BEAVER, D., AND GOLDWASSER, S. Multiparty computation with faulty majority. In Proc. Advances in Cryptology (CRYPTO 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....a single execution of the protocol takes place. This model allowed for relatively concise problem statements, and simpli ed the design and analysis of protocols. Indeed, this relatively simple model is a natural choice for the initial study of protocols. Some of the many works in this model are [43, 4, 25, 36, 47, 33, 28, 3, 15, 2, 34, 38, 44, 31]. IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, NY 10598, USA. email: canetti watson.ibm.com Department of Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel. email: lindell wisdom.weizmann.ac.il Telcordia Technologies, MCC 1C357B, 445 South ....

D. Beaver, and S. Goldwasser, Multiparty Computation with Faulty Majority, FOCS 89.

.... less than n=2) may be achieved in a constant number of rounds using the protocol of Beaver, Micali and Rogaway [6, 33] Secure mpc with dishonest majority (i.e. where up to n 1 players may be corrupted) can be achieved in O(n) rounds using the protocols of Beaver, Goldwasser, and Levin [5, 26]. Actually, these works show a protocol requiring O(k n) rounds where k is the security parameter. Using the techniques of [30] however, this may be improved to O(n) Canetti, et al. 11] give a protocol tolerating adaptive adversaries controlling a dishonest majority in a model in which a ....

....i and hence prove a false statement (or, at least, one for which P j does not explicitly know a witness) to P k . In particular, this is always possible without some mechanism to prevent simple copying of proofs. An alternate approach one taken by previous work in the case of dishonest majority [5, 26] is to have each pair of parties execute their proofs sequentially over a total of n stages of the protocol. In stage i, player P i proves knowledge (in parallel) to all other players. This clearly avoids the malleability problem discussed above, but results in an O(n) round protocol. In ....

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Science, pages 589-590. IACR, Springer-Verlag, Aug. 1989.

....An mpc protocol allows players with inputs x1 ; xn to evaluate some function f(x1 ; xn) such that the adversary can neither corrupt the output nor learn any information beyond the value of f . We give two ways to apply our detectable broadcast protocol to the generic construction of [15, 2, 14] to remove the assumption of a broadcast channel. In independent work, Goldwasser and Lindell [17] give a di erent, more general transformation, which also eliminates the use of a broadcast channel. Their transformation achieves a weaker notion of agreement than ours honest players may not always ....

.... On the other hand, that transformation is more ecient in round complexity and satis es partial fairness (which is not satis ed by the more ecient of our transformations) Additionally, they analyze the behaviour of their transformation with respect to arbitrary mpc protocols, not only that of [15, 2, 14], and with respect to concurrent composition. Finally, it can be observed that, in order to achieve detectable broadcast or multi party computation, no prior agreement among the players is necessary. This implies that such a protocol can be spontaneously initiated by any player at any time. It ....

[Article contains additional citation context not shown here]

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Advances in Cryptology: CRYPTO '89, pages 589-590, Berlin, Aug. 1990. Springer.

.... Chaum, Crepeau, and Damgard s protocol for computing XOR and AND based on the existence of secure blobs[CCD88] Ben Or, Goldwasser, and Wigderson s protocols for arithmetic operations c Delta x; x y and x Delta y to simulate arbitrary logical circuits[BGW87] and other protocols including [BFKR90, RB89, BMR90, BG89]. While these protocols can be used to simulate ar bitrary circuits, and thus solve any computable problem, they require extensive communication and computation. They can have a dramatic explosion of communication phases the number of communication phases can be a constant multiple of the ....

D. Beaver and S. Goldwasser, Multiparty Computation with Faulty Majority, Proc. of FOCS, 1989, pp.468-473.

....apply only to case of honest majority. That is, they are realizable only if the adversary controls less than half of the parties. If the adversary controls half of the parties or more then our requirements have to be weakened somewhat. Yet, the general approach will remain largely unchanged. See [3, 22] for discussions and protocols for this dishonest majority case. See [20] for a treatment of the important special case where only two parties are involved, one of which is corrupted. In addition, the definitions are presented for the problem of multi party function evaluation. That is, the ....

D. Beaver and S. Goldwasser, "Multi-party computation with faulty majority", 30th FOCS, 1989, pp. 468-473.

....corrupted at any time. When half or more of the parties are corrupted the definition has to be weakened somewhat. Essentially, now an active adversary cannot be prevented from interrupting the computation at any time. Yet, the general definitional approach will remain 5 largely unchanged. See [y86, gmw87, bg89, gl90, g98] for definitions and protocols for the case of dishonest majority. Differences from previous definitions. While being inspired by Micali and Rogaway [mr91] and following the approach of [b91, c95] quite closely, the formalization here differs in several aspects. Let us highlight two points of ....

D. Beaver and S. Goldwasser, "Multi-party computation with faulty majority", 30th Symp. on Foundations of Computer Science (FOCS), IEEE, 1989, pp. 468-473.

....our three party model in that it guarantees fairness against one malicious party, but T needs to be always involved. Fair protocols for two party computation (and extensions to multiple parties) have previously been investigated by Chaum, Damg ard, and van de Graaf [13] by Beaver and Goldwasser [5], and by Goldwasser and Levin [27] They combine oblivious circuit evaluation with gradual release techniques to obtain fairness, but without focus on particularly ecient protocols. Feige, Kilian, and Naor [24] study an extension of the multi party secure computation models using a third party T ....

