Secure two-party computation: Difference between revisions

The security of a two-party computation protocol is usually defined through a comparison with an idealised scenario that is secure by definition. The idealised scenario involves a [[Trusted_third_party|trusted party]] that collects the input of the two parties over [[secure channel]]s and returns the result if none of the parties chooses to abort. The cryptographic two-party computation protocol is secure, if it behaves no worse than this ideal protocol, but without the additional [[trust]] [[assumption]]s. This is usually modeled using a simulator. The task of the simulator is to act as a wrapper around the idealised protocol to make it appear like the cryptographic protocol. The simulation succeeds with respect to an [[Information_theory|information theoretic]], respectively computationally bounded adversary if the output of the simulator is equal to, respectively [[computationally indistinguishable]] from the output of the cryptographic protocol. A two-party computation protocol is secure, if for all adversaries there exists a successful simulator.