Paper 2010/284

Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer

Yehuda Lindell and Benny Pinkas


Protocols for secure two-party computation enable a pair of parties to compute a function of their inputs while preserving security properties such as privacy, correctness and independence of inputs. Recently, a number of protocols have been proposed for the efficient construction of two-party computation secure in the presence of malicious adversaries (where security is proven under the standard simulation-based ideal/real model paradigm for defining security). In this paper, we present a protocol for this task that follows the methodology of using cut-and-choose to boost Yao's protocol to be secure in the presence of malicious adversaries. Relying on specific assumptions (DDH), we construct a protocol that is significantly more efficient and far simpler than the protocol of Lindell and Pinkas (Eurocrypt 2007) that follows the same methodology. We provide an exact, concrete analysis of the efficiency of our scheme and demonstrate that (at least for not very small circuits) our protocol is more efficient than any other known today.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in JOC 2012
secure two-party computationefficiencyDDH
Contact author(s)
lindell @ cs biu ac il
2014-10-29: last of 7 revisions
2010-05-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yehuda Lindell and Benny Pinkas},
      title = {Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer},
      howpublished = {Cryptology ePrint Archive, Paper 2010/284},
      year = {2010},
      doi = {10.1007/s00145-011-9107-0},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.