Seminar on Secure Multi-Party Computation
Id: 0368-4182-01

Ran Cohen and Iftach Haitner

Tuesdays: 10:00-12:00, Room: Schriber 008

In Secure Multiparty Computation, two or more parties wish to jointly compute a function of their inputs in a secure manner: the outputs received by the parties are correctly distributed, and the privacy of each party’s input is preserved as much as possible, even in the presence of adversarial behavior. Formally defining secure multiparty computation and implementing the secure computation for many functions of interest, is arguably one of the great achievements of theoretical cryptography. The seminar will not follow any specific text, references to the relevant material for each lecture will be given in the seminar website.

In each meeting one student will cover a single topic as listed below.

Prerequisites

This is an advanced seminar, so background in the theory of computation (Algorithm, Computability, Complexity) is required. Students with particularly strong math background are also welcome. Cryptography course, like Foundation of Cryptography or Introduction to Modern Cryptography, is recommended but not required.

Undergrad students

Third year students who are willing to work hard, are welcome to join the seminar, but please consult me via email before registering.

Presentations

Power Point presentations are acceptable, but white boards ones are preferable.
To do a good job one needs to read background material, see the reading section.
In addition, the speakers of the week will have to give me a practice talk a week before (right after the talk of that week).

Topics and schedule

(see Additional reading for further reading on your lecture topic)

#	When	Who	What
1	14/03	Ran Cohen	Introduction [slides]
2	21/03	Nathanel Ozeri	Definitions for two-party computation (semi-honest and malicious) [HL10] sections 2.1-2.3
	28/03	NO CLASS
3	04/04	Shlomi Shamir	Yao's Garbled Circuit (semi-honest two-party protocol) [HL10] sections 3.1-3.4 (section 3.2 only at a high level)
4	05/04 (Wednesday!)	Gal Arnon	Oblivious transfer 1-out-of-k OT from 1-out-of-2 OT: [BCR86] section 2.2 Precomputing OT: [Bea95] sections 3.1 and 3.2 OT extension: [Bea96] section 3 OT is symmetric: [WW06] section 4
5	25/4	Noam Nissan	GMW protocol (semi-honest multi-party protocol) [Gol04] sections 7.3.3, 7.3.4, and 7.5.2
6	09/05	Assaf Yifrach	BGW protocol (unconditionally secure MPC for honest majority) [AL17] sections 3 and 4
7	16/05	Adam Alon	BMR protocol (constant-round MPC) [BNP08] sections 3 and 4
8	23/05	Jhonatan Tavori	GMW compiler (enforcing semi-honest behavior) [Gol04] sections 7.4.1, 7.4.3, and 7.4.4
9	06/06	Alon Resler	IKOS zero-knowledge proofs (two-party ZKP from MPC) [IKOS09]
10	13/06	Lev Pachmanov	Cut and choose (Yao's protocol for malicious adversaries) [LP12]
11	20/06	Doron Sobol and Rotem Tsabary	Sigma protocols [HL10] section 6
12	27/06	David Tsiris	Secure computation of specific functionalities Finding the median: [HL10] chapter 8 Private set intersection: [FNP04]

Additional Reading

Lecture 2
- [Gol04] Section 7.2
- First BIU winter school (Lindell) [video]
- Fifth BIU winter school (Lindell) [video]
Lecture 3
- [LP09]
- First BIU winter school (Lindell) [video]
- Fifth BIU winter school (Pinkas) [video]
Lecture 4
- [IKNP03] (introduction)
Lecture 5
- [GMW87]
- First BIU winter school (Pinkas) [video]
- Fifth BIU winter school (Pinkas) [video]
Lecture 6
- [BGW88]
- First BIU winter school (Pinkas) [video]
Lecture 7
- [BMR90]
- Fifth BIU winter school (Pinkas) [video]
Lecture 8
- Fifth BIU winter school (Lindell) [video]
Lecture 9
- First BIU winter school (Ishai) [video] (first half an hour)
Lecture 10
- First BIU winter school (Lindell) [video]
Lecture 11
- First BIU winter school (Lindell) [video]
- Fifth BIU winter school (Lindell) [video]
Lecture 12
- [AMP10]
- Fifth BIU winter school (Pinkas) [video]

References

[AL17] G. Asharov and Y. Lindell. A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation. Journal of Cryptology, 30(1): pages 58-15, 2017.
[AMP10] G. Aggarwal, N. Mishra and B. Pinkas. Secure Computation of the Median (and Other Elements of Specified Ranks). Journal of Cryptology, 23(3): pages 373-401, 2010. (Extended abstract appeared in EUROCRYPT 2004.)
[BMR90] D. Beaver, S. Micali and P. Rogaway. The round complexity of secure protocols. In 22nd STOC, 503–513, 1990.
[Bea95] D. Beaver. Precomputing Oblivious Transfer. In CRYPTO 1995, pages 97-109.
[Bea96] D. Beaver. Correlated Pseudorandomness and the Complexity of Private Computations. In 28th STOC, pages 479-488, 1996.
[BGW88] M. Ben-Or, S. Goldwasser and A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computations. In 20th STOC, pages 1-10, 1988.
[BNP08] A. Ben-David, N. Nisan and B. Pinkas. FairplayMP: a system for secure multi-party computation. ACM CCS 2008: 257-266.
[BCR86] G. Brassard, C. Crépeau and J. Robert. All-or-Nothing Disclosure of Secrets. CRYPTO 1986, pages 234-238.
[FNP04] M. J. Freedman, K. Nissim and B. Pinkas. Efficient Private Matching and Set Intersection. EUROCRYPT 2004, pages 1-19.
[GMW87] O. Goldreich, S. Micali and A. Wigderson. How to Play Any Mental Game – A Completeness Theorem for Protocols with Honest Majority. In 19th STOC, pages 218–229, 1987.
[Gol04] O. Goldreich. Foundations of Cryptography: Volume 2 – Basic Applications. Cambridge University Press, 2004.
[HL10] C. Hazay and Y. Lindell. Efficient Secure Two-Party Protocols: Techniques and Constructions. Springer, 2010.
[IKNP03] Y. Ishai, J. Kilian, K. Nissim, E. Petrank. Extending Oblivious Transfers Efficiently. In CRYPTO 2003, pages 145-161.
[IKOS09] Y. Ishai, E. Kushilevitz, R. Ostrovsky and A. Sahai. Zero-Knowledge Proofs from Secure Multiparty Computation. SIAM Journal of Computation 39(3): 1121-1152, 2009. (Extended abstract appeared in STOC 2007.)
[LP09] Y. Lindell and B. Pinkas. A Proof of Security of Yao’s Protocol for Two-Party Computation. Journal of Cryptology, 22(2):161–188, 2009.
[LP12] Y. Lindell and B. Pinkas. Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer. Journal of Cryptology, 25(4):680-722, 2012. (Extended abstract appeared in TCC 2011.)
[WW06] S. Wolf and J. Wullschleger. Oblivious Transfer Is Symmetric. In EUROCRYPT 2006, pages 222-232.

Seminar on Secure Multi-Party Computation Id: 0368-4182-01