You can use bigger rsa if you want. Or more typically, the ot is used to derive a key which is then used to encrypt an arbitrary length messaging.

Awesome question! Sounds like a research topic!

WARNING! NOT CORRECT (see replies below) Bob cab check this using Alice’s public key. Essentially he can “decrypt” both p0 and p1

p0 and p1 were encrypted with Alice's private key, which means Bob can decrypt them since he knows Alice's public key. Bob also knows V, x0, and x1, so he can then perform the calculation himself to verify that both are correct.

​@@snickers10mNo research paper needed 😁

​@Gvozd111 @gazehound Don't think this is that easy! Bob does not have direct access to the value of p0 or p1 -- only indirect access through m'0 and m'1. Assuming Bob asked for b=1, he doesn't know p0 in order to decrypt it with e If Bob knew p0 and p1, he could calculate both m0 and m1, defeating the point of the algorithm

19:03 It sounds like we'll learn in a part 2 video! He said he wants to show us how this turns into "garbled circuits", which lets us run any algorithm without revealing the inputs. It sounds like that would solve the "find the most money" problem from the intro!

In the example provided, the idea is that everyone at the table wants to know who has the most money, without knowing how much money everyone else has. You can imagine the algorithm as a third party who knows everyone’s wealth and tells everyone who has the most.

OT is at the heart of a field called secure multiparty Computation. You can Google it but the idea is that it allows you to run an encrypted program between several parties. The parties learn nothing about the inputs to the program except the final answer. For example, say I want to train a machines learning model on data from two hospitals. Due to privacy concerns, the hospitals are unable to share the data. However, they both want to learn this model and don't think learning this model itself would be a privacy concern. They can use (many) OT to encrypt their inputs and then train an encrypted model. This model can then be decrypted. Google "secure ml" or "privacy preserving machine learning" for more details. Many other applications exist.

​@@dylankrejci9965I dont get why you'd need to do oblivious transfer for that... the "third party" would just collect everyone's account information, compare them, then print the result of who has the most, right?

A real world use case for this could be for an online card game, where one computer has the whole list of cards but another computer only needs to select, say, five of them. The first computer _doesn't_ have to know _which_ cards the second computer selected, they just send the list and the second computer only gets some of them.

No, you're right. Also, his definition of m* is wrong, it should just be m'_b - k, without the additional "+ p_b".

When he writes m* = mb' - k + pb I think he means m* = mb' - k. Then you get m* = (mb + pb) - k = (mb + k) - k = mb.

The size of n isn't really a factor for that. The size of n affects two things: the level of security you have and the maximum size of a message you can send. The security is affected because n is a composite of two large primes and the harder it is to find those two primes the better your security. N could be 15 which is 5*3, but that might be too easy to figure out. N affects the size because of the use of modulo. The message cannot be bigger than N because if it is when you do any of the modulo arithmetic you will lose some portion of the message that was bigger than N. (i.e. 5 modulo 3 is 2, and nothing you ever do can ever get 5 back out of a modulo 3 operation, so if your n is 3 then your message can only be 0, 1 or 2.)

You send n messages and pick the next largest power of two. You can pretend that the other (empty) messages are random. Bob knows that only the first n messages contain something. So he can (with equal probability) choose one of these. He now knows which keys he needs for this and can request them. They key is that bob can choose what he wants. That means as long as he chooses one of the first n key combinations randomly everything works. Of course bob can still choose a combination that is useless on purpose (say for the n+1st message).

Yes, he got the definition wrong unfortunately.

Yeah I can't imagine how well this scales due to the amount of irrelevant information also received. Like, in an extreme case are you going to download 2TB to get access to your 1GB of data, all in the name of preventing the sending party knowing which data you're interested in?

So the applications of ot are numerous. You can use it to compute "encrypted programs". This is called secure multiparty Computation. In this case we typically do millions or billions of OTs, each with a 1 bit message. Typically we don't use it to download 1TB or the other.

Yes, since Alice is not allowed to know which of the n possible messages Bob decided on, she always has to send (versions of) all of them in this particular protocol.

@@ph1ber Alright. Though while secure, this sounds extremely redundant. If Bob requests 1000 blocks one by one, Alice will have to send 1000000 blocks, 999000 of which would be unreadable and also duplicating.

@@Amonimus If Alice sends 1000 X's, Bob sends back a single V. Alice must then send back another 1000, m'. Bob can only read 1 of those. You seem to have the scaling wrong.

@@Faladrin 1:1000, For 1000 X and 1000 V it would be 1000000 m, no?

​​​​​​@@Amonimus Your scaling is correct: 1000 separate 1-in-1000 transfers results in 1000*1000 m' values sent in total. (GOT from my previous comment helps reduce this by combining the 1000 separate transfers into one). Although keep in mind that the power-of-2 approach used at 17:30 can be used to reduce the number of m' values sent per transfer below 1000. A 1-in-1000 transfer only needs to send 10 pairs of symmetric keys (because 2^10=1024). Edit: actually, nevermind on that last part. That would require the same symmetric keys in every transfer, which has its own security issues.

