Content deleted Content added
Citation bot (talk | contribs) Alter: journal, title. Add: year, s2cid, authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by SemperIocundus | #UCB_webform 1324/2500 |
m Open access bot: doi added to citation with #oabot. |
||
Line 1:
'''Secure two-party computation''' (2PC) a.k.a. '''Secure function evaluation''' is sub-problem of [[secure multi-party computation]] (MPC) that has received special attention by researchers because of its close relation to many [[cryptographic]] tasks.<ref>{{Citation |last1=Wang |first1=Xiao |title=Faster Secure Two-Party Computation in the Single-Execution Setting |date=2017 |url=http://link.springer.com/10.1007/978-3-319-56617-7_14 |work=Advances in Cryptology – EUROCRYPT 2017 |volume=10212 |pages=399–424 |editor-last=Coron |editor-first=Jean-Sébastien |place=Cham |publisher=Springer International Publishing |language=en |doi=10.1007/978-3-319-56617-7_14 |isbn=978-3-319-56616-0 |access-date=2022-10-19 |last2=Malozemoff |first2=Alex J. |last3=Katz |first3=Jonathan |editor2-last=Nielsen |editor2-first=Jesper Buus}}</ref><ref>{{Cite web |title=MPC Wallet - What is MPC? |url=https://zengo.com/mpc-wallet/ |access-date=2022-10-19 |website=ZenGo |language=en-US}}</ref> The goal of 2PC is to create a generic protocol that allows two parties to jointly compute an arbitrary function on their inputs without sharing the value of their inputs with the opposing party.<ref>{{Cite journal |last1=Henecka |first1=Wilko |last2=K ögl |first2=Stefan |last3=Sadeghi |first3=Ahmad-Reza |last4=Schneider |first4=Thomas |last5=Wehrenberg |first5=Immo |date=2010 |title=TASTY: tool for automating secure two-party computations |url=http://portal.acm.org/citation.cfm?doid=1866307.1866358 |journal=Proceedings of the 17th ACM Conference on Computer and Communications Security - CCS '10 |language=en |___location=Chicago, Illinois, USA |publisher=ACM Press |pages=451 |doi=10.1145/1866307.1866358 |isbn=978-1-4503-0245-6|s2cid=7276194 }}</ref> One of the most well known examples of 2PC is [[Yao's Millionaires' Problem|Yao's Millionaires' problem]], in which two parties, Alice and Bob, are millionaires who wish to determine who is wealthier without revealing their wealth.<ref>{{Citation |last1=Lin |first1=Hsiao-Ying |title=An Efficient Solution to the Millionaires' Problem Based on Homomorphic Encryption |date=2005 |url=http://link.springer.com/10.1007/11496137_31 |work=Applied Cryptography and Network Security |volume=3531 |pages=456–466 |editor-last=Ioannidis |editor-first=John |place=Berlin, Heidelberg |publisher=Springer Berlin Heidelberg |language=en |doi=10.1007/11496137_31 |isbn=978-3-540-26223-7 |access-date=2022-10-19 |last2=Tzeng |first2=Wen-Guey |editor2-last=Keromytis |editor2-first=Angelos |editor3-last=Yung |editor3-first=Moti|doi-access=free }}</ref> Formally, Alice has wealth <math>a</math>, Bob has wealth <math>b</math>, and they wish to compute <math>a \geq b</math> without revealing the values <math>a</math> or <math>b</math>.
