• Instructor:

  • Logistics:

  • Class timing: Monday and Wednesday (3:30 - 5 pm)
  • Venue: CSA 252

  • Importance & Objective of the Course:

The fantabulous journey of Secure Computation had originated with the seminal work of Andew Chi Chih Yao published in Foundation of Computer Science (FOCS'82). The idea of secure computation is so groundbreaking that Yao was bestowed with the prestigious Turing Award in 2000. It feels wonderful to offer a course that is first of its kind in India. For more details, follow this link

  • Course Syllabus:

Models of Secure Computation: Honest vs. Dishonest majority settings, semi-honest vs active(malicious) adversary, static vs. adaptive computation, computational vs. information theoretic security, synchronous vs. asynchronous network. Introduction to various primitives.

Defining Secure Computation: Computational/statistical Indistinguishability, Real-Ideal World or Simulation-based Security notions.

Secure computation with semi-honest security: Secret Sharing Schemes, Oblivious Transfers (OT) and Extensions, Circuit Garbling, BenOr-Goldwasser-Wigderson (BGW) Construction, Goldreich-Micali-Wigderson (GMW) construction, Yao construction, BMR construction.

Secure computation with Active security: Verifiable Secret Sharing, Commitment Schemes, Zero-knowledge Protocols, BGW Construction with active security, GMW Compiler for active corruption, More Efficienct Constructions.

  • Grading:

  • Scribe (30% ): Every student must scribe two or three lectures based on the strength of the class. The scribe submission deadline is one week after the class; e.g. a scribe for a lecture on 10th must be submitted by the midnight of 17th.The template tex file for a scribe can be downloaded from here. As you have guessed, the submission must be in Latex. To get first-hand ideas about how to scribe, please have a look at some examples from here.
  • Projects (50%): The course requires every student to carry out one project. The project will be either theoretical or practical in nature. The theoretical projects will involve answering deep and exiciting theoretical questions in the secure computation literature. On the other hand, the practical projects will involve implementing and improving challenging practical secure computation tasks. The project may lead to a publication! A list of theoretical & practical projects will be pproposed during the lectures. The students are free to choose a project that catch their fancy. The students may also propose their own projects.
  • "Chalk & Talk" Seminar (20%): The goal of this session is to cover breadth of the course. Topics will be suggested as and when the course proceeds. The topics may be related to the projects. Each student has to make two presentations overall.

  • Reading Material and References:

Reference Books:

  • Efficient Two-party Protocols- Techniques and Constructions by Carmit Hazay and Yehuda Lindell. Springer.
  • Secure Multiparty Computation and Secret Sharing - An Information Theoretic Appoach by Ronald Cramer, Ivan Damgaard and Jesper Buus Nielsen. Cambridge Press.
Some useful links on Secure Computation:

Lecture Details

Lecture 1: Introduction. Slides [ppt]

Lecture 2: Expanding the scope of MPC. Various network Models. Slides [ppt]

Lecture 3: Expanding the scope of MPC. Various adversary Models. Slides [ppt]

Lecture 4: Defining Security. Real/Ideal World Security Paradigm. Slides [ppt]

Lecture 5: Defining Security. Distinguishing between deterministic and randomized functions in the Real/Ideal World Security Paradigm. Slides [ppt]

Lecture 6: Impossibility of (a) i.t. MPC with t > n/2 and (b) asynchronous perfect MPC with t > n/4. Slides [ppt]

Lecture 7: BGW I. Slides [ppt]

Lecture 8: BGW II. Slides [ppt]

Lecture 9: Circuit Garbling, Yao I. Slides [ppt]

Lecture 10: Circuit Garbling, Yao II. Slides [ppt]

Lecture 11: GMW I. Slides [ppt]