Lecture Compiling an Honest but Curious Protocol

In previous lectures, the notion of secure multiparty computing was developed. The setting is that there are m parties, each of which has a private input x1, . . . , xm. The goal is to compute f(x1, . . . , xm, R) securely, where R is random coins and “securely” means that no party obtains any more knowledge about other parties’ private inputs than could be obtained if all computation were done through a trusted third party. The setting for this problem can be thought of as computers on a network; personal computation is private but all interparty communication is up for grabs. In previous lectures, Honest but Curious (HBC) security was introduced. In the HBC setting, every party is obliged to follow the protocol, but cannot intentionally “forget” knowledge that it learns during the execution of the protocol. In other words, all parties are curious, in that they try to find out as much as possible about the other inputs despite following the protocol. A protocol is secure in the HBC sense if and only if all parties have no new knowledge at the end of the protocol above what they would have learned from the output of f . Recall the HBC 4 oblivious transfer (OT) protocol: 1