2022 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications
(GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress
2022 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics) | 978-1-6654-5417-9/22/$31.00 ©2022 IEEE | DOI: 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics55523.2022.00080
A Secure Multiparty Computation Round
Optimization Scheme Based on Standard
Assumption
1st Yun Luo
State Key Laboratory of Public Big Data,
College of Computer Science and Technology,
Guizhou University,
Guiyang, China.
Guangxi Key Laboratory of Cryptography
and Information Security,
Guilin University Of Electronic Technology,
Guilin, China.
[email protected]
[email protected]
3rd Tao Li
State Key Laboratory of Public Big Data,
College of Computer Science and Technology,
Guizhou University,
[email protected]
Guiyang, China.
litao
[email protected]
Abstract—Many distributed interaction scenarios exist in big
data networks, which require joint computation in different
environments. In the traditional secure multiparty computa-
tion(SMPC), there exist constant rounds or even more rounds of
interaction, which greatly increases the communication overhead.
In this paper, we address the problem of optimizing the complex-
ity of rounds by constructing a secure computation protocol that
achieves semi-honest static security based on a polynomial puzzle
assumption. The multiparty interactive computation is performed
using multilinear maps operation, and the obtained results are
transmitted over the broadcast channel. The security analysis
shows that the protocol achieves static security.
Index Terms—Secure Multiparty Computation, Round Com-
plexity, Static Security, Puzzle Assumption
I. I NTRODUCTION
Secure multi-party computation denotes that multiple dis-
tributed participants jointly compute a common function, and
each participant’s private input is computed to obtain the
corresponding output, which is secure in the sense that each
participant can only obtain its own information from the output
and no additional information, and the result of the protocol
can be delivered securely [1] [2]. For the increasing number
of interaction scenarios in big data networks, when multiple
parties participate in the calculation, there will be sabotage
and rights protection operations [8] [9], data security becomes
particularly important, and privacy protection among various
participants is the focus of research [6] [7]. In secure multi-
party computation, many researchers design secure multi-party
978-1-6654-5417-9/22/$31.00 ©2022 IEEE 338
DOI 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics55523.2022.00080
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on June 09,2025 at 08:04:34 UTC from IEEE Xplore. Restrictions apply.
2nd Yuling Chen
State Key Laboratory of Public Big Data,
College of Computer Science and Technology,
Guizhou University,
Guiyang, China.
Blockchain Laboratory of Agricultural Vegetables,
Weifang University of Science and Technology,
WeiFang, China.
4th Yilei Wang
School of Computer Science, Qufu Normal University,
Rizhao, China.
wang
computation protocols based on various difficult assumptions
to counter attacks from semi-honest adversaries or even ma-
licious adversaries. A series of subsequent works target the
security of SMPC, based on various difficult assumptions to
design protocols for information security against malicious
adversaries [3] [4] [5].In secure multi-party computation, many
researchers design secure multi-party computation protocols
based on various difficult assumptions to counter attacks
from semi-honest adversaries or even malicious adversaries.A
SMPC protocol against malicious adversaries and without
trustworthy assumption setting was proposed [10], setting a
5-round SMPC protocol based on Decisional Diffie-Hellman
(DDH) assumption and a 4-round SMPC protocol constructed
by monadic permutation based on sub-exponential security
DDH assumption.
This paper is dedicated to the concept of solving the round
number optimization problem in SMPC and improving secu-
rity by introducing more difficult security assumptions.This
paper contributes as follows.
• In this paper, we construct 2 rounds of secure multi-party
computation under broadcast channel and achieve round
number optimization.
• Introducing LWE assumptions in secure multi-party com-
putation protocols to improve security notion based on
difficult problems solved by NP hard problems.
• The implementation of the protocol is done under the UC
 framework, which ultimately leads to UC security.
In Section II we present the related work, in Section III we
introduce some basics used in this paper, we present our
proposed scheme in Section IV, we give the security proof
of our scheme in Section V, and we conclude the paper in
Section VI.
II. R ELATED WORK
With the emergence and development of various puzzle
assumptions such as DDH, BDH, ECC, and LWE etc., the
security of many complete cryptographic schemes can be
attributed to the problem of solving a difficult problem whose
solution is NP, so that the probability of an adversary breaking
the cryptographic scheme is negligible.By combining crypto-
graphic primitives, the learning with error (LWE) based as-
sumption of using fully homomorphic encryption to construct
two rounds of secure multiparty computation, allowing one
round of distributed decryption of ciphertexts with multiple
secret keys [11] [12], has given a great impetus to later
research.The development of Universal Combinable (UC) [13]
[14] also has many applications in the field of secure multi-
party computing.In the framework of UC, the security of pro-
tocols depends on the security of UC to achieve indistinguisha-
bility between ideal and realistic environments. In the concept
of static security, protocols for sublinear communication are
constructed using threshold FHE as well as zero-knowledge
proofs (NIZK) [15].However, previous work neglected the
round number optimization as well as the security strength
in the protocol. In this paper, we are dedicated to encoding
the input by LWE instances under the assumption of LWE to
protect the privacy of the input and to improve the security
concept to achieve the effect of round number optimization.
III. P RELIMINARIES
A. Learning With Errors
The trapdoor-based LWE design has also been developed
through the study of lattice trapdoors [15], where K denotes
the security parameter and the parameters n = n (k) , q =
q (k) of the LWE instance are chosen to be integers, χ = χ(k)
is a distribution over Z, and LW E n,q,m assumes that for all
polynomials m = m(k) there is the following distribution that
is indistinguishable.
c function F, if for any PPT adversary A and the existence of an
(A, sA + e) ≡ (A, z) .
where A ← Zqn×m ,s ← Zqnis the input vector, e ← χm
denotes the noise vector and z ← Zqm . In the LWE scheme
with trapdoor [15] [16], for any m ∈ N , A is represented
as a uniform random distribution matrix with trapdoor R ∈

Zqm ×n log q and constructing the LWE hard problem based on
this matrix, another matrix D1 can be generated by the matrix
with trapdoor A such that AD1 = sA1 + e1 ,SimilarlyA1 D2 =
sA2 + e2 , where the matrix A1 is also a uniform random
distribution matrix with a trap R1 , that is, We can generate
the Di matrix of the current level based on the trapdoor Ri−1
of the previous level, and the whole process forms a nested
chain structure.
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on June 09,2025 at 08:04:34 UTC from IEEE Xplore. Restrictions apply.
B. Universal Composability
In [17] [18] the universal composable framework is defined
as the following two models and indistinguishable security
properties are formed in the two models, resulting in UC
security as well as combinatorial security.
Real Model:The whole execution process consists of a UC
environment Z, an adversary A, and n participants, which
starts with Z invoking all participants, generating all inputs
and being able to read all outputs, and ends with Z outputting
the result of the whole execution. Adversary A can be divided
into static adversaries and adaptive adversaries, and here we
consider the existence of adaptive adversaries, which can
corrupt any participant at any time during any process of
execution. The adversary and the honest participants can
communicate with the environment Z only through the inputs
and outputs of the functions they want to compute. A can
communicate with the environment in an arbitrary way and
can control the communication between the participants, A can
read the output messages of the parties, but A cannot insert
a message and act as an arbitrary sender of that message,
which means that the communication between the participants
has been authenticated. When an adversary generates a new
protocol message m on behalf of some corrupt participant,
A needs a witting interpretation of its behavior, in other
words, all protocol messages sent by adversary A on behalf of
participant Pi must match the honest protocol specification of
Pi .The output of the environment Z under the realistic model
is denoted by Realπ,A,Z (x, k, r), where π denotes the protocol
run by n participants according to the above specification, k is
the security parameter, and r denotes the random information.
Ideal Model:F denotes an ideal function under an ideal
model, S (simulator) denotes an ideal adversary, n Turing ma-
chines denote the participants and an environment Z. Under the
ideal model, F defines the behavior of the desired computation
and receives inputs from the participants to perform the com-
putation, and then sends the output back to the participants.
s cannot see the communication between the participants and
F, but s can communicate with F. Denote the environment Z
output under the ideal model by IdealF,S,Z (x, k, r), where x
denotes the input, k is the security parameter, and r denotes
the random information.
Definition 1 (UC Security): Given a protocol π, an ideal
(1)
adversary S under an ideal model, the following distribution is
computationally indistinguishable for any environment Z. The
protocol π is UC-realized in the presence of adversaries with
an ideal function F.
c
Realπ,A,Z (x, k, r) ≡ IdealF,S,Z (x, k, r). (2)
Hybrid Model:The F-hybrid model combines the rational
model with the realistic model, extending the realistic model
with an ideal function F. Each participant can interact with
F. The output of Z under the hybrid model is denoted by
HybridF π,A,Z (x, k, r).
Definition 2 (security under hybrid model): Given an F
and G are ideal function, π is a protocol run by n participants
339
 and π satisfies the UC-implementation ideal function G in the
F-hybrid model, if for an adversary A in the hybrid model,
there exists an adversary S under the ideal model such that
the environment Z computation is indistinguishable from the
following two distributions.
c
RealG,S,Z (x, k, r) ≡ HybridF
π,A,Z (x, k, r).
Theorem 2 (UC Compositional Security): a UC-
implementation F-protocol π, for any F-hybrid protocol ρ,
has a combined protocol ρπ simulating the execution of
the protocol ρ, for adversary A, ideal adversary S, and no
environment Z capable of distinguishing with a non-negligible
probability whether it is interacting with an adversary A and
the protocol ρπ interacts with, or interacts with S and the
protocol ρ. In other words, ρ is an F-hybrid protocol, π is a
UC-implementation of F, and then there is ρπ UC-realized of
ρ.
IV. O UR S CHEME
We use a variant of the hierarchical coding scheme in [19]
to encode and compute the input for the secure multiparty
computation. N participants P1 , P2 , ..., Pn ,with s1 , s2 , ..., sn
corresponding to the inputs of each participant, where si ←
Zqn , i = [n].There are n + 1 sets of matrices with trapdoors
UA = {A, A1 , . . . , An } and each participant encodes si
using the corresponding matrix Ai ∈ U A , P1 encodes AD 1 =
s1 A1 + e1 for its own s1 , and P2 encodes A1 D 2 = s2 A2 + e2
for its own s2 until Pn encodes An−1 D n = sn An + en , the
whole process forms a nested chain structure that generates the
current matrix D i based on the matrix Ai−1 with trapdoors at
the previous level, so that the input si is encoded into D i and
si is hidden.
In a multilinear mapping system, given n pairwise oper-
ations from level 1 to n, A as well as D i , i ∈ [n], the coding
results of all participants are multiplied together:
1 D
AD n = (s A1 + e1 )D
2 . . . D 2 . . . D
n
1
= (s A1 D2 + e1 D 3 . . . D
2 )D n
1 actions.
= (s1 s2 A2 + s1 e2 + e1 D 3 . . . D
2 )D n
= ...... = s1 s2 ...sn An + enoise .
where enoise denotes the noise obtained by the final
multiplication, which is obtained by the product of the above
equation encoding the s1 s2 ....sn instances, performing n
levels of nesting. In the information with the same order
encoding can be combined with each other for addition and
subtraction operations, which can be expressed as gis1 , gis2 in
the initial multilinear mapping, for addition and subtraction
operations to calculate gis1 ±s2 . In the multilinear mapping
 with D i that has
system with trapdoor LWE instances, for D i cast channel, if there is a participant terminated during the
encoded si with si of the same order i, making addition and
subtraction operations yields.
 + Ai−1 D
Ai−1 D i
i
 
= Ai−1 D  + D
i
i
= (si + si )Ai−1 + (ei + ei ).
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on June 09,2025 at 08:04:34 UTC from IEEE Xplore. Restrictions apply.
If there are multiple D i of the same order, we can get at
  
 point we can get Ai−1 Di1 + Ai−1 Di2 + ... + Ai−1 Din =
this
i=i1 ,i2 ,...,in si + enoise , the same can be obtained from the
operation of subtraction, at this point the multi-linear mapping
system to achieve the basic operation.
(3) A. Ideal function Fsmpc
In the UC framework, an ideal function Fsmpc should
satisfy the following properties There are n mutually dis-
trustful participants P1 , P2 , ..., Pn want to jointly compute in
polynomial time the computable function f (x1 , x2 , ..., xn ) =
(y1 , y2 , ..., yn ), where x1 , x2 , ..., xn are the input variables,
y1 , y2 , ..., yn are the output values. The protocol π of a
multiparty computation of a computational function should
satisfy the following requirements:
(1) Privacy: The input information of each participant is
invisible with respect to other participants, each participant
does not obtain more information from other participants than
what is inferred from its own results.
(2) Correctness: the protocol π can correctly calculate the
function f and return the corresponding correct result.
(3) Security: each party gets the corresponding correct
output, and no other additional information can be obtained.
B. Secure Multiparty Computation Protocol
This section constructs a 2-round protocol πsmpc under the
LWE assumption using an LWE instance to encode the input
of a secure multi-party computation before transmitting it over
a broadcast channel with the following protocol.
Round 1:N participants P1 , P2 , ..., Pn ,with s1 , s2 , ..., sn cor-
responding to the inputs of each participant, where si ←
Zqn , i = [n].
• Step 1: Use the LWE instance encoding scheme to encode
the input Di ← LW Eencode (k, q, si )
• Step 2: Generate the session id sid and transmit
i ) on the broadcast channel.
(Pi , input, sid, D
Round 2: For all participants Pi , perform the following
(4)
• Step 1: Record (Pj , input, sid, ) when participant Pi
receives (Pj , input, sid, ·)j∈[n]\i and verify the proof ,
ignoring the subsequent (Pj , input, ·).
i that passes the validation
• Step 2: The input of codes D
is added to the operation, and if the other n − 1 (consid-
ering no participant suspended, if there is a terminated
participant, the terminated participant’s input needs to be
removed) coded inputs have been received. Participants
perform computations  using arithmetic circuits, and the
output result y := i=[n] si An + enoise .
• Step 3: output(Pi , output, y), and transmit on the broad-
protocol output (Pi , output, sidabort , y), indicating that it
is out of the protocol and the other participants will not
be calculated for their input join.
(5) Semi-Malicious Security. As shown in Figure 1 below, a
semi-malicious protocol can be defined over a broadcast chan-
nel where the input must be encrypted and then transmitted.
340

Fig. 1. Protocol Flow
This scheme is based on the LWE assumption that the n inputs
are all elements in Zqn in an honest majority setting of the
participants, and the inputs are encoded and then broadcast
for transmission by an LWE instance, with each participant
using circuit locally on the encoded inputs and the output
is broadcasted.Let’s take a simple example to understand the
protocol. In a distributed environment, there are multiple par-
ticipants who fuse the data of the part of information they have
and share the fused information. Without revealing their own
part of information, we can encode and hide the information
first, then broadcast and send it. Each participant receives
all parts of information and then computes and broadcasts
the computation results, thus forming a sharing scenario that
achieves data privacy protection.
The SMPC round count optimization protocol proposed in
this paper, compared to existing research solutions for SMPC,
we achieve a SMPC protocol with fewer rounds and guarantee
the security of the protocol by the security strength assumed by
LWE, while the use of broadcast channel transmission enables
the round count of our protocol to be reduced to 2 rounds.
However, there are some shortcomings of the protocol in this
paper, such as the protocol can only achieve semi-honest static
security.
V. S ECURITY A NALYSIS
In this paper, a security proof is performed to explain the
feasibility of the protocol, and the security of the protocol is
achieved by the security of the puzzle assumptions. As long
as the probability of LWE assumptions being breached by an
adversary is negligible, then what is proposed in this paper is
secure.
Under the LWE assumption, if solving the LWE assumption
is difficult, it is safe to use an LWE instance encoding with
a trapdoor.A specific elaboration is given in [19].According
to the encoding rules, the two matrices Ai−1 with trapdoor
are nested with Ai , denoted as Ai−1 D i = si Ai + ei , and
when encoding to the last one An−1 D n = sn An + en ,the
trapdoor of matrix An is not involved in the calculation,
if sn distribution is randomized enough, then the whole
encoding process is an LWE instance. According to the LWE
assumption, the last encoding process is represented by a
uniform random distribution matrix , An−1 D n = , which
341
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on June 09,2025 at 08:04:34 UTC from IEEE Xplore. Restrictions apply.
becomes known as the product of An−1 and D n as a uniform
random distribution matrix .Given a trapped An−1 with a
trapdoor and a uniformly randomly distributed matrix , if D n
can be generated without this trapdoor, then An−1 with D n
does not give away information about the trapdoor. Suppose
there are two environments, real and simulated, and in the real
environment using the trapdoor of An−1 trapdoor to generate
Dn in the real environment and not using An−1 trapdoor to
generate in the simulated environment, the results of the two
are computationally indistinguishable.
