\le Y^\ell \le Y^d\). Since \(x\big /y=\sum \limits _{i=1}^Ic_i\cdot a_i\big /b_i\),

$$\begin{aligned} \begin{aligned} &x=(c_1a_1)b_2b_3\cdots b_I + b_1(c_2a_2)b_3\cdots b_I + b_1b_2\cdots b_{I-1}(c_Ia_I)\text { and }\\ {} &y=b_1b_2\cdots b_I. \end{aligned} \end{aligned}$$

It follows from \(\sum |c_i|\le \tau \) and the above bound on \(|a_i|,|b_i|\) that

$$\begin{aligned} |x|\le \sum \limits _{i=1}^I|c_i|(X^d)(Y^d)^{I-1}\le \tau \cdot X^dY^{d(I-1)}\text { and } |y|\le Y^{d(I-1)}. \end{aligned}$$

The proof is completed by observing that \(|c_\alpha |\ge 1\), for all \(\alpha \), implies \(I\le \tau \).