Results 1  10
of
256
SIA: Secure Information Aggregation in Sensor Networks
, 2003
"... Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor networks faces many challenges imposed by realworld demands. Sensor nodes often have limited computation and communication resources and battery power. Moreover, in many applications se ..."
Abstract

Cited by 253 (13 self)
 Add to MetaCart
(Show Context)
Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor networks faces many challenges imposed by realworld demands. Sensor nodes often have limited computation and communication resources and battery power. Moreover, in many applications sensors are deployed in open environments, and hence are vulnerable to physical attacks, potentially compromising the sensor's cryptographic keys. One of the basic and indispensable functionalities of sensor networks is the ability to answer queries over the data acquired by the sensors. The resource constraints and security issues make designing mechanisms for information aggregation in large sensor networks particularly challenging.
Fully Homomorphic Encryption over the Integers
, 2009
"... We construct a simple fully homomorphic encryption scheme, using only elementary modular arithmetic. We use Gentry’s technique to construct fully homomorphic scheme from a “bootstrappable” somewhat homomorphic scheme. However, instead of using ideal lattices over a polynomial ring, our bootstrappabl ..."
Abstract

Cited by 141 (10 self)
 Add to MetaCart
We construct a simple fully homomorphic encryption scheme, using only elementary modular arithmetic. We use Gentry’s technique to construct fully homomorphic scheme from a “bootstrappable” somewhat homomorphic scheme. However, instead of using ideal lattices over a polynomial ring, our bootstrappable encryption scheme merely uses addition and multiplication over the integers. The main appeal of our scheme is the conceptual simplicity. We reduce the security of our scheme to finding an approximate integer gcd – i.e., given a list of integers that are nearmultiples of a hidden integer, output that hidden integer. We investigate the hardness of this task, building on earlier work of HowgraveGraham.
Protecting Data Privacy in Private Information Retrieval Schemes
 JCSS
"... Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for suc ..."
Abstract

Cited by 133 (21 self)
 Add to MetaCart
(Show Context)
Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity.
Priced Oblivious Transfer: How to Sell Digital Goods
 In Birgit Pfitzmann, editor, Advances in Cryptology — EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science
, 2001
"... Abstract. We consider the question of protecting the privacy of customers buying digital goods. More specifically, our goal is to allow a buyer to purchase digital goods from a vendor without letting the vendor learn what, and to the extent possible also when and how much, it is buying. We propose s ..."
Abstract

Cited by 125 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the question of protecting the privacy of customers buying digital goods. More specifically, our goal is to allow a buyer to purchase digital goods from a vendor without letting the vendor learn what, and to the extent possible also when and how much, it is buying. We propose solutions which allow the buyer, after making an initial deposit, to engage in an unlimited number of priced oblivioustransfer protocols, satisfying the following requirements: As long as the buyer’s balance contains sufficient funds, it will successfully retrieve the selected item and its balance will be debited by the item’s price. However, the buyer should be unable to retrieve an item whose cost exceeds its remaining balance. The vendor should learn nothing except what must inevitably be learned, namely, the amount of interaction and the initial deposit amount (which imply upper bounds on the quantity and total price of all information obtained by the buyer). In particular, the vendor should be unable to learn what the buyer’s current balance is or when it actually runs out of its funds. The technical tools we develop, in the process of solving this problem, seem to be of independent interest. In particular, we present the first oneround (twopass) protocol for oblivious transfer that does not rely on the random oracle model (a very similar protocol was independently proposed by Naor and Pinkas [21]). This protocol is a special case of a more general “conditional disclosure ” methodology, which extends a previous approach from [11] and adapts it to the 2party setting. 1
Efficient Fully Homomorphic Encryption from (Standard) LWE
 LWE, FOCS 2011, IEEE 52ND ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE, IEEE
, 2011
"... We present a fully homomorphic encryption scheme that is based solely on the (standard) learning with errors (LWE) assumption. Applying known results on LWE, the security of our scheme is based on the worstcase hardness of “short vector problems ” on arbitrary lattices. Our construction improves on ..."
Abstract

Cited by 120 (6 self)
 Add to MetaCart
(Show Context)
We present a fully homomorphic encryption scheme that is based solely on the (standard) learning with errors (LWE) assumption. Applying known results on LWE, the security of our scheme is based on the worstcase hardness of “short vector problems ” on arbitrary lattices. Our construction improves on previous works in two aspects: 1. We show that “somewhat homomorphic” encryption can be based on LWE, using a new relinearization technique. In contrast, all previous schemes relied on complexity assumptions related to ideals in various rings. 2. We deviate from the “squashing paradigm” used in all previous works. We introduce a new dimensionmodulus reduction technique, which shortens the ciphertexts and reduces the decryption complexity of our scheme, without introducing additional assumptions. Our scheme has very short ciphertexts and we therefore use it to construct an asymptotically efficient LWEbased singleserver private information retrieval (PIR) protocol. The communication complexity of our protocol (in the publickey model) is k · polylog(k) + log DB  bits per singlebit query (here, k is a security parameter).
Secure MultiParty Computation Problems and Their Applications: A Review And Open Problems
 In New Security Paradigms Workshop
, 2001
"... The growth of the Internet has triggered tremendous opportunities for cooperative computation, where people are jointly conducting computation tasks based on the private inputs they each supplies. These computations could occur between mutually untrusted parties, or even between competitors. For exa ..."
Abstract

Cited by 117 (1 self)
 Add to MetaCart
(Show Context)
The growth of the Internet has triggered tremendous opportunities for cooperative computation, where people are jointly conducting computation tasks based on the private inputs they each supplies. These computations could occur between mutually untrusted parties, or even between competitors. For example, customers might send to a remote database queries that contain private information; two competing financial organizations might jointly invest in a project that must satisfy both organizations' private and valuable constraints, and so on. Today, to conduct such computations, one entity must usually know the inputs from all the participants; however if nobody can be trusted enough to know all the inputs, privacy will become a primary concern. This problem is referred to as Secure Multiparty Computation Problem (SMC) in the literature. Research in the SMC area has been focusing on only a limited set of specific SMC problems, while privacy concerned cooperative computations call for SMC studies in a variety of computation domains. Before we can study the problems, we need to identify and define the specific SMC problems for those computation domains. We have developed a frame to facilitate this problemdiscovery task. Based on our framework, we have identified and defined a number of new SMC problems for a spectrum of computation domains. Those problems include privacypreserving database query, privacypreserving scientific computations, privacypreserving intrusion detection, privacypreserving statistical analysis, privacypreserving geometric computations, and privacypreserving data mining. The goal of this paper is not only to present our results, but also to serve as a guideline so other people can identify useful SMC problems in their own computation domains.
Delegating computation: interactive proofs for muggles
 In Proceedings of the ACM Symposium on the Theory of Computing (STOC
, 2008
"... In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a “muggle”. 1 The verifier should be superefficient and run in nearlylinear time. These proof systems can be used for delegating computation: a se ..."
Abstract

Cited by 113 (6 self)
 Add to MetaCart
(Show Context)
In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a “muggle”. 1 The verifier should be superefficient and run in nearlylinear time. These proof systems can be used for delegating computation: a server can run a computation for a client and interactively prove the correctness of the result. The client can verify the result’s correctness in nearlylinear time (instead of running the entire computation itself). Previously, related questions were considered in the Holographic Proof setting by Babai, Fortnow, Levin and Szegedy, in the argument setting under computational assumptions by Kilian, and in the random oracle model by Micali. Our focus, however, is on the original interactive proof model where no assumptions are made on the computational power or adaptiveness of dishonest provers. Our main technical theorem gives a public coin interactive proof for any language computable by a logspace uniform boolean circuit with depth d and input length n. The verifier runs in time (n+d)·polylog(n) and space O(log(n)), the communication complexity is d · polylog(n), and the prover runs in time poly(n). In particular, for languages computable by logspace uniform N C (circuits of polylog(n) depth), the prover is efficient, the verifier runs in time n · polylog(n) and space O(log(n)), and the communication complexity is polylog(n).
Efficient Private Bidding and Auctions with an Oblivious Third Party
 In Proceedings of the 6th ACM conference on Computer and communications security
, 1999
"... We describe a novel and efficient protocol for the following problem: A wants to buy some good from B if the price is less than a. B would like to sell, but only for more than b, and neither of them wants to reveal the secret bounds. Will the deal take place? Our solution uses an oblivious third ..."
Abstract

Cited by 110 (1 self)
 Add to MetaCart
(Show Context)
We describe a novel and efficient protocol for the following problem: A wants to buy some good from B if the price is less than a. B would like to sell, but only for more than b, and neither of them wants to reveal the secret bounds. Will the deal take place? Our solution uses an oblivious third party T who learns no information about a or b, not even whether a ? b. The protocol needs only a single round of interaction, ensures fairness, and is not based on general circuit evaluation techniques. It uses a novel construction, which combines homomorphic encryption with the \Phihiding assumption and which may be of independent interest. Applications include bargaining between two parties and secure and efficient auctions in the absence of a fully trusted auction service.