Secure Two-Party Computation Based on Fast Cut-and-Choose Bilateral Oblivious Transfer

Abstract

In secure two-party computation, each party has its input and wants to jointly compute a function from which it obtains the output corresponding to its respective inputs. For achieving security against a malicious adversary, an effective approach is using cut-and-choose, which requires the circuit constructor P1 to construct S copies of the circuit C (C is used to compute the function F). The circuit evaluator P2 selects S∕2 circuits to open for the check. If these S∕2 circuits are correctly constructed, P2 assumes that the remaining S∕2 circuits are also correctly constructed and uses the remaining circuits to compute. However, this method introduces significant computational complexity and interactive rounds, mainly due to more circuits that must be used for security purposes and the need for multiple interactions to transmit the keys. In this paper, regarding the issue above, we present a novel secure two-party computation protocol, and it can achieve security against the malicious adversary. Concretely, we still use the idea of cut-and-choose but improve the cut-and-choose oblivious transfer (CCOT) of the usual secure two-party computation protocol into cut-and-choose bilateral oblivious transfer (CCBOT) and propose a variant of it that we call batch single-choice CCBOT, which makes our protocol only needs two rounds of interaction to complete the transmission of all keys and 28Sl of exponentiations. In addition, we use a check mechanism to prevent the case that p1 cheats, but P2 is powerless. Our proposed protocol with an error probability of 2–s of P1 significantly optimizes the communication rounds and computation overheads, solves the selective failure attack, and ensures the consistency of the input.