



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Secure Multiparty Computation (specifically part III)—and the instructor. SMC is a field of cryptography where multiple parties can jointly compute a function over their private inputs without revealing those inputs to each other.
Typology: Study notes
1 / 7
This page cannot be seen from the preview
Don't miss anything!




Slide 1: Title Slide Explanation: This is the introduction. It tells us the topic—Secure Multiparty Computation (specifically part III)—and the instructor. SMC is a field of cryptography where multiple parties can jointly compute a function over their private inputs without revealing those inputs to each other. Example: Imagine two hospitals want to find out how many patients they have in common to coordinate care, but neither hospital is allowed to see the other's patient list. Secure Multiparty Computation provides the tools to do this. Slide 2: Yao’s 2-PC Protocol (The Problem) Explanation: This slide introduces a classic problem solved by a famous protocol called Yao's 2-Party Computation (2-PC). Two people, Alice and Bob, each have a private list (their phonebooks). They want to find out which contacts they share without showing each other their full lists. Example:
Part 2: Types of Bad Guys (Adversaries)
Limitation: Building and sending the entire circuit requires a lot of communication bandwidth, which can be slow. Slide 13: Comparison of PSI Approaches Explanation: This table summarizes the trade-offs between the different methods.
MCQ Set: Secure Multiparty Computation & PSI
1. What is the primary goal of Private Set Intersection (PSI)? A) To merge two sets into one larger set B) To compute the union of two private sets without revealing non-common elements C) To compute the intersection of two private sets without revealing non-intersecting elements D) To encrypt both sets and store them in a public database 2. In Yao’s 2-PC protocol for PSI, what is used to allow Bob to provide his input without revealing it to Alice? A) Symmetric encryption B) Digital signatures C) Oblivious Transfer (OT) D) Hash functions 3. Which attacker model follows the protocol correctly but tries to learn extra information from exchanged messages? A) Malicious adversary B) External eavesdropper C) Semi-honest (honest-but-curious) adversary D) Denial-of-service attacker 4. Why is the naïve hash-based PSI approach insecure against a dictionary attack? A) Hashes are too long B) The hash function is kept secret C) An attacker can precompute hashes of likely inputs and compare them to intercepted hashes D) Hashes cannot be transmitted over a network 5. In the Paillier-based PSI protocol, who decrypts the final encrypted differences? A) Bob B) Both Alice and Bob C) Alice D) A trusted third party 6. What is a major limitation of using Garbled Circuits for PSI? A) It is extremely fast for large datasets B) It leaks the size of the sets C) It requires high communication overhead D) It only works with numbers, not strings 7. Which PSI approach is best suited for very large datasets (over 1 million items)? A) Naïve hash-based PSI B) Paillier homomorphic encryption C) Garbled Circuits D) Specialized protocols optimized for performance and low communication 8. In the Paillier PSI protocol, if Alice has n n items and Bob has m m items, how many encrypted differences are computed? A) n+m n + m B) n×m n × m