J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology - Proceedings of the 13th Annual International Cryptology Conference 215 (CRYPTO), volume 263 of Lecture Notes in Computer Science (LNCS), pages 251--260. Springer, 1987.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of 38 users .4 such that only authorized sets of users can jointly compute the function. This is described in more detail in Chapter 2. A good overview of threshold cryptography can be found in [14] Many of the existing threshold cryptosystems make use of homomorphic threshold sharing schemes [3]. Informally, if is a binary operation on the set of secrets and is a binary operation on the set of shares, then a threshold scheme is homomorphic if it has the property that when si is user Ui s share of k and sti is Ui s share of k2, then si sti is Ui s share of 1.13 Zero Knowledge ....

.... sharing schemes provided cr and or have the same access structure PA It was shown in [7] that homomorphisms of threshold sharing schemes, where no algebraic structure is imposed on the set of secrets or the set of shares, is an extension of the notion of homomorphic threshold sharing schemes [3]. With homomorphic threshold sharing schemes, a binary operation is defined on the set of secrets and a binary operation : on the sets of shares Si such that for a threshold scheme cr = 9,7 ) for all (sl, st) sl, s) output by 9, 52 A homomorphism h: cr x cr cr is defined as ....

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. In A. Odlyzko, editor, Advances in Cryptology - Crypro'86 (Lecture Notes in Computer Science 263), pages 251-260. Springer-Verlag, 1987.

....the Public Key of the i th receiver, and sends all encrypted secrets to all receivers. Finally, the sender provides each receiver with a zero knowledge proof that the encrypted messages correspond to the evaluation of a single polynomial over Z 182 (note that this is a NP statement) Recently, Benaloh has presented a much more efficient solution based on the intrac tability of quadratic residuosity [Bena] 4.3 Proving that a String is Pseudorandom The notion of a pseudorandom bit generator, suggested by Blum and Micali [BM] and Yao [Y] is central to cryptography. A pseudorandom bit ....

.... each receiver with a zero knowledge proof that the encrypted messages correspond to the evaluation of a single polynomial over Z 182 (note that this is a NP statement) Recently, Benaloh has presented a much more efficient solution based on the intrac tability of quadratic residuosity [Bena] 4.3 Proving that a String is Pseudorandom The notion of a pseudorandom bit generator, suggested by Blum and Micali [BM] and Yao [Y] is central to cryptography. A pseudorandom bit generator is an efficient deterministic program which stretches a randomly selected n bit long seed into a longer ....

[Article contains additional citation context not shown here]

Benaloh, (Cohen) J.D., "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret", these proceedings.

....a straightforward technique from the cryptographic community. The basic idea is each party divides its input into n parts, and send the n 1 pieces to di#erent sites. To reveal any parties input, n 1 party must collude. The following is a brief summary of the protocol, details can be found in [15]. A slightly more e#cient version can be found in [16] 1. Each site i randomly chooses n elements such that x i = j=1 z i,j mod m where x i is the input of site i. Site i sends z i,j to site j. 2. Every site i computes w i = j=1 z j,i mod m and sends w i to site n. 3. Site n computes ....

J. Benaloh, (Cohen), "Secret sharing homomorphisms: Keeping shares of a secret secret," in Advances in Cryptography - Crypto86 (proceedings), A.M. Odlyzko (ed.), SpringerVerlag, Lecture Notes in Computer Science,Vol.263, 1987, pp. 251--260.

....Desmedt surveys other sharing schemes [12] Our VSR protocol expands on the concept embodied in VSS schemes, that of protecting shareholders from a faulty dealer. Chor et al. present a scheme in which the dealer and shareholders perform an interactive secure distributed computation [11] Benaloh [3], Gennaro and Micali [20, 21] Goldreich et al. [23] and Rabin and Ben Or [34, 36] propose schemes in which the dealer and shareholders participate in an interactive zero knowledge proof of validity; the schemes of Gennaro and Micali and of Rabin and BenOr are information theoretically secure. ....

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Proc. of CRYPTO 1986.

