Secure two-party computation via cut-and-choose oblivious transfer

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

112 Scopus citations


Protocols for secure two-party computation enable a pair of parties to compute a function of their inputs while preserving security properties such as privacy, correctness and independence of inputs. Recently, a number of protocols have been proposed for the efficient construction of two-party computation secure in the presence of malicious adversaries (where security is proven under the standard simulation-based ideal/real model paradigm for defining security). In this paper, we present a protocol for this task that follows the methodology of using cut-and-choose to boost Yao's protocol to be secure in the presence of malicious adversaries. Relying on specific assumptions (DDH), we construct a protocol that is significantly more efficient and far simpler than the protocol of Lindell and Pinkas (Eurocrypt 2007) that follows the same methodology. We provide an exact, concrete analysis of the efficiency of our scheme and demonstrate that (at least for not very small circuits) our protocol is more efficient than any other known today.

Original languageEnglish
Title of host publicationTheory of Cryptography - 8th Theory of Cryptography Conference, TCC 2011, Proceedings
PublisherSpringer Verlag
Number of pages18
ISBN (Print)9783642195709
StatePublished - 2011
Event8th Theory of Cryptography Conference, TCC 2011 - Providence, RI, United States
Duration: 28 Mar 201130 Mar 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6597 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference8th Theory of Cryptography Conference, TCC 2011
Country/TerritoryUnited States
CityProvidence, RI

Bibliographical note

Place of conference:Providence, RI, USA


Dive into the research topics of 'Secure two-party computation via cut-and-choose oblivious transfer'. Together they form a unique fingerprint.

Cite this