U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. of 26th STOC, pages 554-563, 1994.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....the protocol, except what is implied by the value of f(#x) and the inputs of the members of the coalition. In particular, the members of the coalition do not learn anything about the inputs of the other players. Private computation in this setting was the subject of considerable research, see e.g. [2, 3, 4, 5, 10, 12, 13, 14, 15, 16, 18, 19, 20, 21, 26]. Randomness is necessary to perform private computations involving more than two players (except for the computation of very degenerate functions) That is, the players must have access to a random source. As randomness is regarded as a scarce resource, methods for saving random bits in various ....

U. Feige, J. Kilian, and M. Naor, "A Minimal Model for Secure Computation", Proc. of 26th STOC, pp. 554-563, 1994.

.... value of the function f on their combined input, in a way that no single player learns any unnecessary information (in particular, the inputs of the other players) Private computation in this setting was first considered by Yao [36] and has been the subject of considerable amount of research [1, 2, 4, 5, 7, 8, 9, 12, 13, 16, 21, 22, 23]. Using randomness any function can be computed privately if the number of players is at least 3. On the other hand, for most functions (except very simple ones) randomness is necessary in order to compute the function privately. Randomness as a resource has been the subject of extensive ....

U. Feige, J. Kilian, and M. Naor, "A Minimal Model for Secure Computation", Proc. of 26th STOC, pp. 554-563, 1994.

....Private Simultaneous Messages Protocols with Applications Yuval Ishai and Eyal Kushilevitz Department of Computer Science Technion, Haifa 32000, Israel yuvali,eyalk cs.technion.ac. il Abstract We study the Private Simultaneous Messages (PSM) model which is a variant of the model proposed in [15]. In the PSM model there are n players P 1 ; Pn , each player P i holding a secret input x i (say, a bit) and all having access to a common random string. Each player sends a single message to a special player, Carol, depending on its own input and the random string (and independently of ....

....amount of attention. These include a variant of Yao s model of communication complexity, in which each party independently sends a (possibly randomized) message depending on its input to a common referee [18, 3, 21] and a private version of this model introduced by Feige, Kilian and Naor [15]. Despite the apparent simplicity of these non interactive models, they both turned out to be surprisingly rich, giving rise to interesting upper bounds as well as considerable difficulty in proving nontrivial lower bounds. The privacy model of Feige, Kilian and Naor (to be called in the sequel ....

[Article contains additional citation context not shown here]

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation (extended abstract). In Proc. of 26th STOC, pages 554--563, 1994.

....Ishai 1# and Eyal Kushilevitz 2## Princeton University, USA. yishai cs.princeton.edu. Technion, Israel. eyalk cs.technion.ac.il. Abstract. Various information theoretic constant round secure multiparty protocols are known for classes such as NC and polynomial size branching programs [1, 13, 18, 3, 19, 10]. All these protocols have a small probability of failure, or alternatively use an expected constant number of rounds, suggesting that this might be an inherent phenomenon. In the current paper we prove that this is not the case by presenting several constructions of perfect constant round ....

....secure computation. Following the initial plausibility results [26, 17, 6, 9] much of the research in this area has shifted to various complexity aspects of secure computation. In particular, the problem of obtaining constant round secure protocols has attracted a considerable amount of attention [1, 5, 4, 13, 18, 24, 3, 7, 19, 10, 21]. Our work continues this line of research, and focuses on the following question: can perfectly secure computation be realized with a constant number of rounds in the worst case In the computational setting for secure computation, any function that can be (efficiently) computed can also be ....

[Article contains additional citation context not shown here]

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation (extended abstract) . In Proc. of 26th STOC, pages 554--563, 1994.

....efficient perfect quadratic residuosity modulo a fixed prime yes statistical quadratic residuosity no 4.2 statistical co primality yes Table 1. Summary of Our Main Schemes. Our constructionswere inspired by a non interactiveprivate protocol for the quadratic residuosityproblem from [35]. In fact, every protocol in the model of [35, 41] can be transformed into a secret sharing scheme for a related access structure. In the context of communication complexity lower bounds, the quadratic residuosity problem has been used in [4, 3] Quasi linear schemes. In addition to the above ....

