# Efficient Secure Two-Party Protocols: Techniques and Constructions

## Carmit Hazay and Yehuda Lindell

Efficient Secure Two-Party Protocols: Techniques and Constructions, published in November 2010 by Springer, presents a comprehensive study of efficient protocols and techniques for secure two-party computation - both general constructions that can be used to securely compute any functionality, and protocols for specific problems of interest. The book focuses on techniques for constructing efficient protocols and proving them secure. In addition, we study different definitional paradigms and compare the efficiency of protocols achieved under these different definitions.

This book is useful for practitioners and researchers in the field of secure protocols, particularly those with a focus on efficiency, and for researchers in the area of privacy-preserving data mining. This book can also be used as a textbook for an advanced course on secure protocols.

The preface, table of contents and introduction are available for perusal, and a review of the book that appeared in SIGACT NEWS can be found here.

### Purchase Information

Those with access to SpringerLink can read the book online here. The book can be purchased directly from the publisher or from Amazon.

Errata:

1. Page 12, "every circuit of the gate": it should say "every gate of the circuit". In addition, it is actually every AND gate (XOR gates are computed without any interaction).
2. Page 34, "Send input to trusted party": the adversary can send cheati, as well as aborti and corruptedi.
3. Page 39, 9th line of second paragraph: the deterministic functionality should be f' and not g.
4. Page 59, Definition 3.2.2: the definition should say for every positive polynomial.
5. Page 62, step 2 of the protocol: the value w_{1-\sigma} is chosen from the range of f (note that the domain equals the range since f is a permutation, but conceptually we choose this from the range).
6. Page 79, lines 6-7 from the top: P1 and P2 should be reversed.
7. Page 79, paragraph titled "symmetric computations": the expected number of decryptions is 5 per gate, and not 4 (the average of 2,4,6,8).
8. Page 154, first line of the proof: it should say "we now prove" and not "we know prove".
9. Pages 161-163: There is an error in the analysis in the proof of Theorem 6.5.2. The fix, as well as a (lengthy) explanation of what the problem was appears here.
10. Page 164, line 4 after the protocol description: it should say (x,r),(x',r') and not (x,r),(x',r).
11. Page 184, 3rd paragraph of the proof: it should say "Let R* be an arbitrary receiver" and not sender.
12. Pages 214-216: there is confusion caused by an ambiguous definition of which value to take when the size of the list is even.
We thank Ran Cohen, Joseph Jaeger, and Roee Sefi for pointing out the above errata.