I'm so pleased I'm not going crazy. I even rewatched it in case I'd missed something! LoL

Incorrect; both result in V, and Alice learns nothing from these calculations. Suppose b=1, so V=x1+k^e. As you propose, Alice first calculates x0+p0^e = x0+((V-x0)^d)^e = x0+V-x0 = V But also Alice calculates x1+p1^e = x1+((V-x1)^d)^e = x1+V-x1 = V I don't think Alice can learn b or k from manipulating V.

I got zero knowledge from it.

the pee pee algorithm

What you propose would work (a single oblivious transfer of n files). He skips to the optimized version of your idea at 15:19, by using bit encoding to reduce the number of transfers needed. In your approach, to send n=1024 files, you need to oblivious transfer 1024 different symmetric keys (one for each file). In his approach, he only transfers 10 pairs of keys (20 keys), taking advantage of 1024=2^10. Your idea works, but his is more optimized.

@@snickers10m Thanks! I did watch that far but did not realize how much more efficient the more complicated method is

​@@77dreimaldie0 To be fair to your idea... sending 10 pairs of symmetric keys isn't *much* more efficient in terms of communication cost since you have to send all 1024 encrypted files anyways as well. (keys are probably much smaller than the files)

@@snickers10mI think it is not so much about optimizing the amount of data that is transferred but rather the number of RSA encryptions and decryptions that need to be performed. Because RSA are computationally very expensive.

you watched a 20 min video in 2 mins?

@@pratikkore7947 Quick comments help with the algorithm and you can always delete or edit them later if you change you mind. I always click the "Like" button before I watch a video just because I am sure I will like by the end. I can always change it later if I change my mind.

Bob does not know d so can't get P0. He can get P1 because of the way V was calculated. Check how he gets P1 at 11:36 and try to do it with P0. It doesn't work.

That's more or less the point of enrolling to "studies" - it's a more narrow look at a domain than highschool, but still a broad look at CS as a whole. If they focus on coding, the database-interested guys will complain. If they focus on networking, the ML-interested guys will complain. And if they focus on maths, everyone will complain :-) It really is up to the student to choose what to focus on at home, even though they can't score higher than an A, but this is how they shape their futures in IT.

When I was studying computer science, it was very focused on theoretical subjects, generally including practical applications of those subjects, but almost nothing business or project-management oriented. I studied at a traditional university about 30 years ago. I'd be curious to know what type of institution you studied at, and when.

I am also curious. I'm afraid this sounds like a specific job or trade prep program, catering to the training needs of a specific position for particular companies, rather than a "computer science" program. If the institution placed excessive emphasis on the job at the end, I imagine this experience is what you'd get. To be clear, that's not inherently bad except it seems you were given the wrong idea of what you were getting into. A job focused program is usually called something else, like a "coding boot camp".

It was Greenwich university England London I finished 3 years ago and before that I studied at Middlesex university for 2 years and transferred. It was the same at both places (Middlesex was worse though). No it wasn't a business course. No it wasn't a shady university. Yes they were proper Computer science degree courses. Yes they are traditional universities. No I didn't study 30 years ago, I studied 3 years ago.

Checking their program online, it's narrower than what I'd expect for "computer science", and IMO mixes in a lot of what's better labeled as information technology than computer science. It's already a short 3-yr full time program, plus the last year is project focused as you mentioned. The most advanced CS-sounding class is optional in year 2, "Data Structures and Algorithms", and would usually be a prerequisite for topics like in this video. Their specializations are only "Information Systems or Networking" and their course selection seems to reflect that they don't really seem to have expertise in other things. For an example comparison, look at Cornell University and their Computer Science "Vectors". If you're interested in learning those topics (outside of any degree), perhaps Google for and browse courses' syllabuses and look for lectures following those lesson outlines. Considering prerequisites, start around 1.5 years into the program, with 2000 and 3000 level courses, before the more advanced Vectors. (Note that the final year at Cornell is also project focused, so don't feel too "behind".)

might look into something called "KZbin reVanced"... as far as I can tell, it only works for mobile devices and it's a bit of a pain to set up... but it's working fine for me. Knock on wood, haven't been blocked from anything on KZbin for using it yet.

hey man, that's cool, next time, keep it to yourself 👍

@@jonathangjertsen3450no

Lol cringe loser getting mad on the internet

@@jonathangjertsen3450 It's a true statement. Quit whining.

@@misterhat5823 Not really. It's an opinion stated in the haughtiest most obnoxious way possible. Absolutely embarrassing for all parties involved

Not boring, but I certainly couldn't follow it.