Results 1 
8 of
8
Oneway accumulators: A decentralized alternative to digital signatures
, 1993
"... Abstract. This paper describes a simple candidate oneway hash function which satisfies a quasicommutative property that allows it to be used aa an accumulator. This property allows protocols to be developed in which the need for a trusted central authority can be eliminated. Spaceefficient distr ..."
Abstract

Cited by 115 (0 self)
 Add to MetaCart
Abstract. This paper describes a simple candidate oneway hash function which satisfies a quasicommutative property that allows it to be used aa an accumulator. This property allows protocols to be developed in which the need for a trusted central authority can be eliminated. Spaceefficient distributed protocols are given for document time stamping and for membership testing, and many other applications are possible. 1
Roundefficient secure computation in pointtopoint networks
 In Advances in Cryptology — Eurocrypt ’07
, 2007
"... Abstract. Essentially all work studying the round complexity of secure computation assumes broadcast as an atomic primitive. Protocols constructed under this assumption tend to have very poor round complexity when compiled for a pointtopoint network due to the high overhead of emulating each invoc ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
Abstract. Essentially all work studying the round complexity of secure computation assumes broadcast as an atomic primitive. Protocols constructed under this assumption tend to have very poor round complexity when compiled for a pointtopoint network due to the high overhead of emulating each invocation of broadcast. This problem is compounded when broadcast is used in more than one round of the original protocol due to the complexity of handling sequential composition (when using roundefficient emulation of broadcast). We argue that if the goal is to optimize round complexity in pointtopoint networks, then it is preferable to design protocols — assuming a broadcast channel — minimizing the number of rounds in which broadcast is used rather than minimizing the total number of rounds. With this in mind, we present protocols for secure computation in a number of settings that use only a single round of broadcast. In all cases, we achieve optimal security threshold for adaptive adversaries, and obtain protocols whose round complexity (in a pointtopoint network) improves on prior work. 1
Improving the round complexity of VSS in pointtopoint networks
 In 35th International Colloquium on Automata, Languages and Programming (ICALP), volume 5126 of Lecture Notes in Computer Science
, 2008
"... We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t < n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. ( ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t < n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. Existing protocols, however, treat the broadcast channel as being available “for free ” and do not attempt to minimize its usage. This approach leads to relatively poor round complexity when such protocols are compiled to run over a pointtopoint network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also satisfies a certain “2level sharing ” property that makes it useful for constructing protocols for general secure computation. 1
ResilientOptimal Interactive Consistency in Constant Time
 Distributed Computing
, 2002
"... For a complete network of n processors within which communication lines are private, we show how to achieve concurrently many Byzantine Agreements within constant expected time both on synchronous and asynchronous networks. As an immediate consequence, this provides a solution to the Interactive Con ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
For a complete network of n processors within which communication lines are private, we show how to achieve concurrently many Byzantine Agreements within constant expected time both on synchronous and asynchronous networks. As an immediate consequence, this provides a solution to the Interactive Consistency problem. Our algorithms tolerate up to (n1)/3 faulty processors in both the synchronous and asynchronous cases and are therefore resilientoptimal.
Improving the round complexity of ’roundoptimal’ vss. Cryptology ePrint Archive, Report 2007/358
, 2007
"... We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfectlysecure VSS where the number of corrupted parties t satisfies t < n/3, with n being the total number of parties. Work of Gennaro et al. (STOC 2001) and ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfectlysecure VSS where the number of corrupted parties t satisfies t < n/3, with n being the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. The efficient 3round protocol of Fitzi et al., however, treats the broadcast channel as being available “for free ” and does not attempt to minimize its usage. As argued previously by the authors, this approach leads to poor round complexity when protocols are compiled for a pointtopoint network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also has a certain “2level sharing ” property that makes it useful for constructing protocols for general secure computation. 1
ABSTRACT Title of dissertation: STUDIES ON FAULTTOLERANT BROADCAST AND SECURE COMPUTATION
, 2007
"... In this dissertation, we consider the design of broadcast and secure multiparty computation (MPC) protocols in the presence of adversarial faults. Secure multiparty computation is the most generic problem in faulttolerant distributed computing. In principle, a multiparty computation protocol can ..."
Abstract
 Add to MetaCart
In this dissertation, we consider the design of broadcast and secure multiparty computation (MPC) protocols in the presence of adversarial faults. Secure multiparty computation is the most generic problem in faulttolerant distributed computing. In principle, a multiparty computation protocol can be used to solve any distributed cryptographic problem. Informally, the problem of multiparty computation is the following: suppose we have n parties P1, P2,..., Pn where each party Pi has a private input xi. Together, the parties want to compute a function of their inputs (y1, y2,...,yn) = f(x1, x2,...,xn). However, some parties can be corrupted and do not execute a prescribed protocol faithfully. Even worse, they may be controlled by an adversary and attack the protocol in a coordinated manner. Despite the presence of such an adversary, a secure MPC protocol should ensure that each (corrupted) party Pi learn only its output yi but nothing more. Broadcast in the presence of adversarial faults is one of the simplest special cases of multiparty computation and important component of larger protocols. In short, broadcast allows a party to send the same message to all parties, and all
How To Withstand Mobile Virus Attacks
 In Proceedings of the tenth annual ACM symposium on Principles of distributed computing
, 1991
"... Rafail Ostrovsky Moti Yung y Abstract We initiate a study of distributed adversarial model of computation in which faults are nonstationary and can move through the network, analogous to a spread of a virus or a worm. We show how local computations (at each processor) and global computations c ..."
Abstract
 Add to MetaCart
Rafail Ostrovsky Moti Yung y Abstract We initiate a study of distributed adversarial model of computation in which faults are nonstationary and can move through the network, analogous to a spread of a virus or a worm. We show how local computations (at each processor) and global computations can be made robust using a constant factor resilience and a polynomial factor redundancy in the computation. 1 Introduction Computer viruses pose one of the central problems in distributed computing today. In this work, we initiate the study of "mobile viruses" (or computer network viruses)  intruders which try to compromise or destroy the system. Our machine model is a synchronous distributed architecture in which a malicious, infinitelypowerful adversary injects/distributes computer viruses at a certain rate at every round. We assume that the detection (of infected sites) can proceed with the same rate as the infection. We note that in practice, this is indeed a reasonable assumption t...