Results 1  10
of
291,252
ZeroKnowledge Using Garbled Circuits or How To Prove NonAlgebraic Statements Efficiently
"... Abstract. Zeroknowledge protocols are one of the fundamental concepts in modern cryptography and have countless applications. However, after more than 30 years from their introduction, there are only very few languages (essentially those with a group structure) for which we can construct zeroknowl ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
protocols that are efficient enough to be used in practice. In this paper we address the problem of how to construct efficient zeroknowledge protocols for generic languages and we propose a protocol based on Yao’s garbled circuit technique. The motivation for our work is that in many cryptographic
On the Composition of ZeroKnowledge Proof Systems
 SIAM Journal on Computing
, 1990
"... : The wide applicability of zeroknowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zeroknowledge protocols is zeroknowledge too. We ..."
Abstract

Cited by 214 (15 self)
 Add to MetaCart
: The wide applicability of zeroknowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zeroknowledge protocols is zeroknowledge too
Noninteractive ZeroKnowledge
 SIAM J. COMPUTING
, 1991
"... This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which ..."
Abstract

Cited by 216 (19 self)
 Add to MetaCart
for which no efficient algorithm is known. If deciding quadratic residuosity (modulo composite integers whose factorization is not known) is computationally hard, it is shown that the NPcomplete language of satisfiability also possesses noninteractive zeroknowledge proofs.
Concurrent ZeroKnowledge
 IN 30TH STOC
, 1999
"... Concurrent executions of a zeroknowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zeroknowledge in toto. In this paper, we study the problem of maintaining zeroknowledge We introduce the notion of an (; ) timing constraint: for any two proces ..."
Abstract

Cited by 177 (18 self)
 Add to MetaCart
interactive proofs and perfect concurrent zeroknowledge arguments for every language in NP . We also address the more specific problem of Deniable Authentication, for which we propose several particularly efficient solutions. Deniable Authentication is of independent interest, even in the sequential case
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1643 (75 self)
 Add to MetaCart
encryption, signatures, and zeroknowledge proofs.
Proving in ZeroKnowledge that a Number is the Product of Two Safe Primes
, 1998
"... This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime. ..."
Abstract

Cited by 142 (15 self)
 Add to MetaCart
This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime.
SIS: A System for Sequential Circuit Synthesis
, 1992
"... SIS is an interactive tool for synthesis and optimization of sequential circuits. Given a state transition table, a signal transition graph, or a logiclevel description of a sequential circuit, it produces an optimized netlist in the target technology while preserving the sequential inputoutput b ..."
Abstract

Cited by 514 (41 self)
 Add to MetaCart
SIS is an interactive tool for synthesis and optimization of sequential circuits. Given a state transition table, a signal transition graph, or a logiclevel description of a sequential circuit, it produces an optimized netlist in the target technology while preserving the sequential input
An Efficient Boosting Algorithm for Combining Preferences
, 1999
"... The problem of combining preferences arises in several applications, such as combining the results of different search engines. This work describes an efficient algorithm for combining multiple preferences. We first give a formal framework for the problem. We then describe and analyze a new boosting ..."
Abstract

Cited by 707 (18 self)
 Add to MetaCart
boosting algorithm for combining preferences called RankBoost. We also describe an efficient implementation of the algorithm for certain natural cases. We discuss two experiments we carried out to assess the performance of RankBoost. In the first experiment, we used the algorithm to combine different WWW
How bad is selfish routing?
 JOURNAL OF THE ACM
, 2002
"... We consider the problem of routing traffic to optimize the performance of a congested network. We are given a network, a rate of traffic between each pair of nodes, and a latency function for each edge specifying the time needed to traverse the edge given its congestion; the objective is to route t ..."
Abstract

Cited by 678 (27 self)
 Add to MetaCart
. In this article, we quantify the degradation in network performance due to unregulated traffic. We prove that if the latency of each edge is a linear function of its congestion, then the total latency of the routes chosen by selfish network users is at most 4/3 times the minimum possible total latency (subject
On Efficient ZeroKnowledge PCPs
"... Abstract. We revisit the question of ZeroKnowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC ’97). A ZKPCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al. obtai ..."
Abstract
 Add to MetaCart
. The existence of ZKPCPs for NP with efficient oracles and arbitrary polynomialtime malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamperproof hardware tokens: an efficient ZKPCP (for any language) is equivalent to a statistical zeroknowledge
Results 1  10
of
291,252