....problem and a plaintext m takes a value of 0 or 1. 3] generalized it to m = 0; 1; r Gamma 1 by using the r th residue problem, where r is a prime number. 9] further generalized it to any r. By combining a secret sharing scheme with the probabilistic encryption scheme of [3] [2] showed an efficient verifiable secret sharing scheme and a fault tolerant election scheme. We apply this technique to a mental card game protocol. We suppose that there are N players. Numbers from 0 to 51 will be used to describe the cards. 2. Public key of each player We use the 53rd residue ....

J. Benaloh, "Secret sharing homomorphisms: Keeping shares of a secret secret", Proc. CRYPTO'86, pp.251--260, 1987

....Desmedt surveys other sharing schemes [Des97] Feldman s VSS scheme [Fel87] is one of several to catch a dealer that attempts to distribute invalid shares. Chor et al. present a scheme in which the dealer and shareholders perform an interactive secure distributed computation [CGMA85] Benaloh [Ben87] Gennaro and Micali [GJKR96, GM95] Goldreich et al. [GMW87] and Rabin and Ben Or [Rab94, RBO89] propose schemes in which the dealer and shareholders participate in an interactive zero knowledge proof of validity; the scheme of Gennaro and Micali, and that of Rabin and Ben Or, is ....

....into the set of homomorphisms. For linear threshold schemes, the homomorphisms are multiplications by scalars i [DJ97] All authorized subsets B are in the access structure P . We represent linear threshold schemes with the tuple f P ; K; S; g. We utilize a homomorphic commitment function C(x) Ben87, Fel87] that maps from plain text to cipher text and is hard to invert. C(x) is such that: C(a b) C(a)C(b) C(ax) C(a) 3) 3.2 Desmedt and Jajodia s secret redistribution protocol Desmedt and Jajodia present a protocol for the redistribution of shares of secrets from threshold ....

Josh Cohen Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Andrew M. Odlyzko, editor, Proc. of CRYPTO 1986, the 6th Ann. Intl. Cryptology Conf., volume 263 of Lecture Notes in Computer Science, pages 213--222. Intl. Assoc. for Cryptologic Research, Springer-Verlag, 1987.

.... In non interactive PVSS we have eliminated even this round of interaction: since any party can verify the output of the dealer, there is no need for the individual participants to check their own shares Homomorphic Secret Sharing The notion of homomorphic secret sharing is due to Benaloh [Ben87a], where its relevance to several applications of secret sharing is described, in particular electronic voting. Informally, homomorphic secret sharing is about combining shares of independent secrets in such a way that reconstruction from the combined shares results in a combined secret. In case of ....

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology---CRYPTO '86, volume 263 of Lecture Notes in Computer Science, pages 251--260, Berlin, 1987. Springer-Verlag.

....using the fields GF (q) instead of Zm . 0.43.9 Threshold schemes and discrete logarithms The discrete logarithm has been widely employed in the literature to transform threshold schemes into conditionally secure schemes with extra properties. This idea is exploited in the papers by: Benaloh [1], Beth [10] Charnes, Pieprzyk and Safavi Naini [27] Charnes and Pieprzyk [28] Lin and Harn [58] Langford [56] and Hwang and Chang [50] It is a consequence of the linearity of equation (3) that Shamir s scheme can be modified to obtain schemes having enhanced properties such as disenrollment ....

....bound on the number of bits required to encode the shares in schemes with disenrollment. Their bound shows that this number grows linearly with the number of disenrollments. They also present two geometric (t; n) threshold schemes which meet this bound. 11 It is interesting to note that Benaloh [1] uses the discrete logarithm to transform Shamir s scheme, to meet a very different purpose. One of the properties of the discrete logarithm is that the sum of the discrete logarithms of the shares of a secret is equal to the discrete logarithm of the product of the shares of the secret. This ....

[Article contains additional citation context not shown here]

J. C. Benaloh. Secret sharing homomorphisms: keeping shares of a secret secret. Proc. Crypto'86. LNCS Vol. 263, Springer-Verlag, Berlin, 1987, pp. 251-260.

