Ryan Lehmkuhl

1. Why didn't this paper use a generic secure two-party computation library to implement the desired functionality? After all, there are a bunch of such libraries available as open-source and they can compute arbitrary functions including those in this paper.

Because general 2PC libraries have a lot of overhead associated with them since they are so powerful. By choosing to build a protocol for a specific operation, the result is much faster and more efficient. 


2. You are designing a security system for some task and at some point, you need an untrusted server to add up plaintext values. You do not want the server to see the plaintext values so you encrypt them before storing them at the server.  What encryption scheme would you employ that enables the server to perform the desired addition? How about XOR? One example (other than FHE) for each suffices.

The Pailler cryptosystem is additively homomorphic and so would satisfy this requirement. The QR cryptosystem is homomorphic with respect to XOR.