....modulo a fixed prime yes statistical quadratic residuosity no 4.2 statistical co primality yes Table 1. Summary of Our Main Schemes. Our constructionswere inspired by a non interactiveprivate protocol for the quadratic residuosityproblem from [35] In fact, every protocol in the model of [35, 41] can be transformed into a secret sharing scheme for a related access structure. In the context of communication complexity lower bounds, the quadratic residuosity problem has been used in [4, 3] Quasi linear schemes. In addition to the above specific candidates, we study a class of nonlinear ....

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. of the 26th Annu. ACM Symp. on the Theory of Computing, pages 554--563, 1994. 19

....protocols appears, quite miraculously, to never lose its steam. In this work we study the round complexity of secure multiparty computation. Following the initial plausibility results in this area [32, 21, 5, 10] considerable e orts have been spent on obtaining round ecient protocols [1, 4, 3, 13, 22, 31, 2, 8, 23, 17, 26, 11, 24]. In the multiparty setting, it was recently shown in [17] that every function can be securely computed in three rounds (tolerating a constant fraction of malicious players) and that for certain nontrivial tasks two rounds suce. This Most of this work was done while the author was at AT T ....

Uri Feige, Joe Kilian, and Moni Naor. A minimal model for secure computation (extended abstract). In Proc. 26th STOC, pages 554-563. ACM, 1994.

....to the lack of provable lower bounds in complexity theory, one cannot tell for sure whether this is an inherent phenomenon or just a limitation of currently known techniques. This is not clear a priori, and in fact most randomization techniques used in the context of constant round MPC (e.g. [1, 21, 3, 30]) clearly do not apply to this more general setting. from [13] with a variant of randomization technique from [3] While the main question in this context (namely, that of obtaining e#cient constant round protocols for arithmetic circuits) remains open, our techniques may still provide the best ....

....gates of unbounded fan in) can be simulated by a branching program of the same size. Thus, the results from Section 4.2 apply to formulas as well. We combine a complexity result due to Cleve [13] with a variant of a randomization technique due to Beaver [3] following Kilian [33] and Feige et al. [21]) to obtain an e#cient representation of formulas by degree 3 randomizing polynomials. If the formula is balanced, the complexity of this representation can be made nearly linear in the formula size. However, in contrast to the previous construction, the current one will not apply to a black box ....

[Article contains additional citation context not shown here]

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. of 26th STOC, pp. 554-563, 1994.

....against Clark so that the messages he receives altogether look completely random to him; i.e. Clark cannot distinguish the uniform distribution from the joint distribution of messages he receives from Alice and Bob. Note that our model is slightly di erent from that of Feige, Kilian, and Naor [7], who have Clark as the party to receive the result. Here is the protocol. 1. Bob sends random (r i ) i2[k] 2 F to Alice. He also sends (x i = x r i ) i2[k] to Clark. 2. Alice sends random (s i ) 0 i k 2 F k 1 to Bob. She also sends a 0 = a 0 s 0 i2[k] a i r i and (a ....

U. Feige, J. Kilian, and M. Naor, A minimal model for secure computation, in: Proc. 26th Ann. ACM Symp. Theory of Computing, 1994, pp. 554-563. 11

....servers can be tolerated by adding 2t 0 additional servers. 3. 2 Solutions based on private simultaneous messages protocols In this section, we construct protocols for SPFE by applying a SPIR protocol on top of a protocol for f in the socalled private simultaneous messages (PSM) model [23, 30]. We start by describing the PSM model, and then discuss its application to our problem. In the PSM model, there are m players P1 ; Pm and an external referee. Each player P j holds an input y j , and all of them share access to a common random input r, which is unknown to the referee. ....

....using perfectly secure PSM and SPIR protocols. We conclude this section by substituting known upper bounds on the complexity of PSM protocols in both the computational and information theoretic setting. Let Cf (resp. Bf ) be the size of a circuit (resp. branching program) computing f . In [23, 46], a computationally secure PSM protocol with communication complexity ( O( Delta Cf ) is given and in [30] a perfectly secure PSM protocol with communication complexity (O(B 2 f ) 0) is given. We denote the cost of a oneround SPIR protocol using k servers by SPIRk and the cost of a one one ....

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. Proc. 26th STOC, pp. 554--563, 1994.

....achievable if at most t n=2 players are corrupted [RB89,Bea91b,CDD 99] 1. 2 Previous work on eciency In the past, both the round complexity and the communication complexity of secure multi party protocol were subject to many investigations: Protocols with low round complexity [BB89,BFKR90,FKN94,IK00] su er either from an unacceptably high communication complexity (even quadratic in the number of multiplication gates) or tolerate only a very small number of cheaters. First steps towards better communication complexity were taken by Franklin and Yung [FY92] and Gennaro, Rabin, and Rabin ....

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. 26th ACM Symposium on the Theory of Computing (STOC), pp. 554-563, 1994.

....We thus use a minimal extension of the basic setting: we still disallow direct interaction between the databases, but we grant them access to a shared random string, known to all databases but unknown to the user. This kind of extension has been studied before in the context of private computation [11] (see also [12] and other scenarios such as non interactive zeroknowledge [5] Adding a resource of shared randomness to PIR schemes is particularly natural, since even in the basic PIR setting databases are required to maintain identical copies of the same data string. 1 Moreover, if one is ....

....the desired bit x i . Our idea is that it might be possible for the user to compute the value of f without actually getting the answers a 1 ; a k but rather some other messages m 1 ; m k that keep the privacy of the string x. This is a very similar scenario to the scenario of [11]. 2 The problem here is that not all functions are known to have an efficient solution in the model of [11] and even if the reconstruction function f does have an efficient solution, in order to maintain the communication complexity of the PIR scheme that we start with we need a solution for f ....

[Article contains additional citation context not shown here]

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation (extended abstract). In Proc. of 26th STOC, pages 554--563, 1994.

.... The types of tolerable adversaries have recently been generalized in a number of directions (adaptive adversaries [CFGN96] uncoercibility [CG96] non threshold adversaries [HM97] and some authors have investigated multi party computation for various minimality and complexity criteria [FKN94,CGT95,FY92,Kus89]. Security can also be classified according to the adversary s computational resources (limited, hence cryptographic security, e.g. CDG87,GMW87] or unlimited, hence unconditional or information theoretic security, e.g. BGW88,CCD88,RB89] In the information theoretic model one can distinguish ....

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. 26th ACM Symposium on the Theory of Computing (STOC), pages 554--563, 1994.

....the real one, Josephine is (probably) kept more or less in the dark as to the genuine outcome. To keep Josephine completely in the dark while maintaining the structure of the protocol seems to require substantial effort, but it can be done. The following protocol is based on work by Feige et al. [11] on secret computation and builds on [13] and [14] Using Barrington s Theorem [1] Ron and Moshe, working together, can associate with each candidate a pair of lists r 1 , r m and m 1 , m m such that: Each r i and m is a permutation of the set 1,2,3,4,5 . If r 1 , r ....

Feige, U., Kilian, J., and Naor, M. On minimal models for secure computation. In Proceedings of the 26th ACM Symposium on Theory of Computing (Montral, 1994), pp. 554--563.

No context found.

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. of 26th STOC, pages 554-563, 1994.

No context found.

Uri Feige, Joe Kilian, and Moni Naor. A minimal model for secure computation (extended abstract). In Proc. 26th STOC, pages 554--563. ACM, 1994.

No context found.

Uri Feige, Joe Kilian, and Moni Naor. A minimal model for secure computation (extended abstract). In Proceedings of the Twenty-Sixth Annual ACM Symposium on the Theory of Computing, pages 554--563, Montral, Qubec, Canada, 23--25 May 1994.

No context found.

U. Feige, J. Kilian, and M. Naor, "A Minimal Model for Secure Computation", STOC, pp. 554-563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In 26th Annual ACM Symposium on Theory of Computing, pages 554--563, Montral, Qubec, Canada, May 23--25, 1994. ACM Press.

No context found.

U. Feige, J. Kilian, and M. Naor, "A Minimal Model for Secure Computation", Proc. of 26th STOC, pp. 554-563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor, "A Minimal Model for Secure Computation", Proc. of 26th STOC, pp. 554-563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor, "A Minimal Model for Secure Computation", Proc. of 26th STOC, pp. 554-563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor, A minimal model for secure computation, in Proc. 26th Annual ACM Symposium on Theory of Computing (STOC), pp. 554-563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. of 26th STOC, pp. 554-563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In 26th ACM Symposium on the Theory of Computing (STOC), pages 554--563, 1994.

No context found.

U. Feige, J. Kilian, and M. Naor, A minimal model for secure computation, in Proc. 26th Annual ACM Symposium on Theory of Computing (STOC), pp. 554-563, 1994.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC