VIFF: Virtual Ideal Functionality Framework
VIFF is a general framework for doing secure multi-party computations. In a secure multi-party computation several parties jointly compute an agreed function without leaking any information on their inputs. This could be an election where the correct tally is computed without revealing any information on the individual votes. In a protocol with n players, the confidentiality of the inputs is ensured when up to n/2 of the players are corrupted.
VIFF is Free Software licensed under the GNU General Public License (GPL) version 2 or later. Please see the file COPYING for details. Please see the INSTALL file for installation instructions.
VIFF is still under development, but it is nevertheless quite usable and offers the following features:
- secret sharing based on standard Shamir and pseudo-random secret sharing (PRSS).
- arithmetic with shares from Zp or GF(2^8): addition, multiplication, exclusive-or.
- two comparison protocols which compare secret shared Zp inputs, with secret GF(2^8) or Zp output.
- reliable broadcast, even in the presence of active adversaries.
- computations with any number of players for which an honest majority can be found.
- optional support for encrypted TLS connections between the players.
All operations are automatically scheduled to run in parallel meaning that an operation starts as soon as the operands are ready.
The TODO file lists a number of ideas for future work.
Should you encounter a bug or have problems with VIFF, then please start by downloading the latest version on http://viff.dk/. If that does not help, then ask for help on the VIFF mailing list at
You can subscribe to the list at
The apps directory contains a number of example applications. They require player configuration files to be generated in advance, use apps/generate-config-files.py for that. Run apps/generate-certificates to generate certificates for TLS communication. This is optional, the examples that support command line arguments can be run with a --no-tls flag and will then use plain TCP connections. Finally, execute three players, starting with player 3, then 2, and finally 1.