Non-Interactive Secure Multiparty Computation

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1, . . . , xn) is specified by a joint probability distribution R = (R1, . . . , Rn) and local encoding functions Enci(xi, ri), 1 ≤ i ≤ n. Given correlated randomness (r1, . . . , rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, ri). The messages m1, . . . ,mn can be used to decode f(x1, . . . , xn). For a set T ⊆ [n], the protocol is said to be T -robust if revealing the messages (Enci(xi, ri))i 6∈T together with the randomness (ri)i∈T gives the same information about (xi)i 6∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T -robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et