Results 1 
2 of
2
Limits of random oracles in secure computation
 CoRR
"... The seminal result of Impagliazzo and Rudich (STOC 1989) gave a blackbox separation between oneway functions and publickey encryption: informally, a publickey encryption scheme cannot be constructed using oneway functions as the sole source of computational hardness. In addition, this implied a ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
The seminal result of Impagliazzo and Rudich (STOC 1989) gave a blackbox separation between oneway functions and publickey encryption: informally, a publickey encryption scheme cannot be constructed using oneway functions as the sole source of computational hardness. In addition, this implied a blackbox separation between oneway functions and protocols for certain Secure Function Evaluation (SFE) functionalities (in particular, Oblivious Transfer). Surprisingly, however, since then there has been no further progress in separating oneway functions and SFE functionalities (though several other blackbox separation results were shown). In this work, we present the complete picture for deterministic 2party SFE functionalities. We show that oneway functions are blackbox separated from all such SFE functionalities, except the ones which have unconditionally secure protocols (and hence do not rely on any computational hardness), when secure computation against semihonest adversaries is considered. In the case of security against active adversaries, a blackbox oneway function is indeed useful for SFE, but we show that it is useful only as much as access to an ideal commitment functionality is useful. Technically, our main result establishes the limitations of random oracles for secure computation.
On the Impossibility of SenderDeniable Public Key Encryption
"... Abstract. The primitive of deniable encryption was first introduced by Canetti et al. (CRYPTO, 1997). Deniable encryption is a regular public key encryption scheme with the added feature that after running the protocol honestly and transmitting a message m, both Sender and Receiver may produce rando ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The primitive of deniable encryption was first introduced by Canetti et al. (CRYPTO, 1997). Deniable encryption is a regular public key encryption scheme with the added feature that after running the protocol honestly and transmitting a message m, both Sender and Receiver may produce random coins showing that the transmitted ciphertext was an encryption of any message m ′ in the message space. Deniable encryption is a key tool for constructing incoercible protocols, since it allows a party to send one message and later provide apparent evidence to a coercer that a different message was sent. In addition, deniable encryption may be used to obtain adaptivelysecure multiparty computation (MPC) protocols and is secure under selectiveopening attacks. Different flavors such as senderdeniable and receiverdeniable encryption, where only the Sender or Receiver can produce fake random coins, have been considered. Recently, several open questions regarding the feasibility of deniable encryption have been resolved (c.f. (O’Neill et al., CRYPTO, 2011), (Bendlin et al., ASIACRYPT, 2011)). A fundamental remaining open question is whether it is possible to construct senderdeniable Encryption Schemes with superpolynomial security, where an adversary has negligible advantage in distinguishing real and fake openings. The primitive of simulatable public key encryption (PKE), introduced by Damg˚ard and Nielsen (CRYPTO, 2000), is a public key encryption scheme with additional properties that allow oblivious sampling of public keys and