A fair and efficient solution to the socialist millionaires' problem

We present a solution to the Tierce problem, in which two players want to know whether they have backed the same combination (but neither player wants to disclose its combination to the other one). The problem is also known as the socialist millionaires' problem, in which two millionaires want to know whether they happen to be equally rich. In our solution, both players will be convinced of the correctness of the equality test between their combinations and will get no additional information on the other player's combination. Our solution is fair: one party cannot get the result of the comparison while preventing the other one from getting it. The protocol requires O(k) exponentiations only, where k is a security parameter. (C) 2001 Published by Elsevier Science B.V.