Secure two-party computation: Difference between revisions

The security of a two-party computation protocol is usually defined through a comparison with an idealised scenario that is secure by definition. The idealised scenario involves a [[Trusted third party|trusted party]] that collects the input of the two parties over [[secure channel]]s and returns the result if none of the parties chooses to abort. The cryptographic two-party computation protocol is secure, if it behaves no worse than this ideal protocol, but without the additional [[trust (social sciences)|trust]] [[:wikt:assumption|assumptions]]. This is usually modeled using a simulator. The task of the simulator is to act as a wrapper around the idealised protocol to make it appear like the cryptographic protocol. The simulation succeeds with respect to an [[Information theory|information theoretic]], respectively [[computationally bounded adversary]] if the output of the simulator is [[statistically close]] to, respectively [[computationally indistinguishable]] from the output of the cryptographic protocol. A two-party computation protocol is secure, if for all adversaries there exists a successful simulator.