[[Andrew Yao|Yao]]'s [[garbled circuit protocol]] for two-party computation only provided security against passive adversaries.<ref>{{Cite book |last1=Yao |first1=A. C. |title=23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) |year=1982 |pages=160–164 |chapter=Protocols for secure computations |doi=10.1109/SFCS.1982.38 |s2cid=206558698}}</ref> One of the first general solutions for achieving security against active adversary was introduced by Goldreich, Micali and Wigderson<ref>{{Cite journal|last1=Goldreich|first1=O.|last2=Micali|first2=S.|last3=Wigderson|first3=A.|date=1987-01-01|title=How to play ANY mental game|url=https://doi.org/10.1145/28395.28420|journal=Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing|series=STOC '87|___location=New York, New York, USA|publisher=Association for Computing Machinery|pages=218–229|doi=10.1145/28395.28420|isbn=978-0-89791-221-1|s2cid=6669082 }}</ref> by applying Zero-Knowledge Proof to enforce semi-honest behavior.<ref>{{Cite journal |last1=Goldwasser |first1=S |last2=Micali |first2=S |last3=Rackoff |first3=C |date=1985-12-01 |title=The knowledge complexity of interactive proof-systems |url=https://doi.org/10.1145/22145.22178 |journal=Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing |series=STOC '85 |___location=Providence, Rhode Island, USA |publisher=Association for Computing Machinery |pages=291–304 |doi=10.1145/22145.22178 |isbn=978-0-89791-151-1|s2cid=8689051 }}</ref> This approach was known to be impractical for years due to high complexity overheads. However, significant improvements have been made toward applying this method in 2PC and Abascal, Faghihi Sereshgi, Hazay, Yuval Ishai and Venkitasubramaniam gave the first efficient protocol based on this approach.<ref>{{Cite journal|last1=Abascal|first1=Jackson|last2=Faghihi Sereshgi|first2=Mohammad Hossein|last3=Hazay|first3=Carmit|last4=Ishai|first4=Yuval|last5=Venkitasubramaniam|first5=Muthuramakrishnan|date=2020-10-30|title=Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC|url=https://doi.org/10.1145/3372297.3423366|journal=Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security|series=CCS '20|___location=Virtual Event, USA|publisher=Association for Computing Machinery|pages=1591–1605|doi=10.1145/3372297.3423366|isbn=978-1-4503-7089-9|s2cid=226228208 }}</ref> Another type of 2PC protocols that are secure against active adversaries were proposed by Yehuda Lindell and Benny Pinkas,<ref>{{Cite book | last1 = Lindell | first1 = Y. | title = Advances in Cryptology - EUROCRYPT 2007 | last2 = Pinkas | first2 = B. | doi = 10.1007/978-3-540-72540-4_4 | volume = 4515 | pages = 52–78 | year = 2007 | series = Lecture Notes in Computer Science | isbn = 978-3-540-72539-8 }}</ref> Ishai, Manoj Prabhakaran and [[Amit Sahai]]<ref>{{Cite book |last1=Ishai |first1=Y. |title=Advances in Cryptology – CRYPTO 2008 |last2=Prabhakaran |first2=M. |last3=Sahai |first3=A. |year=2008 |isbn=978-3-540-85173-8 |series=Lecture Notes in Computer Science |volume=5157 |pages=572–591 |doi=10.1007/978-3-540-85174-5_32}}</ref> and Jesper Buus Nielsen and Claudio Orlandi.<ref>{{Cite book | last1 = Nielsen | first1 = J. B. | last2 = Orlandi | first2 = C. | doi = 10.1007/978-3-642-00457-5_22 | chapter = LEGO for Two-Party Secure Computation | title = Theory of Cryptography | series = Lecture Notes in Computer Science | volume = 5444 | pages = 368–386 | year = 2009 | isbn = 978-3-642-00456-8 | citeseerx = 10.1.1.215.4422 }}</ref> Another solution for this problem, that explicitly works with committed input was proposed by Stanisław Jarecki and Vitaly Shmatikov.<ref>{{Cite book | last1 = Jarecki | first1 = S. | title = Advances in Cryptology - EUROCRYPT 2007 | last2 = Shmatikov | first2 = V. | doi = 10.1007/978-3-540-72540-4_6 | volume = 4515 | pages = 97–114 | year = 2007 | series = Lecture Notes in Computer Science | isbn = 978-3-540-72539-8 }}</ref>
| |||