R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications ", Advances in Cryptology: Crypto '89 Proceedings, Springer-Verlag, 1990, pp. 573 -- 588.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....third party is present, there is no guarantee that the nodes can access it in a timely manner due to frequent and unpredictable disconnections from the fixed infrastructure. Although fair exchange protocols that do not rely on a trusted third party do exist (e.g. gradual secret release schemes [11] and probabilistic protocols [20] they are highly inefficient in the sense that they require a high number of messages to be exchanged in order to achieve an acceptable level of fairness. As a consequence, they are not suitable for applications in wireless ad hoc networks, where the number of ....

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. In Advances in Cryptology -- CRYPTO'89, pages 573--588, 1990.

....i.e. the information of originator s sending a message to the recipient and the information of the recipient s sending a receipt to the originator must be exchanged at the (almost) same time. One method to exchange information simultaneously is to use complicated cryptographic protocols[1] 2][4][5] 7] 10] but they seem to be impractical. The other method[12] is considered to utilize the reliable TTP (Trusted Third Party) This method is one of practical solutions, but the problem is high dependency on TTP in executing each step of the protocol compared to the previous method. In 1996, ....

R. Cleve, "Controlled Gradual Disclosure Schemes for Random Bits and Their Applications", In Advances in Cryptology: Proceedings of Crypto'89, LNCS 435, pp. 573-588, Springer-Verlag, 1990.

....et al. 17] which introduced a generic method in which the parties release one bit at a time of the items they wish to exchange. In most of the papers these items are signatures, but in our case these items are the email message and the receipt. Improvements were suggested by other researchers [12, 14, 20]. All these protocols are fair in the sense that if one of the parties defaults then it does not have a considerable advantage over the other party, since it knows at most one more bit than the other party. The recent work of Boneh and Naor [9] provides better fairness since it ensures that ....

Richard Cleve. Controlled gradual disclosure schemes for random bits and their applications. In G. Brassard, editor, CRYPTO'89, pages 573--588. Springer-Verlag, 1990.

....answer without sharing it with Ron. This situation, of course, exposes the deserter as a cheater, but at times there may be excuses, such as The line went down. This problem does not have a completely satisfactory solution, but it is possible to limit the advantage of the deserter (see, e.g. [2, 8, 10, 16]) Property 5: Simplicity Admittedly, some of our proposals are out of hand; Permutation Composition and perhaps Envelopes are too complex for realistic consideration. Special Purpose Device, of course, is not practical until such a device is available. Computer Program and Password require ....

Cleve, R. Controlled Gradual Disclosure Schemes for Random Bits and Their Applications, Advances in Cryptology, Crypto '89, Lecture Notes in Computer Science, Vol. 435, Springer-Verlag, New York 1987, pp. 573--587.

....is a generalization of the notion of fairness. In this section, we give an intuition about the former starting from a common interpretation of the latter. The notion of fairness first appeared in the context of protocols for exchange of secrets, contract signing, and certified electronic mail [10, 11, 7, 27, 38, 65, 85, 75, 83, 88]. More recently, fairness has also been studied in the context of protocols for exchange of documents, electronic sale, and non repudiation [6, 5, 20, 28, 31, 53, 57, 58, 89, 90] The most widely used intuitive interpretation of fairness says that a protocol is fair if no protocol participant can ....

....3.1 Introduction 3.1.1 Preliminaries FR s protocol [42] enables two parties X and Y to exchange documents with the mediation of a third party Z. It was designed to guarantee fair exchange , i.e. no party should be able to 1 We have not included here earlier work on contract signing [10, 11, 88, 65, 85, 27], because they are inefficient (not practical) and not applicable to electronic commerce protocols. 31 gain any advantage by quitting prematurely or otherwise misbehaving. Franklin and Reiter take fair exchange in a strict sense: a party engaged in an exchange should not be able to trick the ....

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. In Advances in Cryptology -- CRYPTO '89 Proceedings (Lecture Notes in Computer Science 435), pages 573--588, 1990. 152

....took much effort, and has not been completely resolved. For instance, defining privacy when the participants are computationally restricted is intrinsically different from the case where they are unrestricted. The fairness problem has been studied early [31] and has been elegantly solved [11], at least theoretically. More recently, people have come up with a general model that tries to encompass all the various properties and assumptions [2, 1, 32] However, with the advent of quantum protocols these models need more study. Yet another issue is the amount of resources needed [21] In ....

Richard Cleve (1990). Controlled gradual disclosure schemes for random bits and their applications. In G. Brassard, editor, Proc. CRYPTO 89, pages 573--588. Springer-Verlag. Lecture Notes in Computer Science No. 435.

....i.e. the information of originator s sending a message to the recipient and the information of the recipient s sending a receipt to the originator must be exchanged at the (almost) same time. One method to exchange information simultaneously is to use complicated cryptographic protocols[1] 2][4][5] 7] 10] but they seem to be impractical. The other method[12] is considered to utilize the reliable TTP (Trusted Third Party) This method is one of practical solutions, but the problem is high dependency on TTP in executing each step of the protocol compared to the previous method. In 1996, ....

R. Cleve, "Controlled Gradual Disclosure Schemes for Random Bits and Their Applications", In Advances in Cryptology: Proceedings of Crypto'89, LNCS 435, pp. 573-588, Springer-Verlag, 1990.

....took much effort, and has not been completely resolved. For instance, defining privacy when the participants are computationally restricted is intrinsically different from the case where they are unrestricted. The fairness problem has been studied early [31] and has been elegantly solved [11], at least theoretically. More recently, people have come up with a general model that tries to encompass all the various properties and assumptions [2, 1, 32] However, with the advent of quantum protocols these models need more study. Yet another issue is the amount of resources needed [21] In ....

Richard Cleve. Controlled gradual disclosure schemes for random bits and their applications. In G. Brassard, editor, Proc. CRYPTO 89, pages 573--588. SpringerVerlag, 1990. Lecture Notes in Computer Science No. 435.

....can exchange their digital items in a way that neither party can gain an advantage over the other. This report is an updated version of EPFL SSC Technical Report No. SSC 1999 039. The earlier version was published in December 1999. 1 Many scientific papers propose fair exchange protocols (e.g. [Cle89, Ket95, Jak95, Tyg96, DGLW96, ZG96, FR97, ASW97, Syv98, BDM98]) Interestingly enough, besides the details of the proposed protocols, these papers also differ in the interpretation of the concept of fairness informally described above. Examples for various interpretations include the following: ffl Early work on fair exchange has resulted in a number of ....

....proposed protocols, these papers also differ in the interpretation of the concept of fairness informally described above. Examples for various interpretations include the following: ffl Early work on fair exchange has resulted in a number of theoretically important fair exchange protocols (e.g. [Cle89]) which are based on gradual secret release schemes. In these protocols, the items of the parties are exchanged in small pieces, typically bitby bit. Here, fairness of the protocol means that the computational effort required from the parties to obtain each other s remaining bits is ....

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. In Proceedings of CRYPTO'89, pages 573--588, 1990.

....neither party can gain an advantage over the other by misbehaving and not faithfully following the rules of the protocol. This is a very general concept that has been interpreted in many different ways. Different interpretations have resulted in several different fair exchange protocols (e.g. [Cle89, Ket95, Jak95, Tyg96, DGLW96, ZG96, FR97, ASW97, Syv98]) that provide rather different types of fairness. Here are some examples: ffl Fairness is often considered to be some sort of atomicity property [Tyg96] which requires that, at any stage during the execution of the protocol, either each party has the item of the other or neither has any useful ....

....behaving party, but it also loses something or at least does not gain anything (apart from malicious joy) with the misbehaviour. These protocols, thus, remove the incentive to cheat and encourage each party to follow the protocol faithfully. ffl In a number of fair exchange protocols (e.g. [Cle89]) which are based on gradual secret release schemes, the items of the parties are exchanged in small pieces, typically bit bybit. Here, fairness of the protocol means that the computational effort required from the parties to obtain each other s remaining bits is approximately equal at any stage ....

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. In Proceedings of CRYPTO'89, pages 573--588, 1990.

....order for each honest participant to learn an output bit of F , every participant could open his share of the dbc representing the answer, but obviously a dishonest participant could quit when he has more information than others. Better solutions, which achieve fairness, appear in the literature [6][18] They can easily be incorporated into our protocol. 5.4 The validity of the PMPC protocol We do not claim to provide a full proof that the protocol presented here is secure. The security of the final protocol relies on the security of all the subprotocols that constitute it. Due to space ....

R. Cleve, Controlled Gradual Disclosure Schemes for Random Bits and Their Applications, Advances in Cryptology - CRYPTO'89, Springer-Verlag, 1991, pp. 573-- 590.

....fair exchange can ensure that a certified electronic mail is delivered to its destination if and only if a proof of that delivery is delivered to its sender. Early study yielded elegant but typically inefficient solutions to the fair exchange problem and the related contract signing problem [Blu81, Blu83, Yao86, LMR84, VV83, Cle89]. Also in this vein is recent work on ripping offline electronic coins [Jak95] this gives efficient two party solutions to a problem related to fair purchase using off line electronic cash, by removing the main financial incentive for cheating but without guaranteeing fairness. Most recent, ....

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. In Advances in Cryptology---CRYPTO '89 Proceedings (Lecture Notes in Computer Science 435), pages 573--588, Springer-Verlag, 1990.