....secret could be changed without altering the shares which had been distributed to the participants, while Brickell and Stinson [16] and Tompa and Woll [61] considered schemes 65 that can cope with participants who deliberately try and fool other participants into disclosing their shares. Benaloh [7] designed a scheme that allowed shares to be used to reveal different secrets. Simmons considered two other extended capabilities. In [52] he looked at the problem of verifying that the secret obtained was indeed the correct one and also how to cope with erroneous inputs. In [54] the problem of ....

Benaloh, J.C., Secret Sharing Homomorphisms: Keeping Shares of a Secret Se- cret, Advances in Cryptology - Crypto'86, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag (1986), 251-260.

....a function oneWay, which maps confidential information (e.g. secrets and shares) from a domain D into a new domain R. We call vc.s = oneWay(s) the validity check of s, vc.s = oneWay( s] 1 ) oneWay( s] l ) 6 Any homomorphic non interactive verifiable secret sharing scheme [6] (e.g. Pedersen s scheme in [87] will work in our protocol. See [57] for a presentation and comparison of proactive secret sharing schemes built on Feldman s verifiable secret sharing and ones on Pedersen s. 31 D R # # # # vcConstr oneWay split # oneWay reconstruct vc.s vc.s s s ....

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. M. Odlyzko, editor, Advances in Cryptology---Crypto'86, Conference on the Theory and Applications of Cryptographic Techniques, Santa Barbara, CA USA,

....Desmedt presents a survey of other sharing schemes [7] Feldman s VSS scheme [9] is one of several to catch a dealer that attempts to distribute invalid shares. Chor et al. present a scheme in which the dealer and shareholders perform an interactive secure distributed computation [6] Benaloh [1], Gennaro and Micali [13] Goldreich et al. [14] and Rabin and Ben Or [21, 19] subsequently propose schemes in which the dealer and shareholders participate in an interactive zero knowledge proof of validity; the schemes of Gennaro and Micali, and Rabin and Ben Or, are information theoretically ....

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. M. Odlyzko, editor, Proc. of CRYPTO

....is needed to profoundly cover the aforementioned subtopics. To avoid giving no details whatsoever, a few topics will be chosen and discussed in some depth. We do no longer order the subtopics as we did in Section 4. We first remind the reader when a secret sharing scheme is called homomorphic [5]. 5.1 Homomorphic secret sharing Let (s 1 ; s 2 ; s l ) be a share assignment of the key k and similarly (s 0 1 ; s 0 2 ; s 0 l ) be the shares of the key k 0 . Assume operations, denoted using , are defined on the share spaces and the key space. A secret sharing ....

....sharing Let (s 1 ; s 2 ; s l ) be a share assignment of the key k and similarly (s 0 1 ; s 0 2 ; s 0 l ) be the shares of the key k 0 . Assume operations, denoted using , are defined on the share spaces and the key space. A secret sharing scheme is called homomorphic [5] if ( s 1 s 0 1 ) s 2 s 0 2 ) s l s 0 l ) is a possible share assignment of the key k k 0 . Shamir secret sharing scheme is homomorphic. In fact any secret sharing scheme satisfying (3) in which the shares belong to a module [47] an Abelian group with scalars ....

[Article contains additional citation context not shown here]

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. Odlyzko, editor, Advances in Cryptology, Proc. of Crypto '86 (Lecture Notes in Computer Science 263), pp. 251--260. Springer-Verlag, 1987. Santa Barbara, California, U.S.A., August 11--15.

....1 parties cannot factor the modulus N generated by the protocol. 4 The proof of the lemma is somewhat tedious and is given in Appendix A so as not to distract the reader from the main thrust of the paper. 3 Privately computing products in a group We rst review a simple protocol due to Benaloh [5] that will be used throughout. Let G be a nite group. We write the group action multiplicatively. Suppose each of the k parties has a y i 2 G. They wish to compute y = Q k i=1 y i without revealing any further information about their secret shares y i . Benaloh s protocol, which is k 1 private, ....

....j = 1; k. Then given hy; y i i the simulator simulates this transcript by picking y i;j as random elements in G and picking y j as random elements in G satisfying Q k j=1 y j = y. This is a perfect simulation of the transcript, and hence the coalition learns nothing new from it. See [5] for more details. 4 Distributed biprimality test We begin the detailed discussion of the protocol with the distributed biprimality test (Step 3 of Section 2) Party i has two secret n bit integers p i ; q i . All parties know N where N = pq = P p i ) P q i ) They wish to determine if N ....

[Article contains additional citation context not shown here]

J. Benaloh (Cohen), \Secret sharing homomorphisms: keeping shares of a secret secret," Advances in Cryptology { Crypto '86, Springer-Verlag LNCS 263, pp. 251-260, 1987.

....based on the intractability of factoring which does not su er from the above problems. They call the new protocol veri able secret sharing since now every party can verify that the piece of the secret he received is indeed a proper piece. Their protocol tolerated up to O(log n) colluders. Benaloh [16], and others [76, 63] showed how to achieve veri able secret sharing if any one way function exists which tolerates a minority of colluders. In [20] it has been recently shown how to achieve veri able secret sharing against a minority of colluders using error correcting codes, without making ....

J. Benaloh. Secret sharing homomorphisms: keeping shares of a secret sharing. In A. M. Odlyzko, editor, Proceedings CRYPTO 86, Springer, 1987. Lecture Notes in Computer Science No. 263.

....from the rest. It is accomplished in a similar way. Secret sharing schemes that allow such operations are called proactive. Shamir secret sharing scheme was proposed in [Sha79] Stin95] contains a good chapter on secret sharing. Homomorphism property and verifiable secret sharing are covered by [Ben86]. Generalized secret sharing is described in [BL88] Proactive secret sharing is covered quite well in [HJKY95] 2.2 Probabilistic Public Key Encryption In this section we shall consider properties of probabilistic public key encryption that are relevant from the viewpoint of constructing ....

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. Crypto'86, Santa Barbara, CA (Aug. 1986), 251260

....be applied when e is small) On the plus side, it is k 1 private. Step 1: The parties jointly determine the value of l = mod e. Since l = P i mod e it is possible to compute l without revealing any other information about the private shares. To do so we use a simple protocol due to Benaloh [4] which is k 1 private. Step 2: Let = l 1 mod e. Then, as explained above, d = 1) e. Each party i locally computes: d i = i e As a result we have d = P d i r mod (N) where 0 r k. Step 3: The above sharing of d enables shared decryption [20] using the ....

J. Benaloh (Cohen), \Secret sharing homomorphisms: keeping shares of a secret secret," Crypto '86, 251-260.

....the evaluation of f(s) Clearly, if we consider a family F that includes only the identity function f(s) s, then we get the traditional notion of secret sharing schemes. These schemes, which were introduced by Blakley [8] and Shamir [34] were the subject of a considerable amount of work (e.g. [30, 26, 28, 6, 35, 20]) They were used in many applications (e.g. 31, 5, 15, 19] and were generalized in various ways [22, 7, 36] Surveys are given in [35, 37] The question of sharing many secrets simultaneously was considered (with some di erences in the de nitions) by several researchers [30, 26, 21, 11, 23, ....

....there exist coecients j such that s = P P j 2B j s j (see Appendix B) Since f is linear, f(s) f( P P j 2B j s j ) P P j 2B f( j s j ) Let x j 4 = f( j s j ) Then, f(s) is simply the sum of the x j s. Computing this sum is done using the following interactive protocol of Benaloh [6] (for a more detailed description of this protocol see Appendix C) For convenience of notation, we assume that B = fP 1 ; P 2 ; P t 0 g. In the rst step of the protocol each party P i 2 B chooses t 0 1 random inputs r i;1 ; r i;t 0 1 in GF(2 0 ) computes r i;t 0 4 =x i ....

[Article contains additional citation context not shown here]

J. Benaloh, Secret sharing homomorphisms: Keeping shares of a secret secret, in Advances in Cryptology - CRYPTO '86, A. M. Odlyzko, ed., vol. 263 of Lecture Notes in Computer Science, Springer-Verlag, 1987, pp. 251-260.