In the UC framework, zero knowledge is introduced into
the realistic model to prove the ideal function Fnizk , forming
a hybrid model with UC, on the proof of the inputs. Proof:
Let Adv be the adversary in the real environment and Sim
denote the adversary in the ideal environment such that for
any environment Z only the real or ideal environment can be
distinguished with negligible probability, and for the adversary
Sim in the ideal environment, any input from the environment
Z is sent to Adv and any output of Adv is regarded as the out-
put of Sim.For the adversary Sim in interaction with the ideal
R
function Fnizk i , π)
, provide input si , and when (proof, sid, D
R
is received from Fnizk , emulate an identical message for
Adv. When the real-world adversary Adv taps participant Pi ,
then the adversary Sim in the ideal environment also taps
participant Pi and forwards all internal states to Adv.If at
this time the adversary Adv replaces the message si with
the false message si on behalf of the participant Pi and
forges the proof π  against π and broadcasts the message
(proof, sid, Di , π  ), when the other participants receive this
R
message and verify the proof when , query whether Fnizk has
stored π  , and since π  is not generated by Fnizk
R
, determine
whether (x, Di ) ∈ R. According to the security of LWE
assumptions and the security of zero-knowledge proofs, only
the input encoded by LWE instances can pass the verification
, in other words, the probability that a non-LWE encoded
input passes verification is negligible.As mentioned above, our
protocol UC realized the ideal function.
VI. C ONCLUSION
This paper is based on designing secure multi-party com-
putation protocols under the assumption of LWE to reduce
the number of interactions of each participant and reduce the
number of rounds by transmitting the results over the broadcast
channel for the purpose of round optimization, and has a
stronger security concept compared to the traditional secure
multi-party computation protocols. In future work, the effect
of sublinear overhead of communication can be considered to
achieve the execution of the protocol, and the general static
security can be converted to adaptive security with higher
security strength, combining various effective cryptographic
primitives and techniques to solve the problems of security,
fairness and efficiency.
ACKNOWLEDGMENT
This study is supported by Foundation of National Natural
Science Foundation of China (61962009); Talent project of
 Guizhou Big Data Academy.Guizhou Provincial Key Labora- [18] C. Hazay, and M. Venkitasubramaniam, ” Composable Adaptive Secure
Protocols Without Setup Under Polytime Assumptions.,” In: Hirt, M.,
tory of Public Big Data ([2018]01); Foundation of Guangxi Smith, A. (eds) Theory of Cryptography. TCC 2016. Lecture Notes in
Key Laboratory of Cryptography and Information Security Computer Science(), vol 9985. 2016.
(GCIS202118). [19] C. Gentry, S. Gorbunov, and S. Halevi, ” Graph-Induced Multilinear
Maps from Lattices,” In: Dodis, Y., Nielsen, J.B. (eds) Theory of
Cryptography. TCC 2015. Lecture Notes in Computer Science, vol 9015,
R EFERENCES 2015.
[1] A. C. Yao, “Protocols for secure computations,” in Proceedings of the
23rd Annual IEEE Symposium on Foundations of Computer Science,
pp. 160–164, Chicago, Ill, USA, 1982.
[2] O. Goldreich, S. Micali, and A. Wigderson, ”How to play ANY mental
game,” In Proceedings of the nineteenth annual ACM symposium on
Theory of computing (STOC ’87). Association for Computing Machin-
ery, New York, NY, USA, 218–229, 1987.
[3] E. Boyle, N. Gilboa, and Y. Ishai, ”Breaking the Circuit Size Barrier
for Secure Computation Under DDH,” In: Robshaw, M., Katz, J. (eds)
Advances in Cryptology – CRYPTO 2016. CRYPTO 2016. Lecture
Notes in Computer Science(), vol 9814, 2016.
[4] S. Garg, and A. Srinivasan, ”Two-Round Multiparty Secure Computation
from Minimal Assumptions,” In: Nielsen, J., Rijmen, V. (eds) Advances
in Cryptology – EUROCRYPT 2018 . EUROCRYPT 2018. Lecture
Notes in Computer Science(), vol 10821, 2018.
[5] C. Hazay, E. Orsini, P. Scholl, and E. Soria-Vazquez, ”TinyKeys: A
New Approach to Efficient Multi-Party Computation,” In: Shacham, H.,
Boldyreva, A. (eds) Advances in Cryptology – CRYPTO 2018. CRYPTO
2018. Lecture Notes in Computer Science(), vol 10993, 2018.
[6] Y. Chen, S. Dong, T. Li, Y. Wang and H. Zhou, ”Dynamic Multi-Key
FHE in Asymmetric Key Setting From LWE,” in IEEE Transactions on
Information Forensics and Security, vol. 16, pp. 5239-5249, 2021.
[7] Y. Chen, J. Sun, Y. Yang, T. Li, X. Niu, and H. Zhou, ” PSSPR: A source
location privacy protection scheme based on sector phantom routing in
WSNs,” International Journal of Intelligent Systems, 37, 1204 - 1221,
2022.
[8] T. Li, Z. Wang, G. Yang, Y. Cui, Y. Chen, and X. Yu, ” Semi-selfish
mining based on hidden Markov decision process,” International Journal
of Intelligent Systems, 36, 3596 - 3612, 2021.
[9] T. Li, Z. Wang, Y. Chen, C. Li, Y. Jia, and Y. Yang, ” Is semi-
selfish mining available without being detected?” International Journal
of Intelligent Systems. 2021.
[10] P. Ananth, A.R. Choudhuri, and A. Jain, ”A New Approach to Round-
Optimal Secure Multiparty Computation,” In: Katz, J., Shacham, H.
(eds) Advances in Cryptology – CRYPTO 2017. CRYPTO 2017. Lecture
Notes in Computer Science(), vol 10401, 2017.
[11] P. Mukherjee, D. Wichs, ” Two Round Multiparty Computation via
Multi-key FHE,” In: Fischlin, M., Coron, JS. (eds) Advances in Cryp-
tology – EUROCRYPT 2016. EUROCRYPT 2016. Lecture Notes in
Computer Science(), vol 9666, 2016.
[12] Z. Brakerski, S. Halevi, A. Polychroniadou, ” Four Round Secure
Computation Without Setup,” In: Kalai, Y., Reyzin, L. (eds) Theory
of Cryptography. TCC 2017. Lecture Notes in Computer Science(), vol
10677, 2017.
[13] D. Dachman-Soled, J. Katz, and V. Rao, ” Adaptively Secure, Uni-
versally Composable, Multiparty Computation in Constant Rounds,”
In: Dodis, Y., Nielsen, J.B. (eds) Theory of Cryptography. TCC 2015.
Lecture Notes in Computer Science, vol 9015. 2015.
[14] R. Canetti, S. Goldwasser, and O. Poburinnaya, ” Adaptively Se-
cure Two-Party Computation from Indistinguishability Obfuscation,” In:
Dodis, Y., Nielsen, J.B. (eds) Theory of Cryptography. TCC 2015.
Lecture Notes in Computer Science, vol 9015, 2015.
[15] G. Asharov, A. Jain, A. López-Alt, E. Tromer, V. Vaikuntanathan,
and D. Wichs, ” Multiparty Computation with Low Communication,
Computation and Interaction via Threshold FHE,” In: Pointcheval, D.,
Johansson, T. (eds) Advances in Cryptology – EUROCRYPT 2012.
EUROCRYPT 2012. Lecture Notes in Computer Science, vol 7237,
2012.
[16] D. Micciancio, and C. Peikert, ”Trapdoors for Lattices: Simpler, Tighter,
Faster, Smaller,” In: Pointcheval, D., Johansson, T. (eds) Advances in
Cryptology – EUROCRYPT 2012. EUROCRYPT 2012. Lecture Notes
in Computer Science, vol 7237, 2012.
[17] R. Cohen, A. Shelat, and D. Wichs, ” Adaptively Secure MPC with
Sublinear Communication Complexity,” In: Boldyreva, A., Micciancio,
D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019.
Lecture Notes in Computer Science(), vol 11693, 2019.

342

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on June 09,2025 at 08:04:34 UTC from IEEE Xplore. Restrictions apply.