[0. Summary]

1. The third paragraph of Sec. IV describes a naive solution that provides the desired security, but is too slow. The Evaluator evaluates a monolithic garbled circuit. But the authors have not fully specified this naive protocol; they did not say which party(ies) create(s) this garbled circuit (i.e., which party is the garbler - Sec III.B), leaving it for the reader to fill in the missing information. So: which party(ies) from their system model creates the garbled circuit?