....i = Gammap i Gamma q i . Observe that OE(N) P OE i . Step 2: The servers jointly determine the value of = OE(N) mod e. Since = P OE i mod e, it is possible to compute without revealing any other information about the private shares. To do so we use a simple protocol due to Benaloh [3] which is k Gamma 1 private: each server i creates an additive sharing of OE i , namely OE i = P j fl i;j mod e for random fl i;j . It then sends fl i;j to server j. Server j now has fl i;j for all i. It computes the sum ff j = P i fl i;j mod e and sends ff j to all other servers. Then each ....

J. Benaloh (Cohen), "Secret sharing homomorphisms: keeping shares of a secret secret, " Crypto '86, 251-260.

....supported by ONR N0001491 J 1981 and NSF CCR 90 07677. e mail eyalk das.harvard.edu A protocol F is called t private if no coalition containing at most t parties can get any additional information from F s execution. Private computations in this model are the subject of previous research [2, 1, 3, 4, 5, 7]. In particular, the importance of computing the sum privately, was exemplified in [3, 4, 5] An n private protocol for computing this function was presented in [2] The protocol is as follows: 1. Every party P i chooses independently with uniform distribution n Gamma1 elements z i;1 ; z i;2 ; ....

....additional information from F s execution. Private computations in this model are the subject of previous research [2, 1, 3, 4, 5, 7] In particular, the importance of computing the sum privately, was exemplified in [3, 4, 5] An n private protocol for computing this function was presented in [2]. The protocol is as follows: 1. Every party P i chooses independently with uniform distribution n Gamma1 elements z i;1 ; z i;2 ; z i;n Gamma1 in f0; 1; m Gamma 1g. Every party P i computes z i;n such that x i = P n j=1 z i;j mod m and sends z i;j to P j . 2. Every party P i ....

Benaloh (Cohen), J.D., "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret", Advances in Cryptography - Crypto86 (proceedings), A.M. Odlyzko (ed.), Springer-Verlag, Lecture Notes in Computer Science, Vol. 263, pp. 251-260, 1987.

....problem and a plaintext m takes a value of 0 or 1. 3] generalized it to m = 0; 1; r Gamma 1 by using the r th residue problem, where r is a prime number. 9] further generalized it to any r. By combining a secret sharing scheme with the probabilistic encryption scheme of [3] [2] showed an efficient verifiable secret sharing scheme and a fault tolerant election scheme. We apply this technique to a mental card game protocol. We suppose that there are N players. Numbers from 0 to 51 will be used to describe the cards. 2. Public key of each player We use the 53rd residue ....

J. Benaloh, "Secret sharing homomorphisms: Keeping shares of a secret secret", Proc. CRYPTO'86, pp.251--260, 1987

....their shares are correct. The idea about the verifiable secret sharing is an extension of [74] Homomorphic threshold scheme We have found out that the method applied for the secret sharing in [125] is very similar to the ( composite or homomorphic k out of m threshold scheme presented in [9] (Tab.1.4, see also Chap. 3) Each of m group members is given m sub shares s ij , i = 1; Delta Delta Delta ; m; j = 1; Delta Delta Delta ; m, for computing m sub secrets x i , so that the super secret x = x 1 x 2 Delta Delta Delta xm is easily reconstructable given k or more ....

....did not. Until now many voting schemes have been proposed which satisfy different subsets of the ideal voting protocol s properties. There are basically three ways of achieving privacy in the existing voting protocols: 1. anonymous channel (MIX network) 30] 2. voting agencies with shared trust [9] 3. oblivious transfer protocols Chaum [30] introduces a concept of untraceable mail addresses and proposes a voting protocol based on it. Many voting protocols developed later assume the existence of an anonymous channel such as the one in [30] which provides unconditional security against ....

[Article contains additional citation context not shown here]

Benaloh, J.C., Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret (Extended Abstract), Proceedings of CRYPTO 86, Springer Verlag, 251-- 260, 1986

....his input. The inputs of parties which did not broacast properly are revealed by the honest share holders. However, this protocol does not offer any privacy. A correct fault tolerant protocol which offers the maximum degree of privacy allowed by the sum function was recently presented by Cohen [Coh]. In the case of the sum function maximum privacy means that all that a coalition T of faulty processors can efficiently compute after participating in the protocol, can be efficiently computed from their local inputs (fx i : i 2 Tg) and the sum of all local inputs (i.e. P i2N x i ) ....

