Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Modules 2–10 stack primitives in a specific order because each later protocol assumes earlier ones as black boxes. Secret sharing (M2) is the representation. Oblivious transfer (M3) is the universal 2PC glue. Garbled circuits (M4) and GMW (M5) are the two major evaluation paradigms — one high-bandwidth constant-round, one low-bandwidth round-heavy. SPDZ (M6) adds malicious security via MACs. Threshold crypto (M7) is MPC applied to key management. PSI (M8) is the most-deployed real-world MPC. Production realities (M9) and hybrid protocols (M10) close the course. The roadmap below names what each module gives you, and what the next module assumes you know.
Each arrow is 'depends on the ideas from'. Follow it as a reading order if you're skipping around.
M1 (you are here): framework — threat models, real/ideal, additive sharing, OT, Yao-millionaires, when-not-to.
M2 → Shamir (t,n) and Lagrange interpolation
(generalization of M1's additive sharing)
|
├──→ M5 (GMW arithmetic) — needs Shamir + Beaver triples
| |
| └──→ M6 (SPDZ) — needs M5 + MACs for malicious security
| |
| └──→ M7 (threshold crypto) — needs M6's preprocessing + DKG
| |
| └──→ M9 (production systems)
|
└──→ M8 (PSI) — uses M2 hashes + M3 OT
M3 → OT + OT extension (IKNP)
(scales M1's single OT to millions)
|
└──→ M4 (garbled circuits) — every gate is one OT
|
└──→ M10 (hybrid MPC+ZK, MPC+FHE)
Every module has the same shape: 8 challenges, 1 project, 1 quiz.
Every course has capstones — MPC has 5, you pick 3 to earn the certificate.
Suggested cadence:
- Days 1-3: M1 (foundations you will reach back to constantly)
- Week 1: M2, M3 (cryptographic primitives)
- Week 2: M4 or M5 (pick one evaluation paradigm, deeply)
- Week 3: M6 (malicious security — this is where real deployments live)
- Week 4: M7 or M8 (pick an applied direction)
- Remainder: M9 + M10, and start a capstone.Use these three in order. Each builds on the one before.
I just finished Module 1 of an MPC course. The course covers shares, OT, garbled circuits, GMW, SPDZ, threshold crypto, PSI, production, and hybrid protocols. Given I learn best by [your pattern — building, reading papers, watching lectures], suggest a week-by-week plan for the rest of the course.
Walk me through the dependency graph between these protocols: Shamir sharing, OT extensions, garbled circuits, GMW with Beaver triples, SPDZ, threshold ECDSA. What does each one assume its inputs already provide, and what does it produce that the next layer uses?
I work in [your domain — e.g. fintech, adtech, genomics, blockchain]. Tell me the two or three MPC deployments in my industry that are public knowledge. For each, name which modules from this course would be most load-bearing if I were to reimplement it, and what parts would still be custom beyond the course material.