Quoting Martin Geisler <[EMAIL PROTECTED]>: > I tried running benchmark using only my own computer, and there it takes > about 12 ms pr multiplication or a little more than 10 times as much as > the normal passively secure multiplication. > > This is not so strange -- I have skipped all the oppotunities for > preprocessing, everything is generated online (double sharings, triples, > matrix multiplication, etc...) But the protocol also lacks the > verifications needed to really make it secure, so I don't know how the > final results will look.
One remark: I believe our standard passively secure protocol takes advantage of pseudorandom secret sharing, which the new stuff does not, and this may be another part of the explanation for the difference in timing. In fact pseudorandom secret sharing is a bigger advantage for active security: you can make guaranteed consistent sharings at exactly the same cost as in the passive case, assuming of course that the number of players is small. So it would be interesting to make an alternative implementation that generates the basic stuff using PRSS, where basic stuff means sharings [a]_t,[b]_t,[r]_t, [r]_2t for random a,b,r (subscripts refer to the degree). From this, the multiplication triples are straightforward to make. One needs a modification to PRSS to do the pairs [r]_t,[r]_2t, but I think this should be not too hard. regards, Ivan > > Please take a look at the TODO items in the source if you want to help! > > -- > Martin Geisler > _______________________________________________ viff-devel mailing list (http://viff.dk/) [email protected] http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