....can be efficiently computed from their local inputs (fx i : i 2 Tg) and the sum of all local inputs (i.e. P i2N x i ) Equivalently, all they learnt about the local inputs of the other processors is their sum P i2N x i , and this of course can not be avoided. The ideas suggested by Cohen [Coh] do not extend to any other function (except multiplication) since they heavily rely on the homomorphism of the secret sharing scheme with respect to the function f . To the best of our knowledge, no other non trivial protocols which are correct and offer maximum privacy were know until now. 1.3 ....

Cohen, J.D., "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret", technical report YALEU/DCS/TR-453, Yale University, Dept. of Computer Science, Feb. 1986. Presented in Crypto86, 1986.

....infinite) domains. We give a complete characterization of Boolean functions that are l n 2 m private. It is shown that every such function can be expressed as the exclusive or of n Boolean functions, each depending on a single variable. There is a simple n private randomized protocol [Bh] for computing functions of the form f(x 1 ; x 2 ; x n ) f 1 (x 1 ) Phi f 2 (x 2 ) Phi : Phi f n (x n ) Thus our characterization implies that if a Boolean function f is l n 2 m private, then it is also n private. Interestingly, the same characterization remains valid ....

....(x n ) for each x 2 Theta n i=1 A i . We now turn to some implications of theorem 2. First we note that if f : A 1 Theta A 2 Theta : Theta A n f0;1g has the form f(x 1 ; x 2 ; x n ) f 1 (x 1 ) Phi f 2 (x 2 ) Phi : Phi f n (x n ) then there is a very simple protocol [Bh] for computing f n privately. The i th participant locally computes the bit y i 4 = f i (x i ) Then, it picks n Gamma 1 random independent bits y i;1 ; y i;2 ; y i;n Gamma1 , and y i;n such that y i = y i;1 Phi y i;2 Phi : Phi y i;n holds. It sends y i;j to the j th ....

Benaloh (Cohen), J.D., "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret", Advances in Cryptography - Crypto86 (proceedings), A.M. Odlyzko (ed.), Springer-Verlag, Lecture Notes in Computer Science, Vol. 263, pp. 251-260, 1987.

....from inputs of coalition members and the value of the function f(x 1 ; xN ) Ben Or, Goldwasser and Wigderson [1] and Chaum, Crepeau and Damgard [5] have shown that over finite domains, every function can be computed b(N Gamma 1) 2c privately. Some functions, like modular addition [3], are even N private, while others, like Boolean OR, are b(N Gamma 1) 2c private but not dN=2e private [1] These two levels of privacy raise the question whether functions which are t private but not t 1 private, for dN=2e t N Gamma 2, exist. For certain infinite families of ....

Benaloh (Cohen), J.D., "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret ", Advances in Cryptography - Crypto86 (proceedings), A.M. Odlyzko (ed.), SpringerVerlag, Lecture Notes in Computer Science, Vol. 263, pp. 251-260, 1987.

....Chor, Goldwasser, Micali, and Awerbach give a protocol which achieves verifiable secret sharing. However, their method is exponential in the number of shareholders. The application of the encryption method described in this paper to the problem of verifiable secret sharing was first given in [Bena86] in which interactive proof techniques are also required. Feldman ( Feld87] Ben Or, Goldwasser, and Wigderson ( BGW88] Rabin ( Rabi88] and Rabin and Ben Or ( RaBO89] later expanded upon this approach. The basic technique used in all of these methods is to perform computations on shares of ....

Benaloh, J. "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret." Crypto '86, Santa Barbara, CA (Aug. 1986).

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology - Proceedings of the 13th Annual International Cryptology Conference 215 (CRYPTO), volume 263 of Lecture Notes in Computer Science (LNCS), pages 251--260. Springer, 1987.

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. M. Odlyzko, pages 251--260. Springer-Verlag, 1987.

No context found.

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. M. Odlyzko, editor, Proc. of CRYPTO 1986.

