'''Secure two-party computation''' (2PC) is sub-problem of [[secure multi-party computation]] (MPC) that has received special attention by researchers because of its close relation to many [[cryptographic]] tasks. The goal of 2PC is to create a generic protocol that allows two parties to jointly compute an arbitrary function on their inputs without sharing the value of their inputs with the opposing party. One of the most well known examples of 2PC is [[Yao's Millionaires' Problem|Yao's millionaire problem]], in which two parties, Alice and Bob, are millionaires who wish to determine who is wealthier without revealing their wealth. Formally, Alice has wealth <math>a</math>, Bob has wealth <math>b</math>, and they wish to compute <math>a \geq b</math> without revealing the values <math>a</math> or <math>b</math>.
[[Andrew Yao|Yao]]'s [[garbled circuit protocol]] for two-party computation <ref>{{Cite journalbook | last1 = Yao | first1 = A. C. | title = Protocols23rd forAnnual secureSymposium computationson Foundations of Computer Science (sfcs 1982) | doi = 10.1109/SFCS.1982.38 | pages = 160–164 | year = 1982 | pmid = | pmc = | chapter = Protocols for secure computations }}</ref> only provided security against passive adversaries. 2PC protocols that are secure against active adversaries were proposed by Lindell and Pinkas,<ref>{{Cite journalbook | last1 = Lindell | first1 = Y. | title = Advances in Cryptology - EUROCRYPT 2007 | last2 = Pinkas | first2 = B. | doi = 10.1007/978-3-540-72540-4_4 | titlevolume = An4515 Efficient| Protocolpages for= Secure52–78 Two-Party| Computationyear in= the Presence of Malicious Adversaries2007 | volumepmid = 4515 | pagespmc = 52–78 | yearseries = 2007Lecture |Notes pmidin =Computer Science | pmcisbn = 978-3-540-72539-8 }}</ref> Ishai, Prabhakaran and Sahai <ref>{{Cite journalbook | last1 = Ishai | first1 = Y. | title = Advances in Cryptology – CRYPTO 2008 | last2 = Prabhakaran | first2 = M. | last3 = Sahai | first3 = A. | title = Founding Cryptography on Oblivious Transfer – Efficiently | doi = 10.1007/978-3-540-85174-5_32 | volume = 5157 | pages = 572–591 | year = 2008 | pmid = | pmc = | series = Lecture Notes in Computer Science | isbn = 978-3-540-85173-8 }}</ref> and Nielsen and Orlandi.<ref>{{Cite book | last1 = Nielsen | first1 = J. B. | last2 = Orlandi | first2 = C. | doi = 10.1007/978-3-642-00457-5_22 | chapter = LEGO for Two-Party Secure Computation | title = Theory of Cryptography | series = Lecture Notes in Computer Science | volume = 5444 | pages = 368–386 | year = 2009 | isbn = 978-3-642-00456-8 | pmid = | pmc = | citeseerx = 10.1.1.215.4422 }}</ref>
Another solution for this problem, that explicitly works with committed input was proposed by Jarecki and Shmatikov.<ref>{{Cite journalbook | last1 = Jarecki | first1 = S. | title = Advances in Cryptology - EUROCRYPT 2007 | last2 = Shmatikov | first2 = V. | doi = 10.1007/978-3-540-72540-4_6 | titlevolume = Efficient4515 Two-Party| Securepages Computation= on Committed Inputs97–114 | volumeyear = 45152007 | pagespmid = 97–114 | yearpmc = 2007 | pmidseries = Lecture Notes in Computer Science | pmcisbn = 978-3-540-72539-8 }}</ref>
