Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone
University of Waterloo, Canada

Handbook of Applied Cryptography
Chapter 6.

URL: http://www.cacr.math.uwaterloo.ca/hac/

Philip MacKenzie, Alina Oprea, Michael K. Reiter
Bell Labs + Lucent / CMU / CMU

Automatic generation of two-party computations
Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS'03), Washington D.C., USA, Session: Cryptographic protocols/network security, Pp. 210 - 219

URL: http://doi.acm.org/10.1145/948109.948139

We present the design and implementation of a compiler that automatically generates protocols that perform two-party computations. The input to our protocol is the specification of a computation with secret inputs (e.g., a signature algorithm) expressed using operations in the field Z_q of integers modulo a prime q and in the multiplicative subgroup of order q in Z^*_p for q|p-1 with generator g. The output of our compiler is an implementation of each party in a two-party protocol to perform the same computation securely, i.e., so that both parties can together compute the function but neither can alone. The protocols generated by our compiler are provably secure, in that their strength can be reduced to that of the original cryptographic computation via simulation arguments. Our compiler can be applied to various cryptographic primitives (e.g., signature schemes, encryption schemes, oblivious transfer protocols) and other protocols that employ a trusted party (e.g., key retrieval, key distribution).