Results 1  10
of
11
Roundoptimal and efficient verifiable secret sharing
 In Proc. 3rd Theory of Cryptography Conference (TCC’06), Lecture Notes in Computer Science
, 2006
"... Abstract. We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that no t of them obtain any information, but any t + 1 players obtain full informat ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
Abstract. We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that no t of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed in the sharing phase. Gennaro, Ishai, Kushilevitz and Rabin showed that three rounds are necessary and sufficient when n> 3t. Sufficiency, however, was only demonstrated by means of an inefficient (i.e., exponentialtime) protocol, and the construction of an efficient threeround protocol was left as an open problem. In this paper, we present an efficient threeround protocol for VSS. The solution is based on a threeround solution of socalled weak verifiable secret sharing (WSS), for which we also prove that three rounds is a lower bound. Furthermore, we also demonstrate that one round is sufficient for WSS when n> 4t, and that VSS can be achieved in 1 + ε amortized rounds (for any ε> 0) when n> 3t. 1
Almosteverywhere Secure Computation
, 2008
"... Secure multiparty computation (MPC) is a central problem in cryptography. Unfortunately, it is well known that MPC is possible if and only if the underlying communication network has very large connectivity — in fact, Ω(t), where t is the number of potential corruptions in the network. This impossi ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
Secure multiparty computation (MPC) is a central problem in cryptography. Unfortunately, it is well known that MPC is possible if and only if the underlying communication network has very large connectivity — in fact, Ω(t), where t is the number of potential corruptions in the network. This impossibility result renders existing MPC results far less applicable in practice, since many deployed networks have in fact a very small degree. In this paper, we show how to circumvent this impossibility result and achieve meaningful security guarantees for graphs with small degree (such as expander graphs and several other topologies). In fact, the notion we introduce, which we call almosteverywhere MPC, building on the notion of almosteverywhere agreement due to Dwork, Peleg, Pippenger and Upfal, allows the degree of the network to be much smaller than the total number of allowed corruptions. In essence, our definition allows the adversary to implicitly wiretap some of the good nodes by corrupting sufficiently many nodes in the “neighborhood ” of those nodes. We show protocols that satisfy our new definition, retaining both correctness and privacy for most nodes despite small connectivity, no matter how the adversary chooses his corruptions. Instrumental in our constructions is a new model and protocol for the secure message transmission (SMT) problem, which we call SMT by public discussion, and which we use for the establishment of pairwise secure channels in limited connectivity networks.
Enabling MultiLevel Trust in Privacy Preserving Data Mining
, 2008
"... personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires pri ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. 1
Injecting heterogeneity through protocol randomization
 0. We obtain Ui = M − c . Because c− bc � � pL = bc b − pL
, 2007
"... In this paper, we argue that heterogeneity should be an important principle in design and use of cryptographic protocols. We use automated formal analysis tools to randomly generate security protocols as a method of introducing heterogeneity. We present the results of simulations for the case of two ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper, we argue that heterogeneity should be an important principle in design and use of cryptographic protocols. We use automated formal analysis tools to randomly generate security protocols as a method of introducing heterogeneity. We present the results of simulations for the case of two party authentication protocols and argue that choosing protocols randomly out of sets numbering in the hundreds of millions is practical and achievable with an acceptable overhead. To realize the simulation, we implemented a highly efficient protocol verifier, achieving approximately two orders of magnitude improvement in performance compared to previous work.
Chennai,Tamilnadu,
"... Confidentiality of data or resources is of primary importance in Privacy Preserving Data Mining (PPDM) Systems. The research work presented through this paper discusses the PPDM model in which the privacy of data transacted amongst the various Data Custodians involved is highlighted. The data availa ..."
Abstract
 Add to MetaCart
(Show Context)
Confidentiality of data or resources is of primary importance in Privacy Preserving Data Mining (PPDM) Systems. The research work presented through this paper discusses the PPDM model in which the privacy of data transacted amongst the various Data Custodians involved is highlighted. The data available with each data custodian is assumed to be horizontally portioned. The proposed model considers the C5.0 algorithm for data mining and classification rule generation due to its advances and classification accuracy over its predecessors. Privacy of the data transacted or secure multiparty computation is achieved by using the commutative RSA cryptography scheme. The proposed model is compared with the existing secure group communication techniques like Secure Lock and Asynchronous Control Polynomial in terms of computational efficiency. Furthermore the privacy preserving feature of the proposed scheme is proved in terms of the computational indistinguishablity of the data transacted amongst the varied data custodians involved discussed in the paper.
An Examination of Asserted PKI Issues and Proposed Alternatives
, 2004
"... Since the 1980s, publickey infrastructures (PKIs) have been widely anticipated as a primary means to make entities ’ keys available to others in a trusted fashion, thereby enabling a qualitative improvement in the protection and assurance of communications and transactions carried out over the Inte ..."
