In the mid 1980s, Yao presented a constant-round protocol for securely computing any two-party functionality in the presence of semi-honest adversaries (FOCS 1986). In this paper, we provide a complete description of Yao’s protocol, along with a rigorous proof of security. Despite the importance of Yao’s protocol to the theory of cryptography and in particular to the field of secure computation, to the best of our knowledge, this is the first time that an explicit proof of security has been published.
D. Beaver, Foundations of secure interactive computing, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 377–391
D. Beaver, Correlated pseudorandomness and the complexity of private computations, in 28th STOC (1996), pp. 479–488
D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols, in 22nd STOC (1990), pp. 503–513
R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
C. Dwork, M. Naor, O. Reingold, Immunizing encryption schemes from decryption errors, in Eurocrypt 2004. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 342–360
S. Even, O. Goldreich, A. Lempel, A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)
O. Goldreich, Foundations of Cryptography; vol. 2: Basic Applications (Cambridge University Press, Cambridge, 2004)
O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM 33(4), 792–807 (1986)
O. Goldreich, S. Micali, A. Wigderson, How to play any mental game—a completeness theorem for protocols with honest majority, in 19th STOC (1987), pp. 218–229. For details, see 
S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in CRYPTO’90. LNCS, vol. 537 (Springer, Berlin, 1990), pp. 77–93
S. Micali, P. Rogaway, Secure computation, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 392–404
M. Naor, B. Pinkas, R. Sumner, Privacy preserving auctions and mechanism design, in The 1st ACM Conference on Electronic Commerce (1999), pp. 129–139
M. Rabin, How to exchange secrets by oblivious transfer. Tech. Memo TR-81, Aiken Computation Laboratory, Harvard U., 1981
P. Rogaway, The round complexity of secure protocols. MIT PhD thesis, June 1991
A. Yao, How to generate and exchange secrets, in 27th FOCS (1986), pp. 162–167
Most of this work was carried out while at IBM T.J. Watson Research, New York.
Most of this work was carried out while at HP Labs, New Jersey.
Communicated by Dan Boneh.
About this article
Cite this article
Lindell, Y., Pinkas, B. A Proof of Security of Yao’s Protocol for Two-Party Computation. J Cryptol 22, 161–188 (2009). https://doi.org/10.1007/s00145-008-9036-8
- Secure two-party computation
- Semi-honest adversaries
- Yao’s two-party protocol
- Proofs of security