International Association
for Cryptologic Research

With relatively few exceptions, the literature on efficient (practical) secure computation has focused on secure two-party computation~(2PC). It is, in general, unclear whether the techniques used to construct practical 2PC protocols---in particular, the \\emph{cut-and-choose} approach---can be adapted to the multi-party setting.

In this work we explore the possibility of using cut-and-choose for practical secure \\emph{three-party} computation. The three-party case has been studied in prior work in the semi-honest setting, and is motivated by the observation that real-world deployments of multi-party computation are likely to involve few parties. We propose a constant-round protocol for three-party computation tolerating any number of malicious parties, whose computational cost is essentially only \\emph{twice} that of state-of-the-art two-party protocols.