Plans to support MPC over elliptic curves?

[EmanQh]

Hello Marcel,

I’m wondering if there are any plans to support MPC over elliptic curves, for example as in Distributing any Elliptic Curve Based Protocol?

For my use case, I would only need to perform linear operations over elliptic curves using Araki et al. Do you have any suggestions for implementing this with this software?

Any help would be greatly appreciated.

[mkskeller]

ECDSA is already supported: https://mp-spdz.readthedocs.io/en/latest/ecdsa.html
See also the relevant paper: https://eprint.iacr.org/2019/889
Linear operations in said protocol should be straightforward using Rep3Share<P256Element> with the curve already used. For another curve, you need to adapt P256Element in ECDSA/P256Element.cpp.

[EmanQh]

Does this include multiplying a point in an elliptic curve held in secret shared form by a public scalar? I have added the lines below after line 78 in ECDSA/preprocessing.cpp to test both point addition and multiplication by a public scalar. The former works but the latter raises the error shown in the screenshot below.

    P256Element opened_result1, opened_result2;
    cShare secret_result;
    secret_result = bs[1];
    opened_result1 = MCc.open(secret_result + secret_result, extra_player);
    opened_result2 = MCc.open(secret_result * cs_opened[1], extra_player);

[mkskeller]

This functionality is indeed missing. You should find that f7c5a18 adds it.

[EmanQh]

Thank you!