Matthias Fitzi, Martin Hirt, and Ueli Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology--- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science. Springer, 1998. Corrected proceedings version.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... e#ort has been put into enhancing these results, and nowadays there is a wide range of literature treating issues like improving the communication complexity (e.g. 24, 25, 28] or the round complexity (e.g. 1, 5, 3, 30] and coping with more powerful (e.g. 37, 10, 9] or more general (e.g. [27, 20, 14]) adversaries. A common restriction on all these results is that the function f is always assumed to be represented by an arithmetic circuit over a finite field, and hence all computations take place in this field. Thus, it is natural to ask whether MPC can also be e#ciently implemented over a ....

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Proc. of CRYPTO '98, LNCS 1462, pp. 121-136, 1998.

.... Martin Hirt, and Ueli Maurer Department of Computer Science Swiss Federal Institute of Technology (ETH) Zurich CH 8092 Zurich, Switzerland, fitzi,hirt,maurer inf.ethz.ch Changes Damgard [Dam99] pointed out a flaw in the multiplication protocol for the scenario of perfect security in [FHM98] and that hence the indicated tight bounds for multi party computation to be achievable of [FHM98] are false (a#ecting Lemma 2, Theorem 1 and Theorem 4) However, the results for the scenario of unconditional security (with negligible error probability) are not a#ected. This paper provides a ....

.... (ETH) Zurich CH 8092 Zurich, Switzerland, fitzi,hirt,maurer inf.ethz.ch Changes Damgard [Dam99] pointed out a flaw in the multiplication protocol for the scenario of perfect security in [FHM98] and that hence the indicated tight bounds for multi party computation to be achievable of [FHM98] are false (a#ecting Lemma 2, Theorem 1 and Theorem 4) However, the results for the scenario of unconditional security (with negligible error probability) are not a#ected. This paper provides a modified multiplication protocol and proves the correct tight bound for the achievability of perfectly ....

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, 1998.

.... Martin Hirt, and Ueli Maurer Department of Computer Science Swiss Federal Institute of Technology (ETH) Zurich CH 8092 Zurich, Switzerland, ffitzi,hirt,maurerg inf.ethz.ch Changes Damgard [Dam99] pointed out a flaw in the multiplication protocol for the scenario of perfect security in [FHM98] and that hence the indicated tight bounds for multi party computation to be achievable of [FHM98] are false (affecting Lemma 2, Theorem 1 and Theorem 4) However, the results for the scenario of unconditional security (with negligible error probability) are not affected. This paper provides a ....

.... (ETH) Zurich CH 8092 Zurich, Switzerland, ffitzi,hirt,maurerg inf.ethz.ch Changes Damgard [Dam99] pointed out a flaw in the multiplication protocol for the scenario of perfect security in [FHM98] and that hence the indicated tight bounds for multi party computation to be achievable of [FHM98] are false (affecting Lemma 2, Theorem 1 and Theorem 4) However, the results for the scenario of unconditional security (with negligible error probability) are not affected. This paper provides a modified multiplication protocol and proves the correct tight bound for the achievability of ....

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, 1998.

....and hence consistent with respect to ae. ut To our knowledge, the condition P 62 Delta tAtA for VSS to be possible has not been stated previously in the literature, although the condition for secure multiparty computation has been given in [7] In the threshold case, this confirms Lemma 1 of [6]: If the total number of (passively) corrupted players is t and if u of them can even be actively corrupted, then VSS is possible if and only if t 2u n. The following lemma will be helpful in the next section. Lemma 1. Predicate (4) is fulfilled if every pair ; 2 fulfills 2 span(Cj ....

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology -- CRYPTO '98, Lecture Notes in Computer Science. Springer, 1998. Corrected proceedings version.

....because the secret reconstruction protocol can also be performed towards an eliminated player (this player only receives values and cannot cause inconsistencies) Sharing. The sharing is based on Shamir s secret sharing scheme [Sha79] extended to a two dimensional sharing [GHY87,BGW88,CCD88,RB89,FHM98] Each value is shared among the players with a polynomial of degree t, and each share is again shared among the players with a polynomial of degree t. Formally, a value s is t shared among the players if there exist degree t polynomials f and f 1 ; fn with s = f(0) and f i (0) f( i ) ....

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology | CRYPTO '98, vol. 1462 of LNCS, pp. 121-136, 1998.

....terminology that a player P broadcasts a value. This is to be understood that an appropriate broadcast protocol with P as dealer is applied [BGP89, CW89] Sharing. The sharing is based on Shamir s secret sharing scheme [Sha79] extended to a two dimensional sharing [GHY87, BGW88, CCD88, RB89, FHM98] Each value is shared among the players with a polynomial of appropriate degree, and each share is again shared among the players with a polynomial of the same degree. Formally, a value s is d shared among the players if there exist degree d polynomials f and f 1 ; f n with s = f(0) and ....

Matthias Fitzi, Martin Hirt, and Ueli Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 121--136, 1998.

....adversary that either corrupts at most t n=3 players, or is polynomially bounded. The types of tolerable adversaries have recently been generalized in a number of directions (adaptive adversaries, e.g. CFGN96] uncoercibility, e.g. CG96] combined active, passive, and fail adversaries, e.g. [FHM98]) and some authors have investigated multiparty computation for various minimality and complexity criteria, e.g. Kus89] BB89] Bea89] FY92] FKN94] Rab94] CGT95] and [CKOR97] Another line of research is concerned with protocols that are tailored to a particular function like voting ....

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multiparty computation. In Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, 1998.

....that either passively or actively corrupts players up to given thresholds. Dolev, Dwork, Waarts, and Yung [DDWY93] proposed protocols and proved tight bounds for message transmission unconditionally secure in simultaneous presence of active and passive corruptions. Fitzi, Hirt, and Maurer [FHM98] proposed multi party protocols secure against mixed threshold adversaries. Based on the constructions of classical multi party protocols [BGW88,RB89] they constructed new protocols for an adversary that simultaneously actively, passively, and fail corrupts players up to given thresholds. ....

....4 we prove that for some adversary structures, every protocol requires complexity exponential in the number of players. This proof also applies to models with only passive or only active corruptions. 1 Indeed, the tightness proofs for the perfect models in this paper contradict the results of [FHM98] See [Dam99] for more details. 1.5 Outline In Sect. 2 we formally define the models. The main results of the paper, the characterization of the exact conditions for secure multi party protocols as well as the protocol constructions, are given in Sect. 3. In Sect. 4 we prove the existence of ....

[Article contains additional citation context not shown here]

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, 1998.

....secret sharing, threshold cryptography. Research supported by the Swiss National Science Foundation (SNF) SPP project no. 5003 045293. This is the corrected version of a paper with the same title which appeared in the proceedings of CRYPTO 98, vol. 1462 of LNCS, Springer Verlag, 1998 [FHM98]. 1 Introduction 1.1 Secure Multi Party Computation Consider a set of n players who do not trust each other. Nevertheless they want to compute an agreed function of their inputs in a secure way. Security means achieving correctness of the result of the computation while keeping the players ....

....a broadcast channel, is possible if and only if 2t a 2t p t f n and 3t a t f n. Unconditional security, with a broadcast channel, is possible if and only if 2t a 2t p t f n. 1. 4 Changes in this Corrected Version Damgard [Dam99] pointed out that the multiplication protocol of [FHM98] for the model with perfect security is not secure with respect to the weaker conditions 3t a t p t f n and 2t a 2t p t f n given in [FHM98] but only with respect to the stronger condition 3t a 2t p t f n. In this corrected version, we prove that the multiplication protocol is ....

[Article contains additional citation context not shown here]

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, 1998.

No context found.

Matthias Fitzi, Martin Hirt, and Ueli Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology--- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science. Springer, 1998. Corrected proceedings version.

No context found.

M. Fitzi, M. Hirt and U. Maurer, Trading Correctness for Privacy in Unconditional MultiParty Computation, CRYPTO 98, LNCS, Springer-Verlag, vol. 1462, 1998, pp. 121-136.

No context found.

M. Fitzi, M. Hirt, and U. Maurer. Trading correctness for privacy in unconditional multi-party computation. In Proc. of CRYPTO '98, LNCS 1462, pp. 121-136, 1998.

No context found.

Matthias Fitzi, Martin Hirt, and Ueli Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology|CRYPTO 98. Springer-Verlag, 1998. 22

No context found.

Matthias Fitzi, Martin Hirt, and Ueli Maurer. Trading correctness for privacy in unconditional multi-party computation. In Advances in Cryptology|CRYPTO 98. Springer-Verlag, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC