Results 11  20
of
599
Asynchronous protocols for optimistic fair exchange. In:
 Proceedings of the IEEE symposium on security and privacy,
, 1998
"... ..."
Universally Composable TwoParty and MultiParty Secure Computation
, 2002
"... We show how to securely realize any twoparty and multiparty functionality in a universally composable way, regardless of the number of corrupted participants. That is, we consider an asynchronous multiparty network with open communication and an adversary that can adaptively corrupt as many pa ..."
Abstract

Cited by 151 (34 self)
 Add to MetaCart
(Show Context)
We show how to securely realize any twoparty and multiparty functionality in a universally composable way, regardless of the number of corrupted participants. That is, we consider an asynchronous multiparty network with open communication and an adversary that can adaptively corrupt as many parties as it wishes. In this setting, our protocols allow any subset of the parties (with pairs of parties being a special case) to securely realize any desired functionality of their local inputs, and be guaranteed that security is preserved regardless of the activity in the rest of the network. This implies that security is preserved under concurrent composition of an unbounded number of protocol executions, it implies nonmalleability with respect to arbitrary protocols, and more. Our constructions are in the common reference string model and rely on standard intractability assumptions.
Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract)
, 1988
"... ) Claude Cr'epeau Department of Computer Science MIT Joe Kilian y Mathematics Department MIT Abstract A useful paradigm in studying cryptographic scenarios is that of protocol minimalism. That is, given a cryptographic model, one wishes to determine the simplest protocols one needs in order ..."
Abstract

Cited by 134 (12 self)
 Add to MetaCart
) Claude Cr'epeau Department of Computer Science MIT Joe Kilian y Mathematics Department MIT Abstract A useful paradigm in studying cryptographic scenarios is that of protocol minimalism. That is, given a cryptographic model, one wishes to determine the simplest protocols one needs in order to be able to implement secure protocols in general. In the standard cryptographic model, this approach allows one to encapsulate ones cryptographic assumptions. In other, nonstandard scenarios, the approach can greatly simplifying the task of developing protocols without cryptographic assumptions. Oblivious transfer protocols, first introduced by Rabin [R], are conceptually very simple, yet can be used to implement a wide variety of protocols([EGL],[BCR1],[K]). The versatility of these games amply motivates a wider study of the power of simple twoparty games. In this paper, we present some general techniques for establishing the cryptographic strength of a wide variety of games. As case studie...
Protecting Data Privacy in Private Information Retrieval Schemes
 JCSS
"... Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for suc ..."
Abstract

Cited by 133 (21 self)
 Add to MetaCart
(Show Context)
Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity.
Lossy Trapdoor Functions and Their Applications
, 2007
"... We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of lattice problems. Using lossy TDFs, we develop a ..."
Abstract

Cited by 126 (21 self)
 Add to MetaCart
(Show Context)
We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of lattice problems. Using lossy TDFs, we develop a new approach for constructing several important cryptographic primitives, including (injective) trapdoor functions, collisionresistant hash functions, oblivious transfer, and chosen ciphertextsecure cryptosystems. All of the constructions are simple, efficient, and blackbox. These results resolve some longstanding open problems in cryptography. They give the first known injective trapdoor functions based on problems not directly related to integer factorization, and provide the first known CCAsecure cryptosystem based solely on the worstcase complexity of lattice problems.
Efficient and practical fair exchange protocols with offline TTP. In:
 Proceedings of IEEE symposium on security and privacy,
, 1998
"... ..."
(Show Context)
Priced Oblivious Transfer: How to Sell Digital Goods
 In Birgit Pfitzmann, editor, Advances in Cryptology — EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science
, 2001
"... Abstract. We consider the question of protecting the privacy of customers buying digital goods. More specifically, our goal is to allow a buyer to purchase digital goods from a vendor without letting the vendor learn what, and to the extent possible also when and how much, it is buying. We propose s ..."
Abstract

Cited by 125 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the question of protecting the privacy of customers buying digital goods. More specifically, our goal is to allow a buyer to purchase digital goods from a vendor without letting the vendor learn what, and to the extent possible also when and how much, it is buying. We propose solutions which allow the buyer, after making an initial deposit, to engage in an unlimited number of priced oblivioustransfer protocols, satisfying the following requirements: As long as the buyer’s balance contains sufficient funds, it will successfully retrieve the selected item and its balance will be debited by the item’s price. However, the buyer should be unable to retrieve an item whose cost exceeds its remaining balance. The vendor should learn nothing except what must inevitably be learned, namely, the amount of interaction and the initial deposit amount (which imply upper bounds on the quantity and total price of all information obtained by the buyer). In particular, the vendor should be unable to learn what the buyer’s current balance is or when it actually runs out of its funds. The technical tools we develop, in the process of solving this problem, seem to be of independent interest. In particular, we present the first oneround (twopass) protocol for oblivious transfer that does not rely on the random oracle model (a very similar protocol was independently proposed by Naor and Pinkas [21]). This protocol is a special case of a more general “conditional disclosure ” methodology, which extends a previous approach from [11] and adapts it to the 2party setting. 1
An efficient protocol for secure twoparty computation in the presence of malicious adversaries
 In Proceedings of the annual international conference on Advances in Cryptology
, 2007
"... Abstract. We show an efficient secure twoparty protocol, based on Yao’s construction, which provides security against malicious adversaries. Yao’s original protocol is only secure in the presence of semihonest adversaries. Security against malicious adversaries can be obtained by applying the comp ..."
Abstract

Cited by 121 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We show an efficient secure twoparty protocol, based on Yao’s construction, which provides security against malicious adversaries. Yao’s original protocol is only secure in the presence of semihonest adversaries. Security against malicious adversaries can be obtained by applying the compiler of Goldreich, Micali and Wigderson (the “GMW compiler”). However, this approach does not seem to be very practical as it requires using generic zeroknowledge proofs. Our construction is based on applying cutandchoose techniques to the original circuit and inputs. Security is proved according to the ideal/real simulation paradigm, and the proof is in the standard model (with no random oracle model or common reference string assumptions). The resulting protocol is computationally efficient: the only usage of asymmetric cryptography is for running O(1) oblivious transfers for each input bit (or for each bit of a statistical security parameter, whichever is larger). Our protocol combines techniques from folklore (like cutandchoose) along with new techniques for efficiently proving consistency of inputs. We remark that a naive implementation of the cutandchoose technique with Yao’s protocol does not yield a secure protocol. This is the first paper to show how to properly implement these techniques, and to provide a full proof of security. Our protocol can also be interpreted as a constantround blackbox reduction of secure twoparty computation to oblivious transfer and perfectlyhiding commitments, or a blackbox reduction of secure twoparty computation to oblivious transfer alone, with a number of rounds which is linear in a statistical security parameter. These two reductions are comparable to Kilian’s reduction, which uses OT alone but incurs a number of rounds which is linear in the depth of the circuit [18]. 1
Faster Secure TwoParty Computation Using Garbled Circuits
 In USENIX Security Symposium
, 2011
"... Secure twoparty computation enables two parties to evaluate a function cooperatively without revealing to either party anything beyond the function’s output. The garbledcircuit technique, a generic approach to secure twoparty computation for semihonest participants, was developed by Yao in the 1 ..."
Abstract

Cited by 121 (22 self)
 Add to MetaCart
(Show Context)
Secure twoparty computation enables two parties to evaluate a function cooperatively without revealing to either party anything beyond the function’s output. The garbledcircuit technique, a generic approach to secure twoparty computation for semihonest participants, was developed by Yao in the 1980s, but has been viewed as being of limited practical significance due to its inefficiency. We demonstrate several techniques for improving the running time and memory requirements of the garbledcircuit technique, resulting in an implementation of generic secure twoparty computation that is significantly faster than any previously reported while also scaling to arbitrarily large circuits. We validate our approach by demonstrating secure computation of circuits with over 10 9 gates at a rate of roughly 10 µs per garbled gate, and showing orderofmagnitude improvements over the best previous privacypreserving protocols for computing Hamming distance, Levenshtein distance, SmithWaterman genome alignment, and AES. 1