Abstract
 Add to MetaCart
(Show Context)
Since the 1980s, publickey infrastructures (PKIs) have been widely anticipated as a primary means to make entities ’ keys available to others in a trusted fashion, thereby enabling a qualitative improvement in the protection and assurance of communications and transactions carried out over the Internet. Certificatebased authentication has become
Abstract
"... Secure multiparty computation (MPC) is a central problem in cryptography. Unfortunately, it is well known that MPC is possible if and only if the underlying communication network has very large connectivity—specifically, ¢¤£¦¥¨ § , where ¥ is the number of potential corruptions in the network. This ..."
Abstract
 Add to MetaCart
(Show Context)
Secure multiparty computation (MPC) is a central problem in cryptography. Unfortunately, it is well known that MPC is possible if and only if the underlying communication network has very large connectivity—specifically, ¢¤£¦¥¨ § , where ¥ is the number of potential corruptions in the network. This impossibility result renders existing MPC results far less applicable in practice, since most deployed networks have in fact a very small degree. In this paper, we show how to circumvent this impossibility result and achieve meaningful security guarantees for graphs with small degree (such as expander graphs and several other topologies). In fact, the notion we introduce, which we call almosteverywhere MPC, building on the notion of almosteverywhere agreement due to Dwork, Peleg, Pippenger and Upfal, allows the degree of the network to be much smaller than the total number of allowed corruptions. In essence, our definition allows the adversary to implicitly wiretap some of the good nodes by corrupting sufficiently many nodes in the “neighborhood ” of those nodes. We show protocols that satisfy our new definition, retaining both correctness and privacy for most nodes despite small connectivity, no matter how the adversary chooses his corruptions. Instrumental in our constructions is a new model and protocol for the secure message transmission (SMT) problem, which we call SMT by public discussion, and which we use for the establishment of pairwise secure channels in limited connectivity networks. Key words: Secure multiparty computation, almosteverywhere agreement, secure message transmission, expander graphs, boundeddegree networks. 1
Chapter 3 PRIVATE MATCHING
"... Abstract Consider two organizations that wish to privately match data. They want to find common data elements (or perform a join) over two databases without revealing private information. This was the premise of a recent paper by Agrawal, Evfimievski, and Srikant. We show that Agrawal et al. only ex ..."
Abstract
 Add to MetaCart
Abstract Consider two organizations that wish to privately match data. They want to find common data elements (or perform a join) over two databases without revealing private information. This was the premise of a recent paper by Agrawal, Evfimievski, and Srikant. We show that Agrawal et al. only examined one point in a much larger problem set and we critique their results. We set the problem in a broader context by considering three independent design criteria and two independent threat model factors, for a total of five orthogonal dimensions of analysis. Novel contributions include a taxonomy of design criteria for private matching, a secure data ownership certificate that can attest to the proper ownership of data in a database, a set of new private matching protocols for a variety of different scenarios together with a full security analysis. We conclude with a list of open problems in the area. 1.
PRIVATE BIDDING FOR MOBILE AGENTS
"... able to spy on the agents ’ code and private data. By combining MultiParty Computation with ElGamal publickey encryption system we are able to create a protocol capable of letting two agents have a private bidding within an HonestbutCurious environment only with the help of an Oblivious Third Par ..."
Abstract
 Add to MetaCart
(Show Context)
able to spy on the agents ’ code and private data. By combining MultiParty Computation with ElGamal publickey encryption system we are able to create a protocol capable of letting two agents have a private bidding within an HonestbutCurious environment only with the help of an Oblivious Third Party. The Oblivious party is able to compare two encrypted inputs without being able to retrieve any information about the inputs. 1
DATA
"... Abstract—Privacy Preserving Data Mining (PPDM) addresses the problem of developing accurate models about aggregated data without access to precise information in individual data record. A widely studied perturbationbased PPDM approach introduces random perturbation to individual values to preserve ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Privacy Preserving Data Mining (PPDM) addresses the problem of developing accurate models about aggregated data without access to precise information in individual data record. A widely studied perturbationbased PPDM approach introduces random perturbation to individual values to preserve privacy before data are published. Previous solutions of this approach are limited in their tacit assumption of singlelevel trust on data miners. In this work, we relax this assumption and expand the scope of perturbationbased PPDM to Multilevel Trust (MLTPPDM). In our setting, the more trusted a data miner is, the less perturbed copy of the data it can access. Under this setting, a malicious data miner may have access to differently perturbed copies of the same data through various means, and may combine these diverse copies to jointly infer additional information about the original data that the data owner does not intend to release. Preventing such diversity attacks is the key challenge of providing MLTPPDM services. We address this challenge by properly correlating perturbation across copies at different trust levels. We prove that our solution is robust against diversity attacks with respect to our privacy goal. That is, for data miners who have access to an arbitrary collection of the perturbed copies, our solution prevent them from jointly reconstructing the original data more accurately than the best effort using any individual copy in the collection. Our solution allows a data owner to generate perturbed copies of its data for arbitrary trust levels ondemand. This feature offers data owners maximum flexibility. Index Terms—Privacy preserving data mining, multilevel trust, random perturbation. Ç