R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin. Ecient multiparty computations with dishonest minority. In Eurocrypt '99, pp. 311-326. LNCS No. 1592.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....if and only if t 2 . If one assumes pairwise secure channels but no computational assumptions, then one can compute any function securely if and only if t n=3 [5, 8] If one further assumes the availability of a secure broadcast channel, then one can in fact tolerate t n=2, and no more ([21, 3, 11]) All of these protocols rely on veri able secret sharing as a basic tool. Our solution draws most heavily on the techniques of Chaum, Cr epeau and Damg ard [8] Beyond these basic protocols, much work has focused on nding proper de nitions of security, e.g. 14, 4, 18, 20, 6] We adopt a ....

....unjammable, secret) quantum and classical channels, and that there is a classical authenticated broadcast channel to which all players have access. Because we will always consider settings where t 2 , we can also assume that players can perform classical multi party computations securely [11] . The adversary is an arbitrary quantum algorithm (or family of circuits) A (not necessarily polynomial time) and so the security of our protocols does not rely on computational assumptions. The real and ideal models, as well as the notion of security, are speci ed more carefully in [22] ....

R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin. Ecient multiparty computations with dishonest minority. In J. Stern, editor, Proc. of EUROCRYPT 99, volume 1592 of LNCS. IACR, Springer-Verlag, 1999.

....to a common broadcast channel, which allows each player to send a message to all players and ensures that the received message is identical. This private channels with broadcast scenario is a standard model for secure multi party computation in the information theoretic setting (see, e.g. [7, 17, 41, 2, 20, 21]) Without broadcast, even the simplest secure computation tasks cannot be solved in a constant number of rounds 1 t = 1, n 4 Yes Yes Yes 2 n 4t Yes Yes Yes 3 n 3t No Yes Yes 4 n 3t Yes Yes Table 1: Summary of VSS Bounds [35, 38] Veri able Secret Sharing (VSS) 18] VSS is a ....

....from secure multicast to VSS. Yet, our characterization places secure multicast somewhat lower in the rounds hierarchy than VSS. 2 n 4t or jM j 3t Yes Yes Yes 3 n = t Yes Yes Yes Table 2: Summary of Secure Multicast Bounds Previous Work. There is an extensive literature on VSS protocols [30, 7, 17, 22, 23, 24, 40, 20, 21, 19]. In our model (i.e. where there are private channels plus broadcast and no probability of error) the best known protocol was the one proposed in [7] referred to as the BGW protocol in the sequel. See [21] for a slight optimization of this protocol. This protocol applies to the case n 3t ....

[Article contains additional citation context not shown here]

R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin. Ecient multiparty computations with dishonest minority. In Eurocrypt '99, pp. 311-326. LNCS No. 1592.

....that the adversary has a rushing capability, namely in each round it may learn the messages sent at this round by uncorrupted players to the corrupted players before sending its own messages. This is the most commonly used model in the general secure multiparty computation literature (e.g. [21, 5, 10, 30, 28, 12]) and in particular it is the standard model assumed in the context of constant round secure multiparty computation (e.g. 1, 4, 3, 2, 23, 17] We will also address the situation in the fully synchronous setting, where the messages of each round are guaranteed to be simultaneous. As for other ....

R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin. Ecient multiparty computations with dishonest minority. In Eurocrypt '99, pages 311-326, 1999. LNCS No. 1592.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC