"(T)he book is a pleasure to read, containing sufficient motivation, intuition, and informal discussion as well as detailed proofs of security. The book contains a superb treatment of both general secure two-party computation as well as several efficient protocols in this setting. The first three chapters of the book would serve as an accessible introduction to secure two-party computation for the interested graduate student; the rest of the book is an excellent starting point for the more specialized literature in the field. The book could also serve very nicely as a text for a graduate seminar in this area, or could even be used as a supplementary book at the end of a graduate 'Introduction to Cryptography' class. ... It belongs on the shelf of every researcher interested in this area." Jonathan Katz, SIGACT News Book Review Column 43(1) 2012

and Definitions.- Definitions.- General Constructions.- Semi-honest Adversaries.- Malicious Adversaries.- Covert Adversaries.- Specific Constructions.- Sigma Protocols and Efficient Zero-Knowledge1.- Oblivious Transfer and Applications.- The kth-Ranked Element.- Search Problems.

The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation – both general constructions that can be used to securely compute any functionality, and protocols for specific problems of interest. The book focuses on techniques for constructing efficient protocols and proving them secure. In addition, the authors study different definitional paradigms and compare the efficiency of protocols achieved under these different definitions.

The book opens with a general introduction to secure computation and then presents definitions of security for a number of different adversary models and definitional paradigms. In the second part, the book shows how any functionality can be securely computed in an efficient way in the presence of semi-honest, malicious and covert adversaries. These general constructions provide a basis for understanding the feasibility of secure computation, and they are a good introduction to design paradigms and proof techniques for efficient protocols. In the final part, the book presents specific constructions of importance. The authors begin with an in-depth study of sigma protocols and zero knowledge, focusing on secure computation, and they then provide a comprehensive study of the fundamental oblivious transfer function. Starting from protocols that achieve privacy only, they show highly efficient constructions that achieve security in the presence of malicious adversaries for both a single and multiple batch executions. Oblivious pseudorandom function evaluation is then presented as an immediate application of oblivious transfer. Finally, the book concludes with two examples of high-level protocol problems that demonstrate how specific properties of a problem can be exploited to gain high efficiency: securely computing the kth-ranked element, and secure database and text search.

This book is essential for practitioners and researchers in the field of secure protocols, particularly those with a focus on efficiency, and for researchers in the area of privacy-preserving data mining. This book can also be used as a textbook for an advanced course on secure protocols.