Paper 2011/508

Secure Two-Party Computation with Low Communication

Ivan Damgård, Sebastian Faust, and Carmit Hazay


We propose a 2-party UC-secure protocol that can compute any function securely. The protocol requires only two messages, communication that is poly-logarithmic in the size of the circuit description of the function, and the workload for one of the parties is also only poly-logarithmic in the size of the circuit. This implies, for instance, delegatable computation that requires no expensive off-line phase and remains secure even if the server learns whether the client accepts its results. To achieve this, we define two new notions of extractable hash functions, propose an instantiation based on the knowledge of exponent in an RSA group, and build succinct zero-knowledge arguments in the CRS model.

Note: Construction based on weaker extractability assumption

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Secure Two-Party ComputationExtractable Hash FunctionsCommunication and Round ComplexityNon-Interactive Secure ComputationDelegatable Computation
Contact author(s)
carmit @ cs au dk
2012-03-13: last of 5 revisions
2011-09-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ivan Damgård and Sebastian Faust and Carmit Hazay},
      title = {Secure Two-Party Computation with Low Communication},
      howpublished = {Cryptology ePrint Archive, Paper 2011/508},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.