Secure two-party computation is motivated by Yao's millionaires problem: suppose that two millionaires would like to know who is richter without revealing their own wealth. This idea can be formulated more general: Consider Alice has private input x and Bob has input y and they wish to compute the function f(x,y) securely. This lecture gives a comprehensive introduction to secure two and multi-party computation. We will cover the following topics:

• Security definition of secure two and multi-party computation

• Yao's garbled circuit

• Optimizations for Yao's garbled circuit

• General transformations for malicious security

• Applications of secure two- and multi-party computation

• Selected state-of-the-art results

Lernziele und Kompetenzen:

Verstehen

Die Studierende verstehen die verschiedenen Sicherheitsdefinitionen und grundlegenden Protokolle.

Analysieren

Die Studierende können die Sicherheit der Protokolle analysieren.

Evaluieren (Beurteilen)

Die Studierende können die Eigenschaften der Protokolle vergleichen und je nach Anwendung das passende Protokoll auswählen.