Journal of Cryptology

, Volume 22, Issue 2, pp 161–188 | Cite as

A Proof of Security of Yao’s Protocol for Two-Party Computation

  • Yehuda LindellEmail author
  • Benny Pinkas


In the mid 1980s, Yao presented a constant-round protocol for securely computing any two-party functionality in the presence of semi-honest adversaries (FOCS 1986). In this paper, we provide a complete description of Yao’s protocol, along with a rigorous proof of security. Despite the importance of Yao’s protocol to the theory of cryptography and in particular to the field of secure computation, to the best of our knowledge, this is the first time that an explicit proof of security has been published.


Secure two-party computation Semi-honest adversaries Yao’s two-party protocol Proofs of security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    D. Beaver, Foundations of secure interactive computing, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 377–391 Google Scholar
  2. [2]
    D. Beaver, Correlated pseudorandomness and the complexity of private computations, in 28th STOC (1996), pp. 479–488 Google Scholar
  3. [3]
    D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols, in 22nd STOC (1990), pp. 503–513 Google Scholar
  4. [4]
    R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000) zbMATHCrossRefMathSciNetGoogle Scholar
  5. [5]
    C. Dwork, M. Naor, O. Reingold, Immunizing encryption schemes from decryption errors, in Eurocrypt 2004. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 342–360 Google Scholar
  6. [6]
    S. Even, O. Goldreich, A. Lempel, A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985) CrossRefMathSciNetGoogle Scholar
  7. [7]
    O. Goldreich, Foundations of Cryptography; vol. 2: Basic Applications (Cambridge University Press, Cambridge, 2004) Google Scholar
  8. [8]
    O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM 33(4), 792–807 (1986) CrossRefMathSciNetGoogle Scholar
  9. [9]
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game—a completeness theorem for protocols with honest majority, in 19th STOC (1987), pp. 218–229. For details, see [7] Google Scholar
  10. [10]
    S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in CRYPTO’90. LNCS, vol. 537 (Springer, Berlin, 1990), pp. 77–93 Google Scholar
  11. [11]
    S. Micali, P. Rogaway, Secure computation, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 392–404 Google Scholar
  12. [12]
    M. Naor, B. Pinkas, R. Sumner, Privacy preserving auctions and mechanism design, in The 1st ACM Conference on Electronic Commerce (1999), pp. 129–139 Google Scholar
  13. [13]
    M. Rabin, How to exchange secrets by oblivious transfer. Tech. Memo TR-81, Aiken Computation Laboratory, Harvard U., 1981 Google Scholar
  14. [14]
    P. Rogaway, The round complexity of secure protocols. MIT PhD thesis, June 1991 Google Scholar
  15. [15]
    A. Yao, How to generate and exchange secrets, in 27th FOCS (1986), pp. 162–167 Google Scholar

Copyright information

© International Association for Cryptologic Research 2008

Authors and Affiliations

  1. 1.Department of Computer ScienceBar-Ilan UniversityRamat GanIsrael
  2. 2.Department of Computer ScienceHaifa UniversityHaifaIsrael

Personalised recommendations