We consider secure multi-party computation in the asynchronous model and present an efficient protocol with optimal resilience. For n parties, up to t < n/3 of them being corrupted, and security parameter κ, a circuit with c gates can be securely computed with communication complexity bits. In contrast to all previous asynchronous protocols with optimal resilience, our protocol requires access to an expensive broadcast primitive only times — independently of the size c of the circuit. This results in a practical protocol with a very low communication overhead.

One major drawback of a purely asynchronous network is that the inputs of up to t honest parties cannot be considered for the evaluation of the circuit. Waiting for all inputs could take infinitely long when the missing inputs belong to corrupted parties. Our protocol can easily be extended to a hybrid model, in which we have one round of synchronicity at the end of the input stage, but are fully asynchronous afterwards. In this model, our protocol allows to evaluate the circuit on the inputs of every honest party.