(... crypto bite to be written)


The GMW Protocol is due to [GMW87]. Oded Goldreich provides a much better presention in [FOC2, Chapter 7.5].

Benny Pinkas talk "The GMW Multi-Party Protocol and Oblivious Transfer Extension" up to 27:16 at the 5th BIU Winter School for Cryptography, Advances in Practical Multiparty Computation, February 15-19 2015, organized by the Center for Research in Applied Cryptography and Cyber Security, Bar-Ilan University. Slides up to page 15.

Vinod Vaikuntanathan explains the GMW protocol for the easier to understand two-party case in lecture L19, Oblivious Transfer, Two Party Computation of an advanced course, starting at 57:00:

If you're interested in optimizations for both Yao and GMW, the talk "Optimizing Yao and GMW for Semi-Honest Adversaries" by Yehuda Lindell speaking for Thomas Schneider who couldn't attend the Winter School, might be instructive. Slides.


  • [GMW87] Oded Goldreich, Silvio Micali, Avi Wigderson: How to Play ANY Mental Game, or A Completeness Theorem for Protocols with Honest Majority. In: STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing, pages 218-229. (acm.org paywalled, full pdf stoc (upside-down), another version preferred by Oded Goldreich)
  • [FOC2] Oded Goldreich: Foundation of Cryptography, Volume 2: Basic Applications. (book homepage)