论文部分内容阅读
Cut-and-choose paradigm makes Yao’s protocol for two-party computation secure in malicious model with an error probability.In CRYPTO 2013,based on multi-phase cut-and-choose,Lindell reduced this probability to the optimal value.However,this work can only compute single-output functions with optimal error probability.We transform multi-phase cut-and-choose for singleoutput case into one that can deal with two-output functions,meanwhile maintaining the optimal error probability.Based on this new paradigm,we propose an efficient two-output secure computation protocol.Besides,by utilizing the specific property of the output garbled keys,we solve the authenticity issue of the generator’s output with only symmetric cryptographic operations linear in the output length of the generator,which is the most efficient method so far in standard model without Random oracle(RO).
Cut-and-choose paradigm makes Yao’s protocol for two-party computation secure in malicious model with an error probability. In CRYPTO 2013, based on multi-phase cut-and-choose, Lindell reduced this probability to the optimal value. work can only compute single-output functions with optimal error probability. We transform multi-phase cut-and-choose for single output case into one that that can deal with two-output functions, meanwhile maintain the optimal error probability. Based on this new paradigm, we propose an efficient two-output secure computation protocol .esides, by utilizing the specific property of the output garbled keys, we solve the output of the generator’s output with only symmetric cryptographic operations linear in the output length of the generator, which is the most efficient method so far in standard model without Random oracle (RO).