So here's the goal of secure computation. Let's suppose Alice and Bob meet at a conference.
They don't yet know each other despite the fact that they've been talking to each other
through units 1 through 6, but let's pretend they're not quite so friendly yet,
and they both have their smart phones.
On their smart phone, they have an address book.
What they want to do is figure out, do they know any of the same people?
This is a pretty common occurrence at conferences.
Often, the way people do this is the slow, "Were you ever at this place?"
"Do you know someone here?" "Do you know anyone there?"
They want to do it more efficiently, so what they'd like to do is have a protocol
that allows them to compare their address books and find all the people they know in common.
In this case, it would match Dennis since they both know the same Dennis and then they would
see the matches but not reveal anything else about their address book to the other person.
They want to do this by executing some protocol
where at the end of the protocol both parties would know the matching entries
but not learn anything else about the other person's address book.
More generally, we have two parties - A and B. They have some private information.
They want to perform some secure computation,
and at the end of that they learn the result of some function on both of their inputs,
but they don't learn anything about the other party's input.
Now it's time for a question.
It's sort of a trick question, but if you were paying attention at the beginning of this unit,
you'll be able to answer it correctly.
Can we achieve this property using cryptography?
