BGP configuration verification faces dual challenges of privacy leakage and scalability in large-scale networks. This paper introduces malicious-secure multi-party computation (MPC) to BGP verification for the first time, proposing an end-to-end privacy-preserving routing policy verification system. It combines formal BGP semantic modeling with a distributed convergence verification algorithm to enable zero-knowledge correctness proofs. The system achieves sub-3-second verification latency on thousand-node topologies and is formally proven to satisfy strong simulation-based privacy—guaranteeing that no participant learns any raw routing configurations or policies, even during cross-AS collaborative verification. Its core innovation lies in the tight integration of MPC protocols with BGP semantics, achieving both rigorous information-theoretic privacy and practical scalability for real-world deployment.

The Internet relies on routing protocols to direct traffic efficiently across interconnected networks, with the Border Gateway Protocol (BGP) serving as the core mechanism managing routing between autonomous systems. However, BGP configurations are largely manual, making them susceptible to human errors that can lead to outages or security vulnerabilities. Verifying the correctness and convergence of BGP configurations is therefore essential for maintaining a stable and secure Internet. Yet, this verification process faces two key challenges: preserving the privacy of proprietary routing information and ensuring scalability across large, distributed networks. This paper introduces a privacy-preserving verification framework that leverages multiparty computation (MPC) to validate BGP configurations without exposing sensitive routing data. Our approach overcomes both privacy and scalability challenges by ensuring that no information beyond the verification outcome is revealed. Through formal analysis, we show that the proposed method achieves strong privacy guarantees and practical scalability, providing a secure and efficient foundation for verifying BGP-based routing in the Internet backbone.