Paper 2002/140

Universally Composable Two-Party and Multi-Party Secure Computation

Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai


We show how to securely realize any two-party and multi-party functionality in a {\em universally composable} way, regardless of the number of corrupted participants. That is, we consider an asynchronous multi-party network with open communication and an adversary that can adaptively corrupt as many parties as it wishes. In this setting, our protocols allow any subset of the parties (with pairs of parties being a special case) to securely realize any desired functionality of their local inputs, and be guaranteed that security is preserved regardless of the activity in the rest of the network. This implies that security is preserved under concurrent composition of an unbounded number of protocol executions, it implies non-malleability with respect to arbitrary protocols, and more. Our constructions are in the common reference string model and rely on standard intractability assumptions.

Note: This is a full version of the paper.

Available format(s)
Publication info
Published elsewhere. An extended abstract of this paper appeared in STOC 2002.
two-party and multi-party computationsecure composition of protocolsproofs of security
Contact author(s)
lindell @ us ibm com
2003-07-14: last of 3 revisions
2002-09-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ran Canetti and Yehuda Lindell and Rafail Ostrovsky and Amit Sahai},
      title = {Universally Composable Two-Party and Multi-Party Secure Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2002/140},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.