No context found.

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Proc. of CRYPTO 1986, the 6th Ann. Intl. Cryptology Conf., vol. 263 of Lecture Notes in Computer Science, pp. 213--222. 1987.

No context found.

Josh Cohen Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Andrew M. Odlyzko, editor, Proc. of CRYPTO 1986, the 6th Ann. Intl. Cryptology Conf., volume 263 of Lecture Notes in Computer Science, pages 213--222. Intl. Assoc. for Cryptologic Research, Springer-Verlag, 1987.

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Proc. Advances in Cryptology (CRYPTO '86), pages 251--260, 1987.

No context found.

J. Cohen Benaloh. Secret sharing homomorphisms: keeping shares of a secret secret. In CRYPTO '86, pages 251--260, Berlin, 1986. Springer-Verlag. Lecture Notes in Computer Science Volume 263.

No context found.

Josh C. Benaloh, Secret sharing homomorphisms: keeping shares of a secret secret, proceedings on Advances in cryptology---CRYPTO '86, pp. 251--260, 1987.

No context found.

Josh Cohen Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A.M. Odlyzko, editor, Advances in Cryptography - CRYPTO86: Proceedings, volume 263, pages 251--260. Springer-Verlag, Lecture Notes in Computer Science, 1986.

No context found.

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. Advances in Cryptology - CRYPTO '86, Lecture Notes in Computer Science, pp. 251-260, Springer-Verlag, Berlin, 1987.

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology - Proceedings of the 13th Annual International Cryptology Conference (CRYPTO), volume 263 of Lecture Notes in Computer Science (LNCS), pages 251--260. Springer, 1987.

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret sharing. In A. M. Odlyzko, editor, CRYPTO86. Springer Verlag, 1987. Lecture Notes in Computer Science No. 263.

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology - Proceedings of the 13th Annual International Cryptology Conference (CRYPTO), volume 263 of Lecture Notes in Computer Science (LNCS), pages 251--260. Springer, 1987.

No context found.

J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. M. Odlyzko, editor, Advances in CryptologyCrypto'86, Conference on the Theory and Applications of Cryptographic Techniques, Santa Barbara, CA USA, 1986.

No context found.

J.C Benaloh, Secret Sharing Homomorphisms: Keeping Shares of a Secret. Proc of CRYPTO'86, Berlin: Springer, 1986.

No context found.

J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology - Proceedings of the 13th Annual International Cryptology Conference (CRYPTO), volume 263 of Lecture Notes in Computer Science (LNCS), pages 251--260. Springer, 1987.

No context found.

J. Benaloh, \Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret," Proc. of CRYPTO '86, Springer-Verlag, pp. 251-260.

No context found.

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. Advances in Cryptology - CRYPTO '86, Lecture Notes in Computer Science, pp. 251-260, Springer-Verlag, Berlin, 1987.

No context found.

J. Benaloh, "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret", Advances in Cryptology - CRYPTO '86, Springer-Verlag, 251-260, 1987.

No context found.

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. Advances in Cryptology - CRYPTO '86, Lecture Notes in Computer Science, pp. 251-260, Springer-Verlag, Berlin, 1987.

No context found.

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. Advances in Cryptology --Proceedings of Crypto '86. Springer Verlag, 1986.

No context found.

J. Benaloh, "Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret," Proc. of CRYPTO '86, Springer-Verlag, pp. 251--260.

No context found.

J. C. Benaloh, Secret sharing homomorphisms: keeping shares of a secret secret, Advances in Cryptology-Crypto'86, LNCS 263, 1987, 251-260.

No context found.

J. Benaloh, "Secret sharing homomorphisms: Keeping shares of a secret secret," in Advances in Cryptology - CRYPTO '86, A. M. Odlyzko, Ed. 1987, vol. 263 of Lecture Notes in Computer Science, pp. 251--260, Springer-Verlag.

No context found.

Cohen, J.D., "Secret Sharing Homomorphisms: Keeping Shares of a Secret", technical report YALEU/DCS/TR-453, Yale University, Dept. of Computer Science, Feb. 1986. Presented in Crypto86, 1986.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC