Skip to main content

A Proof of Security of Yao’s Protocol for Two-Party Computation


In the mid 1980s, Yao presented a constant-round protocol for securely computing any two-party functionality in the presence of semi-honest adversaries (FOCS 1986). In this paper, we provide a complete description of Yao’s protocol, along with a rigorous proof of security. Despite the importance of Yao’s protocol to the theory of cryptography and in particular to the field of secure computation, to the best of our knowledge, this is the first time that an explicit proof of security has been published.


  1. [1]

    D. Beaver, Foundations of secure interactive computing, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 377–391

    Google Scholar 

  2. [2]

    D. Beaver, Correlated pseudorandomness and the complexity of private computations, in 28th STOC (1996), pp. 479–488

  3. [3]

    D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols, in 22nd STOC (1990), pp. 503–513

  4. [4]

    R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    MATH  Article  MathSciNet  Google Scholar 

  5. [5]

    C. Dwork, M. Naor, O. Reingold, Immunizing encryption schemes from decryption errors, in Eurocrypt 2004. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 342–360

    Google Scholar 

  6. [6]

    S. Even, O. Goldreich, A. Lempel, A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)

    Article  MathSciNet  Google Scholar 

  7. [7]

    O. Goldreich, Foundations of Cryptography; vol. 2: Basic Applications (Cambridge University Press, Cambridge, 2004)

    Google Scholar 

  8. [8]

    O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM 33(4), 792–807 (1986)

    Article  MathSciNet  Google Scholar 

  9. [9]

    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game—a completeness theorem for protocols with honest majority, in 19th STOC (1987), pp. 218–229. For details, see [7]

  10. [10]

    S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in CRYPTO’90. LNCS, vol. 537 (Springer, Berlin, 1990), pp. 77–93

    Google Scholar 

  11. [11]

    S. Micali, P. Rogaway, Secure computation, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 392–404

    Google Scholar 

  12. [12]

    M. Naor, B. Pinkas, R. Sumner, Privacy preserving auctions and mechanism design, in The 1st ACM Conference on Electronic Commerce (1999), pp. 129–139

  13. [13]

    M. Rabin, How to exchange secrets by oblivious transfer. Tech. Memo TR-81, Aiken Computation Laboratory, Harvard U., 1981

  14. [14]

    P. Rogaway, The round complexity of secure protocols. MIT PhD thesis, June 1991

  15. [15]

    A. Yao, How to generate and exchange secrets, in 27th FOCS (1986), pp. 162–167

Download references

Author information



Corresponding author

Correspondence to Yehuda Lindell.

Additional information

Most of this work was carried out while at IBM T.J. Watson Research, New York.

Most of this work was carried out while at HP Labs, New Jersey.

Communicated by Dan Boneh.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Lindell, Y., Pinkas, B. A Proof of Security of Yao’s Protocol for Two-Party Computation. J Cryptol 22, 161–188 (2009).

Download citation


  • Secure two-party computation
  • Semi-honest adversaries
  • Yao’s two-party protocol
  • Proofs of security