Secure two-party computation

Secure two-party computation (2PC) a.k.a. Secure function evaluation is sub-problem of secure multi-party computation (MPC) that has received special attention by researchers because of its close relation to many cryptographic tasks.^[1][2] The goal of 2PC is to create a generic protocol that allows two parties to jointly compute an arbitrary function on their inputs without sharing the value of their inputs with the opposing party.^[3] One of the most well known examples of 2PC is Yao's Millionaires' problem, in which two parties, Alice and Bob, are millionaires who wish to determine who is wealthier without revealing their wealth.^[4] Formally, Alice has wealth ${\displaystyle a}$, Bob has wealth ${\displaystyle b}$, and they wish to compute ${\displaystyle a\geq b}$ without revealing the values ${\displaystyle a}$ or ${\displaystyle b}$.

Yao's garbled circuit protocol for two-party computation only provided security against passive adversaries.^[5] One of the first general solutions for achieving security against active adversary was introduced by Goldreich, Micali and Wigderson^[6] by applying Zero-Knowledge Proof to enforce semi-honest behavior.^[7] This approach was known to be impractical for years due to high complexity overheads. However, significant improvements have been made toward applying this method in 2PC and Abascal, Faghihi Sereshgi, Hazay, Yuval Ishai and Venkitasubramaniam gave the first efficient protocol based on this approach.^[8] Another type of 2PC protocols that are secure against active adversaries were proposed by Yehuda Lindell and Benny Pinkas,^[9] Ishai, Manoj Prabhakaran and Amit Sahai^[10] and Jesper Buus Nielsen and Claudio Orlandi.^[11] Another solution for this problem, that explicitly works with committed input was proposed by Stanisław Jarecki and Vitaly Shmatikov.^[12]