Two-Output Secure Computation with Malicious Adversaries

  • Abhi shelat
  • Chih-hao Shen
Conference paper

DOI: 10.1007/978-3-642-20465-4_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6632)
Cite this paper as:
shelat A., Shen C. (2011) Two-Output Secure Computation with Malicious Adversaries. In: Paterson K.G. (eds) Advances in Cryptology – EUROCRYPT 2011. EUROCRYPT 2011. Lecture Notes in Computer Science, vol 6632. Springer, Berlin, Heidelberg


We present a method to compile Yao’s two-player garbled circuit protocol into one that is secure against malicious adversaries that relies on witness indistinguishability. Our approach can enjoy lower communication and computation overhead than methods based on cut-and-choose [13] and lower overhead than methods based on zero-knowledge proofs [8] (or Σ-protocols [14]). To do so, we develop and analyze new solutions to issues arising with this transformation:

  1. How to guarantee the generator’s input consistency

  2. How to support different outputs for each player without adding extra gates to the circuit of the function f being computed

  3. How the evaluator can retrieve input keys but avoid selective failure attacks

  4. Challenging 3/5 of the circuits is near optimal for cut-and-choose (and better than challenging 1/2)


Our protocols require the existence of secure-OT and claw-free functions that have a weak malleability property. We discuss an experimental implementation of our protocol to validate our efficiency claims.


Witness indistiguishability Yao garbled circuits signature schemes 
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Abhi shelat
    • 1
  • Chih-hao Shen
    • 1
  1. 1.University of VirginiaCharlottesvilleUSA

Personalised recommendations