D. Beaver and S. Goldwasser, \Multiparty computation with faulty majority (extended announcement)," in Proc. 30th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 468-473, 1989.

.... supplied by a (trusted) outside source, constructed by a special purpose physical device, or (perhaps more likely) chosen by joint evaluation of a circuit for computing such an n which is supplied with random inputs by the participants (see [GMW86] GMW87] BGW88] CCD88] RaBe89] Beav89] [BeGo89], GoLe90] MiRa90] and [Beav91] for work on secure multiparty computation) Since this n need be selected only once and may thereafter be used continuously, any extraordinary effort which may be required to construct such an n may be warranted. Once n has been selected, a starting value x is ....

Beaver, D. and Goldwasser, S. "Multiparty Computation with Faulty Majority. " Proc. 30 th IEEE Symp. on Foundations of Computer Science, Research Triangle Park, NC (Oct.--Nov. 1989), 468--473.

....and Damgard [10] and Goldreich [16] how to securely perform any functionality of the parties inputs when the adversary corrupts up to a constant fraction of the parties. Limited security can be maintained even if the majority of the parties are corrupted as was shown by Beaver and Goldwasser [4] and Goldwasser and Levin [19] Is it reasonable to assume that (even uncorrupted) parties scrupulously follow their protocol In a distributed environment where no party is thoroughly trusted it may sometimes be more reasonable to assume that any party would deviate from its protocol, if this ....

....similar to the weakly honest parties of Canetti at al. 7] LHL parties allow even more extreme deviations from the protocol, not considered there at all. Our protocols should be contrasted with the protocols that protect against a dishonest majority of corrupted parties of Beaver and Goldwasser [4] and Goldwasser and Levin [19] There is a crucial difference in the problem formulations, and the results achieved) we are not concerned with large coalitions of arbitrarily malicious parties. Instead, we show how to deal with a situation where in addition to a modestly sized totally dishonest ....

[Article contains additional citation context not shown here]

D. Beaver and S. Goldwasser, "Multi-party computation with faulty majority", 30th FOCS, 1989, pp. 468-473.

....are corrupted at any time. When half or more of the parties are corrupted the definition has to be weakened somewhat. Essentially, now an active adversary cannot be prevented from interrupting the computation at any time. Yet, the general definitional approach will remain largely unchanged. See [40, 26, 3, 28, 23] for definitions and protocols for the case of dishonest majority. Relation to the [2, 7] definitions. Although [2, 7] share the same definitional approach, their actual formalizations suffer from shortcomings and unnecessary complexities that are cleaned up here. Let us highlight two such ....

D. Beaver and S. Goldwasser, "Multi-party computation with faulty majority", 30th FOCS, 1989, pp. 468-473.

....private channels) and possibly signatures (to emulate broadcast) We stress that the latter refers only to multi party computations with honest majority. Author s Note: Credits for section 4.3 include mobile adversaries [54] asynchronous [7] adaptive [4, 17] incoercible [18] For 4. 4, use [3, 45]. Definitional treatments. Our definitions follow the treatments of [45, 50, 2, 13, 14, 15] and are most similar to those in [13, 14, 15] From our point of view, which is focused on the constructions (i.e. the protocols and their proof of security) these alternative definitional treatments ....

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Crypto89, Springer-Verlag Lecture Notes in Computer Science (Vol. 435), pages 589--590.

No context found.

BEAVER, D., AND GOLDWASSER, S. Multiparty computation with faulty majority. In Proc. Advances in Cryptology (CRYPTO 1989.

No context found.

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Crypto89, Springer-Verlag Lecture Notes in Computer Science (Vol. 435), pages 589--590.

No context found.

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Proc. 30th FOCS, pp. 468-473. IEEE 1989.

No context found.

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Advances in Cryptology | CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 589-590. IACR, SpringerVerlag, Aug. 1989.

No context found.

Donald Beaver and Shafi Goldwasser. Multiparty computation with faulty majority (extended announcement). In 30th Annual Symposium on Foundations of Computer Science, pages 468--473, Research Triangle Park, North Carolina, 30 October--1 November 1989. IEEE.

No context found.

D. Beaver and S. Goldwasser, Multiparty computation with faulty majority, in Proc. 30th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 468473, 1989.

No context found.

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Advances in Cryptology --- CRYPTO '89 [30], pages 589--590.

No context found.

Donald Beaver and Shafi Goldwasser. Multiparty Computation with Faulty Majority. In Gilles Brassard, editor, Advances in Cryptology, Proceedings of CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 589--590. Springer-Verlag, 1990.

No context found.

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Crypto89, Springer-Verlag Lecture Notes in Computer Science (Vol. 435), pages 589--590.

No context found.

D. Beaver and S. Goldwasser. Multiparty computation with faulty majority. In Science, pages 589--590. IACR, Springer-Verlag, Aug. 1989.

No context found.

D. Beaver and S. Goldwasser. Multiparty Computation with Faulty Majority. In 30th FOCS, pages 503-- 513, 1990.

No context found.

D. Beaver and S. Goldwasser, Multiparty computation with faulty majority, in Proc. 30th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 468-473, 1989.

No context found.

D. Beaver, and S. Goldwasser, Multiparty Computation with Faulty Majority, FOCS 1989.

No context found.

D. Beaver, S. Goldwasser, Multiparty Computation with Faulty Majority, FOCS 1989.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC