#### DMCA

## Privacy Preserving Data Mining (2000)

### Cached

### Download Links

- [www278.pair.com]
- [www.aladdin.cs.cmu.edu]
- [www.pinkas.net]
- [www278.pair.com]
- [www.cs.ru.nl]
- [www.wisdom.weizmann.ac.il]
- [www.wisdom.weizmann.ac.il]
- [www.iacr.org]
- DBLP

### Other Repositories/Bibliography

Venue: | JOURNAL OF CRYPTOLOGY |

Citations: | 525 - 9 self |

### Citations

4377 | Induction of decision trees - Quinlan - 1986 |

1009 | Public-key cryptosystems based on composite degree residuosity classes
- Paillier
(Show Context)
Citation Context ...onal Di±e-Hellman assumption holds. The protocol is very simple since it is assumed that the parties are semi-honest. It can be converted to one which computes P (x) using the the methods of Paillier =-=[18]-=-, who presented a trapdoor for computing discrete logs. Security against malicious parties can be obtained using proofs of knowledge. The protocol consists of the following steps: { The receiver choos... |

847 |
Completeness theorems for non-cryptographic fault-tolerant distributed computation.
- Ben-Or, Goldwasser, et al.
- 1988
(Show Context)
Citation Context ... may be buried in a complex application is a non-trivial task. 1.1 Related Work Secure two party computation was ¯rst investigated by Yao [21], and was later generalized to multi-party computation in =-=[13, 2, 5]-=-. These works all use a similar methodology: the function F to be computed is ¯rst represented as a combinatorial circuit, and then the parties run a short protocol for every gate in the circuit. Whil... |

741 |
How to generate and exchange secrets,
- Yao
- 1986
(Show Context)
Citation Context ...ealistic one; that is, deviating from a speci¯ed program which may be buried in a complex application is a non-trivial task. 1.1 Related Work Secure two party computation was ¯rst investigated by Yao =-=[21]-=-, and was later generalized to multi-party computation in [13, 2, 5]. These works all use a similar methodology: the function F to be computed is ¯rst represented as a combinatorial circuit, and then ... |

636 |
How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In
- Goldreich, Micali, et al.
- 1987
(Show Context)
Citation Context ...ge Databases and E±cient Computation. We have described a model which is exactly that of multi-party computation. Therefore, there exists a secure solution for any functionality (Goldreich et. al. in =-=[13]-=-). As we discuss in Section 1.1, due to the fact that these solutions are generic, they are highly inef¯cient. In our case where the inputs are very large and the algorithms reasonably complex, they a... |

599 | A randomized protocol for signing contracts,"
- Even, Goldreich, et al.
- 1985
(Show Context)
Citation Context ...e±cient protocols for computing approximations of distances. 4 Cryptographic Tools 4.1 Oblivious Transfer The notion of 1-out-2 oblivious transfer (OT 21 ) was suggested by Even, Goldreich and Lempel =-=[8]-=-, as a generalization of Rabin's \oblivious transfer" [20]. This protocol involves two parties, the sender and the receiver. The sender has two inputs hX0; X1i, and the receiver has an input 2 f0; 1... |

556 | Multi-party unconditionally secure protocols.
- Chaum, Crepeau, et al.
- 1988
(Show Context)
Citation Context ... may be buried in a complex application is a non-trivial task. 1.1 Related Work Secure two party computation was ¯rst investigated by Yao [21], and was later generalized to multi-party computation in =-=[13, 2, 5]-=-. These works all use a similar methodology: the function F to be computed is ¯rst represented as a combinatorial circuit, and then the parties run a short protocol for every gate in the circuit. Whil... |

463 | Security and composition of multiparty cryptographic protocols.
- Canetti
- 2000
(Show Context)
Citation Context ... "2 2 + "3 3 ¡ "4 4 + ¢ ¢ ¢ for ¡ 1 < " < 1 It is easy to verify that the error for a partial evaluation of the series is as follows:¯̄̄̄ ¯ln(1 + ")¡ kX i=1 (¡1)i¡1"i i ¯̄̄̄ ¯ < j"jk+1k + 1 ¢ 11¡ j"j =-=(4)-=- As is demonstrated in Section 6.3, the error shrinks exponentially as k grows. Now, given an input x, let 2n be the power of 2 which is closest to x (in the ID3± application, note that n < log jT j).... |

381 |
How to Exchange Secrets by Oblivious Transfers.
- Rabin
- 1981
(Show Context)
Citation Context ...es. 4 Cryptographic Tools 4.1 Oblivious Transfer The notion of 1-out-2 oblivious transfer (OT 21 ) was suggested by Even, Goldreich and Lempel [8], as a generalization of Rabin's \oblivious transfer" =-=[20]-=-. This protocol involves two parties, the sender and the receiver. The sender has two inputs hX0; X1i, and the receiver has an input 2 f0; 1g. At the end of the protocol the receiver should learn X... |

232 |
Oblivious transfer and polynomial evaluation,”
- Naor, Pinkas
- 1999
(Show Context)
Citation Context ... ¯eld F and a receiver with an element x 2 F . The receiver obtains P (x) without learning anything else about the polynomial P and the sender learns nothing about x. This primitive was introduced in =-=[16]-=-. For our solution we use a new protocol [7] that requires O(k) exponentiations in order to evaluate a polynomial of degree k (where the `O' coe±cient is very small). This is important as we work with... |

150 | Efficient generation of shared RSA keys - Boneh, Franklin |

128 |
Non-interactive oblivious transfer and applications,”
- Bellare, Micali
- 1989
(Show Context)
Citation Context ...ut 2 f0; 1g. At the end of the protocol the receiver should learn X and no other information, and the sender should learn nothing. Very attractive non-interactive OT 21 protocols were presented in =-=[1]-=-. More recent results in [17] reduce the amortized overhead of OT 21 , and describe non-interactive OT 21 of strings whose security is not based on the \random oracle" assumption. Oblivious transfer p... |

82 | Secure multi-party computation.
- Goldreich
- 1998
(Show Context)
Citation Context ...mputation of Functions The model for this work is that of general multi-party computation, more speci¯- cally between two semi-honest parties. Our formal de¯nitions here are according to Goldreich in =-=[12]-=-. We now present in brief the de¯nition for general twoparty computation of a functionality with semi-honest parties only. We present a formalization based on the simulation paradigm (this is equivale... |

80 | Comparing information without leaking it,” - Fagin, Naor, et al. - 1996 |

44 | Uses of Randomness in Algorithms and Protocols - Kilian - 1990 |

34 | Two party RSA Key Generation
- Gilboa
- 1999
(Show Context)
Citation Context ...f small circuits with small inputs can be practical using the [21] protocol.1 There is a major di®erence between the protocol described in this paper and other examples of multi-party protocols (e.g. =-=[3, 11, 6]-=-). While previous protocols were e±cient (polynomial) in the size of their inputs, this property does not su±ce for data mining applications, as the input consists of huge databases. In the protocol p... |

29 | Efficient oblivious transfer protocols - Noar, Pinkas - 2001 |

26 | Oblivious polynomial evaluation.
- Naor, Pinkas
- 2006
(Show Context)
Citation Context .... The receiver obtains P (x) without learning anything else about the polynomial P and the sender learns nothing about x. This primitive was introduced in [16]. For our solution we use a new protocol =-=[7]-=- that requires O(k) exponentiations in order to evaluate a polynomial of degree k (where the `O' coe±cient is very small). This is important as we work with low-degree polynomials. Following are the b... |

24 |
Ecient generation of shared RSA keys
- Boneh, Franklin
(Show Context)
Citation Context ...f small circuits with small inputs can be practical using the [21] protocol.1 There is a major di®erence between the protocol described in this paper and other examples of multi-party protocols (e.g. =-=[3, 11, 6]-=-). While previous protocols were e±cient (polynomial) in the size of their inputs, this property does not su±ce for data mining applications, as the input consists of huge databases. In the protocol p... |

18 | Efficient Oblivious Transfer - Naor, Pinkas - 2001 |

2 |
Comparing Information Without Leaking It, Communications of the ACM, vol 39
- Fagin, Naor, et al.
- 1996
(Show Context)
Citation Context ...ontinue growing the tree from the current point). The equality check can be executed in one of two ways: (1) Using the \comparing information without leaking it" protocols of Fagin, Naor, and Winkler =-=[9]-=-. This solution requires the execution of log(`+1) oblivious transfers. (2) Using a protocol suggested in [16] and which involves the oblivious evaluation of linear polynomials. The overhead of this s... |

1 |
Secure Multiparty Computation of Approximations, manuscript
- Feigenbaum, Fong, et al.
- 2000
(Show Context)
Citation Context ...nt information is revealed (intuitively though, no \more" information is revealed)3. The problem of secure distributed computation of approximations was introduced and discussed by Feigenbaum et. al. =-=[10]-=-. Their main motivation is a scenario in which the computation of an approximation to a function f might be considerably more e±cient than the computation of f itself. The security definition requires... |

1 |
E±cient Oblivious Transfer Protocols, manuscript
- Naor, Pinkas
- 2000
(Show Context)
Citation Context ... the protocol the receiver should learn X and no other information, and the sender should learn nothing. Very attractive non-interactive OT 21 protocols were presented in [1]. More recent results in =-=[17]-=- reduce the amortized overhead of OT 21 , and describe non-interactive OT 21 of strings whose security is not based on the \random oracle" assumption. Oblivious transfer protocols can be greatly simpl... |

1 |
Induction of Decision Trees.Machine Learning 1(1
- Quinlan
(Show Context)
Citation Context ...is rather simplistic and very brief and we refer the reader to Mitchell [15] for an indepth treatment of the subject. The ID3 algorithm for generating decision trees was ¯rst introduced by Quinlan in =-=[19]-=- and has since become a very popular learning tool. The aim of a classi¯cation problem is to classify transactions into one of a discrete set of possible categories. The input is a structured database... |