O. Goldreich and R. Vainish, "How to solve any protocol problem---an efficiency improvement ", Advances in Cryptology: Crypto '87 Proceedings, Springer-Verlag, 1988, pp. 73 -- 86. 19  Home/Search   Document Details and Download   Summary   Related Articles   Check

....by comparing the first bits of the decrypted string with R. Proceeding this way through the entire circuit, A obtains the encoding of the final output and applies m to reveal the plain output bit. Another protocol for two party secure computation based on oblivious transfer is presented in [GOL 87b] The basic idea in this protocol is to have the participants compute the circuit on data that is shared by the two parties using a technique known as secret sharing. 2.3. Autonomous protocols The protocols discussed in the two previous subsections require more communication rounds than ....

O. GOLDREICH, R. VAINISH. "How to solve any protocol problem: an efficiency improvement", Proceedings of Crypto'87, LNCS 293, pp. 73--86, Springer Verlag, 1987

....by comparing the first bits of the decrypted string with R. Proceeding this way through the entire circuit, A obtains the encoding of the final output and applies OE m to reveal the plain output bit. Another protocol for two party secure computation based on oblivious transfer is presented in [9]. The basic idea in this protocol is to have the participants compute the circuit on data that is shared by the two parties using a technique known as secret sharing. 2.3 Autonomous protocols The protocols discussed in the two previous subsections require more communication rounds than strictly ....

O. Goldreich, R. Vainish. "How to solve any protocol problem: an efficiency improvement", Proceedings of Crypto'87, LNCS 293, pp. 73--86, Springer Verlag, 1987

....nothing about y and such that Bob learns nothing about x. In fact, the mechanisms developed in this work allows for such scenarios. Secure circuit evaluationhas been introduced byYao [38] and Goldreich, Micali, and Wigderson [25] based on cryptographic assumptions; other results followed in [19, 26]. Kilian, then, characterized Oblivious Transfer (O.T. as a basic tool upon which secure circuit evaluation can be constructed [27] Multi party computations in the information theoretic model were given by Ben Or, Goldwasser, Wigderson and Chaum, Crepeau and Damgaard [7, 10] Various elegant ....

O. Goldreich, R. Vainish. How to Solve any Protocol Problem -- An Efficiency Improvement. Crypto '87.

....Wiesner [31] under the name of multiplexing ) in a paper that marked the birth of quantum cryptography. Oblivious transfer has since become the basis for realizing a broad class of cryptographic protocols, such as bit commitment, zero knowledge proofs, and general secure multiparty computation [32, 21, 22, 25, 18]. In a one out of two oblivious transfer, denoted 2 1 OT, one party Alice owns two secret bits b 0 and b 1 , and another party Bob wants to learn b c for a secret bit c of his choice. Alice is willing to collaborate provided that Bob does not learn any information about b c 1 , but Bob ....

O. Goldreich and R. Vainish. How to solve any protocol problem -- an efficiency improvement. In C. Pomerance, editor, Advances in Cryptology: CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 73--86. Springer, 1988.

....[Wie70] under the name of multiplexing ) in a paper that marked the birth of quantum cryptography. Oblivious transfer has since become the basis for realizing a broad class of cryptographic protocols, such as bit commitment, zeroknowledge proofs, and general secure multiparty computation [Yao86, GMW87, GV88, Kil88a, CvdGT95]. In a one out of two oblivious transfer, denoted ( OT, one party Alice owns two secret bits ) and ) and another party Bob wants to learn ) for a secret bit of his choice. Alice is willing to collaborate provided that Bob does not learn any information about ) but ....

Oded Goldreich and Ronen Vainish, How to solve any protocol problem -- an efficiency improvement, Advances in Cryptology: CRYPTO '87 (Carl Pomerance, ed.), Lecture Notes in Computer Science, vol. 293, Springer, 1988, pp. 73--86.

....by comparing the first bits of the decrypted string with R. Proceeding this way through the entire circuit, A obtains the encoding of the final output and applies OE m to reveal the plain output bit. Another protocol for 2 party secure computation based on oblivious transfer is presented in [9]. The basic idea in this protocol is to have the participants compute the circuit on data that is shared by the two parties using a technique known as secret sharing. 6 2.3 Autonomous protocols The protocols discussed in the two previous subsections require more communication rounds than ....

O. Goldreich, R. Vainish. "How to solve any protocol problem: an efficiency improvement", Proceedings of Crypto'87, LNCS 293, pp. 73--86, Springer Verlag, 1987

....all the participants have only restricted computational resources and that computationally hard problems exist. Here the hard problem can be of a specific nature and possess specific algebraic properties that makes the protocol implementation easier; many of the earlier solutions were of this kind [22, 19, 25]. Some protocols used the more general assumption that one way functions exist [24] g is a one way function if g is easy to compute whereas g Gamma1 is hard to compute; if P = NP then one way functions cannot exist) The majority of participants are honest: If we assume that a reliable ....

Oded Goldreich & Ronen Vainish (1988). How to solve any protocol problem - an efficiency improvement. In Carl Pomerance, editor, Proc. CRYPTO 87, pages 73--86. Springer-Verlag. Lecture Notes in Computer Science No. 293.

....have only restricted computational resources and that computationally hard problems exist. Here the hard problem can be of a specific nature and possess specific algebraic properties that makes the protocol implementation easier; many of the earlier solutions solutions were of this kind [22, 19, 25]. Some protocols used the more general assumption that one way functions exist [24] g is a one way function if g is easy to compute whereas g Gamma1 is hard to compute; if P = NP than one way functions cannot exist) The majority of participants is honest: If we assume that a reliable ....

Oded Goldreich and Ronen Vainish. How to solve any protocol problem - an efficiency improvement. In Carl Pomerance, editor, Proc. CRYPTO 87, pages 73--

....[Wie70] under the name of multiplexing ) in a paper that marked the birth of quantum cryptography. Oblivious transfer has since become the basis for realizing a broad class of cryptographic protocols, such as bit commitment, zeroknowledge proofs, and general secure multiparty computation [Yao86, GMW87, GV88, Kil88a, CvdGT95]. In a one out of two oblivious transfer, denoted Gamma 2 1 Delta OT, one party Alice owns two secret bits b 0 and b 1 , and another party Bob wants to learn b c for a secret bit c of his choice. Alice is willing to collaborate provided that Bob does not learn any information about b c Phi1 ....

Oded Goldreich and Ronen Vainish, How to solve any protocol problem -- an efficiency improvement, Advances in Cryptology: CRYPTO '87 (Carl Pomerance, ed.), Lecture Notes in Computer Science, vol. 293, Springer, 1988, pp. 73--86.

....non trivial function is complete in the malicious model. Proof. We start by proving the analogue of Theorem 2 for the honest but curious model. Claim 3. If a function f( Delta; Delta) contains an insecure minor, then f is complete in the bounded honest but curious model. Proof. It is proven in [GV87] that OT is complete in the bounded honest butcurious model. Therefore, to establish our claim it suffices to prove that whenever f contains an insecure minor then OT reduces to f . Let (A f ; B f ) be a secure protocol computing the function f in the bounded honest but curious model. Because the ....

O. Goldreich and R. Vainish. How to solve any protocol problem---an efficiency improvement. In Advances in Cryptology -- CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 73--86. Springer, 1988.

....Wiesner [31] under the name of multiplexing ) in a paper that marked the birth of quantum cryptography. Oblivious transfer has since become the basis for realizing a broad class of cryptographic protocols, such as bit commitment, zero knowledge proofs, and general secure multiparty computation [32, 21, 22, 25, 18]. In a one out of two oblivious transfer, denoted Gamma 2 1 Delta OT, one party Alice owns two secret bits b 0 and b 1 , and another party Bob wants to learn b c for a secret bit c of his choice. Alice is willing to collaborate provided that Bob does not learn any information about b c Phi1 ....

O. Goldreich and R. Vainish. How to solve any protocol problem -- an efficiency improvement. In C. Pomerance, editor, Advances in Cryptology: CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 73--86. Springer, 1988.

....special xor property. The global running time is O(n 2 ) in the first case and O(n) in the second (excluding the time necessary to build the code) cot is a very powerful tool that can be used to perform general cryptographic tasks such as Oblivious Circuit Evaluation (oce) 19] or Mental Games [16, 17], and Distributed Computation [18] Such tasks have been achieved before [19] regardless of cot from generic bc and ot, but unfortunately the solution was not only complicated but very inefficient. At EUROCRYPT 89, Cr epeau [8] introduced cot under the label Verifiable Oblivious Transfer and ....

....regardless of cot from generic bc and ot, but unfortunately the solution was not only complicated but very inefficient. At EUROCRYPT 89, Cr epeau [8] introduced cot under the label Verifiable Oblivious Transfer and used it in a simpler protocol for oce based on the work of Goldreich and Vanish [17]. Unfortunately this protocol for cot used Omega (n 3 ) ots, which is still rather inefficient. An apparently more efficient protocol for cot (using only O(n) ots) was presented in [18] under the label Preprocess Oblivious Transfer . Unfortunately, it is very easy to misbehave in that protocol ....

O. Goldreich, R. Vainish, How to solve any protocol problem --- an efficiency improvement, Advances in Cryptology - CRYPTO'87, Springer-Verlag, 1988, pp. 73-- 86.

....Chaum, Cr epeau and Damgard[CCD88] and Rabin and Ben Or [RB89] succeed in defeating the influence of bad players without making use of cryptography, assuming that the privacy of communication among players is guaranteed. Other general protocols with different and interesting properties include [GV87, CR87, CDG87, GHY87, Be88, BG89, Ch89]. The GMW paradigm. In the above multiparty protocols, the underlying notions of security are often quite different, and so are the assumed communication models. Nonetheless, all of them follow the same paradigm of [GMW87] that we now describe. There are three stages. In the first stage, each ....

O. Goldreich and R. Vainish, "How to Solve any Protocol Problem---An Efficiency Improvement," CRYPTO-87 Proceedings, 76--86.

.... swapping for Goldreich, Micali, and Wigderson; andxoring, i.e. f( x; y) z) x8(yz) for Galil, Haber, and Yung. In each case, a general protocol for two party secure computation was then invoked to establish that the complete multi party protocol was possible. Goldreich and Vainish [46] observe that general two party secure computation is unnecessary for these two specific cases. Assuming a protocol for Oblivious Transfer, special purpose private protocols can achieve the necessary aims directly. For and xoring, the first player can create two secrets s 0 = x 8 (y 0) x and s ....

....those fair multi party protocols that rely on this technique for gradual revelation. 5.5 Summary This section has covered various techniques for multi party secure computation using cryptographic means. Multi party computation can proceed by a succession of simpler two party protocols [45] 43] [46], or by a direct extension of the two party technique of creating and evaluating a scrambled version of the circuit under consideration [30] Protocols that are secure against an active adversary can be achieved by adding zero knowledge validations of all messages, in either a general manner ....

O. Goldreich and R. Vainish, "How to solve any protocol problem -- an efficiency improvement," Crypto 1987, 73-86.

....R and using ralacs instead. The reader may observe that indeed scalar is nothing else but a specific implementation of a primitive known as 2BP defined in [BCR86] In a computational model, a similar idea is implicitly used to solve the problem of computing scalar products in full generality in [GV88]. In [BCR86] it is shown that given any primitive that transfers either b 0 , b 1 or any one bit of information about b 0 ; b 1 , it is possible to construct a protocol statistically indistinguishable from i 2 1 j OT 2 . Since reduction 2.3 enables an adversary to get either b 0 , b 1 , b ....

O. Goldreich and R. Vainish. How to solve any protocol problem-an efficiency improvement (extended abstract). In C. Pomerance, editor, Advances in Cryptology: Proceedings of Crypto '87, pages 73--86, Springer-Verlag, 1988.

....in the foundations of cryptography. Oblivious transfer was introduced some time ago in several variations [Rab81, EGL83] and has since become the basis for realizing a broad class of interactive protocols, such as bit commitment, zero knowledge proofs, and general secure multiparty computation [Yao86, GMW87, GV88, Kil88]. In this paper, we view oblivious transfer (OT) as asymmetric information distribution between two participants. An OT from Alice to Bob corresponds to a pair of correlated random variables X and Y with specially connected distributions. Alice s input X is transformed into Bob s output Y ....

Oded Goldreich and Ronen Vainish, How to solve any protocol problem -- an efficiency improvement, Advances in Cryptology: CRYPTO '87 (Carl Pomerance, ed.), Lecture Notes in Computer Science, vol. 293, Springer, 1988, pp. 73--86.

No context found.

O. Goldreich and R. Vainish. How to Solve any Protocol Problem -- An Efficiency Improvement. In Crypto87, Springer Verlag, Lecture Notes in Computer Science (Vol. 293), pages 73--86.

No context found.

O. Goldreich and R. Vainish. How to Solve any Protocol Problem -- An Efficiency Improvement. In Crypto87, Springer Verlag, Lecture Notes in Computer Science (Vol. 293), pages 73--86.

....The latter asymmetry has its own merits as demonstrated in [53] In constructing protocols for the semi honest models, we follows the framework of Goldreich, Micali and Wigderson [41] while adapting important simplifications due to Haber and Micali (priv. comm. 1986) and Goldreich and Vainish [43]. In particular, Haber and Micali suggested to consider arithmetic circuits over GF(2) rather than the (awkward) straight line programs over permutation groups considered in [41] 5 The reduction of the private computation of the (multiparty) multiplication gate emulation to OT 4 1 is due to ....

.... In particular, Haber and Micali suggested to consider arithmetic circuits over GF(2) rather than the (awkward) straight line programs over permutation groups considered in [41] 5 The reduction of the private computation of the (multiparty) multiplication gate emulation to OT 4 1 is due to [43]; in [41] the former was implemented by invoking Yao s general secure two party computation result. 6 In presenting the semi honest to malicious compilers (or the paradigm of forcing semi honest behavior) we follow the outline provided in [40, FOCS Ver. Sec. 4] and [41, Sec. 5] The ....

O. Goldreich and R. Vainish. How to Solve any Protocol Problem -- An Efficiency Improvement. In Crypto87, Springer Verlag, Lecture Notes in Computer Science (Vol. 293), pages 73--86.

No context found.

O. Goldreich and R. Vainish, "How to solve any protocol problem---an efficiency improvement ", Advances in Cryptology: Crypto '87 Proceedings, Springer-Verlag, 1988, pp. 73 -- 86. 19

No context found.

O. GOLDREICH, R. VAINISH. "How to solve any protocol problem: an efficiency improvement", Proceedings of Crypto'87, LNCS 293, pp. 73--86, Springer Verlag, 1987

No context found.

O. Goldreich, and R. Vainish, How to Solve any Protocol Problem -- An efficiency Improvement, CRYPTO 87.

No context found.

O. Goldreich, and R. Vainish, How to Solve any Protocol Problem -- An efficiency Improvement, Crypto 87.

No context found.

O. Goldreich, and R. Vainish, How to Solve any Protocol Problem -- An efficiency Improvement, Crypto 87.

No context found.

O. Goldreich, R. Vainish, "How to Solve Any Protocol Problem --- An Efficiency Improvement ", Advances in Cryptology: Crypto'87, Springer-Verlag, 1988, pp. 73 -- 86.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC