Advances in Cryptology – EUROCRYPT 2013

Volume 7881 of the series Lecture Notes in Computer Science pp 537-556

MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions

  • Tore Kasper FrederiksenAffiliated withDepartment of Computer Science, Aarhus University
  • , Thomas Pelle JakobsenAffiliated withDepartment of Computer Science, Aarhus University
  • , Jesper Buus NielsenAffiliated withDepartment of Computer Science, Aarhus University
  • , Peter Sebastian NordholtAffiliated withDepartment of Computer Science, Aarhus University
  • , Claudio OrlandiAffiliated withDepartment of Computer Science, Aarhus University

* Final gross prices may vary according to local VAT.

Get Access


One of the main tools to construct secure two-party computation protocols are Yao garbled circuits. Using the cut-and-choose technique, one can get reasonably efficient Yao-based protocols with security against malicious adversaries. At TCC 2009, Nielsen and Orlandi [28] suggested to apply cut-and-choose at the gate level, while previously cut-and-choose was applied on the circuit as a whole. This idea allows for a speed up with practical significance (in the order of the logarithm of the size of the circuit) and has become known as the “LEGO” construction. Unfortunately the construction in [28] is based on a specific number-theoretic assumption and requires public-key operations per gate of the circuit. The main technical contribution of this work is a new XOR-homomorphic commitment scheme based on oblivious transfer, that we use to cope with the problem of connecting the gates in the LEGO construction. Our new protocol has the following advantages:

  1. 1

    It maintains the efficiency of the LEGO cut-and-choose.

  2. 2

    After a number of seed oblivious transfers linear in the security parameter, the construction uses only primitives from Minicrypt (i.e., private-key cryptography) per gate in the circuit (hence the name MiniLEGO).

  3. 3

    MiniLEGO is compatible with all known optimization for Yao garbled gates (row reduction, free-XORs, point-and-permute).