Is it possible to make the result of secure multi-party computation only available to one party?

Question

According the ordinary definition of secure multi-party computation, all the parties will learn the final result but cannot learn others' input values. My question is: is it possible to design a "secure multi-part computation" protocol such that only one party can learn the final result and no party can learn the input of others?

Thank you:)

Answer 1

The short answer is yes. In MPC the "functionality", f, defines the desired behaviour.

f(x,y) = (out_1, out_2)

Here, in the two party setting, x is the input of the first party, and y the input of the second, out_1 is the output of the first and out_2 the output of the second. The two outputs can be different.

A simple, very widely used example is Oblivious Transfer which is defined as:

f((b_0, b_1), c) = (_, b_c)

Here the first party inputs two values, (b_0, b_1) and the second party inputs a bit, c. The first party receives nothing, and the second party receives the b corresponding to it's choice, c.

For a concrete and through treatment of the matter I would refer you to Lindell's seminal tutorial (section 4.2 is likely the part that will help the most).