....coin flips, a number of linear dependencies on the bits of the output. At the end of this process, each player learns enough linear dependencies to recover the output. Any premature termination leaves the adversary with only a negligible chance to guess one additional linear dependency. Cleve [35] shows how to extend the secret exchange protocol of Luby et al. to allow for a controlled disclosure of information. Rather than having each party s guess of the other s bit merely converge to the correct result, the rate of convergence can also be specified. This can speed up the round ....

R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications," Crypto 1989, 573-588

....coin flips, a number of linear dependencies on the bits of the output. At the end of this process, each player learns enough linear dependencies to recover the output. Any premature termination leaves the adversary with only a negligible chance to guess one additional linear dependency. Cleve [49] shows how to extend the secret exchange protocol of Luby et al. to allow for a controlled disclosure of information. Rather than having each party s guess of the other s bit merely converge to the correct result, the rate of convergence can also be specified. This can speed up the round ....

R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications," in Advances in Cryptology---CRYPTO '89 Proceedings (Lecture Notes in Computer Science, Vol. 435), ed. G. Brassard, 573--588, Springer-Verlag, New York, 1990.

....from the intended recipient certifying that the message has been received. On the other hand, the recipient would like to have the message when it issues the corresponding receipt. Generally speaking, there are two kinds of solutions to this problem. One uses simultaneous secret exchange [2, 3, 4, 5, 9], the other uses trusted third parties. The first solution interleaves sending the message and the receipt so that the recipient has only a negligible advantage. This approach seems to be too cumbersome for actual implementation. Moreover, fairness is based on the assumption of equal computational ....

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. Lecture Notes in Computer Science 435, Advances in Cryptology: Proceedings of Crypto'89, pages 573--588, Santa Barbara, CA, August 1989.

....w c for a secret integer 0 c t of his choice. It must be impossible for B to obtain information on more than one w i and for A to obtain information about which secret B learned. Andos has applications to mental poker [10] voting [38] zero knowledge proofs [2, 33, 41] exchange of secrets [7] and identification [21, 17] to name just a few. The main contribution of [6] was a reduction of ( t 1 ) OT k 2 to ( 2 1 ) OT 2 , i.e. an efficient twoparty protocol to achieve andos based on the assumption of the existence of a protocol for the simpler type of oblivious transfer. The fact ....

R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications ", Advances in Cryptology: Crypto '89 Proceedings, Springer-Verlag, 1990, pp. 573 -- 588.

....coin flips, a number of linear dependencies on the bits of the output. At the end of this process, each player learns enough linear dependencies to recover the output. Any premature termination leaves the adversary with only a negligible chance to guess one additional linear dependency. Cleve [41] shows how to extend the secret exchange protocol of Luby et al. to allow for a controlled disclosure of information. Rather than having each party s guess of the other s bit merely converge to the correct result, the rate of convergence can also be specified. This can speed up the round ....

R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications," Crypto 1989, 573-588

....obtain the answer without sharing it with Ron. This of course exposes the deserter as a cheater, but at times there may be excuses (such as the line went down ) This problem does not have a completely satisfactory solution, but it is possible to limit the advantage of the deserter (see e.g. [2, 8, 10, 16]) Property E: Simplicity Admittedly, some of our proposals have gotten out of hand; PERMUTATION COMPOSITION and perhaps ENVELOPES are too complex for realistic consideration. SPECIALPURPOSE DEVICE will of course not be practical until such a device is marketed. COMPUTER PROGRAM and PASSWORD ....

R. Cleve, Controlled Gradual Disclosure Schemes for Random Bits and Their Applications, Advances in Cryptology - Crypto'89, Lecture Notes in Computer Science, No. 435, Springer Verlag, 1987, pp. 573--587.

No context found.

R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications ", Advances in Cryptology: Crypto '89 Proceedings, Springer-Verlag, 1990, pp. 573 -- 588.

No context found.

Cleve, R. (1989) Controlled gradual disclosure schemes for random bits and their applications. In Brassard, G. (ed.), Proc. CRYPTO'89 (Lect. Notes Comput. Sci. 435), pp. 573--587. Springer-Verlag, Berlin, Germany.

No context found.

R. Cleve, Controlled Gradual Disclosure Schemes for Random Bits and Their Applications, Proc. Crypto'89, Lecture Notes in Computes Science # 435, pp. 573-588, Springer, 1990.

No context found.

R. Cleve. Controlled gradual disclosure schemes for random bits and their applications. In Proc. CRYPTO '89, pages 573--588, 1989.

No context found.

R. Cleve, Controlled gradual disclosure schemes for random bits and their applications, Advances in Cryptology -- CRYPTO'89, pp. 573-588, 1989.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC