Results 11  20
of
44
RoundOptimal Secure TwoParty Computation
 In CRYPTO 2004
, 2004
"... We consider the central cryptographic task of secure twoparty computation: two parties wish to compute some function of their private inputs (each receiving possibly di#erent outputs) where security should hold with respect to arbitrarilymalicious behavior of either of the participants. Despit ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
We consider the central cryptographic task of secure twoparty computation: two parties wish to compute some function of their private inputs (each receiving possibly di#erent outputs) where security should hold with respect to arbitrarilymalicious behavior of either of the participants. Despite extensive research in this area, the exact roundcomplexity of this fundamental problem (i.e., the number of rounds required to compute an arbitrary polytime functionality) was not previously known.
Concurrent ZeroKnowledge With Timing, Revisited
, 2002
"... Following Dwork, Naor, and Sahai (30th STOC, 1998), we consider concurrent execution of protocols in a semisynchronized network. Specifically, we assume that each party holds a local clock such that a constant bound on the relative rates of these clocks is apriori known, and consider protocols tha ..."
Abstract

Cited by 33 (0 self)
 Add to MetaCart
Following Dwork, Naor, and Sahai (30th STOC, 1998), we consider concurrent execution of protocols in a semisynchronized network. Specifically, we assume that each party holds a local clock such that a constant bound on the relative rates of these clocks is apriori known, and consider protocols that employ timedriven operations (i.e., timeout incoming messages and delay outgoing messages). We show that the constantround zeroknowledge proof for N P of Goldreich and Kahan (Jour. of Crypto., 1996) preserves its security when polynomiallymany independent copies are executed concurrently under the above timing model. We stress that our main result establishes zeroknowledge of interactive proofs, whereas the results of Dwork et. al. are either for zeroknowledge arguments or for a weak notion of zeroknowledge (called fflknowledge) proofs.
Roundoptimal zeroknowledge arguments based on any oneway function
 In Proc. Eurocrypt ’97
, 1997
"... ..."
Randomness, Interactive Proofs and . . .
 APPEARS IN THE UNIVERSAL TURING MACHINE: A HALFCENTURY SURVEY, R. HERKEN ED.
, 1987
"... Recent approaches to the notions of randomness and proofs are surveyed. The new notions differ from the traditional ones in being subjective to the capabilities of the observer rather than reflecting "ideal " entities. The new notion of randomness regards probability distributions as equal ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
(Show Context)
Recent approaches to the notions of randomness and proofs are surveyed. The new notions differ from the traditional ones in being subjective to the capabilities of the observer rather than reflecting "ideal " entities. The new notion of randomness regards probability distributions as equal if they cannot be told apart by efficient procedures. This notion is constructive and is suited for many applications. The new notion of a proof allows the introduction of the notion of zeroknowledge proofs: convincing arguments which yield nothing but the validity of the assertion. The new approaches to randomness and proofs are based on basic concepts and results from the theory of resourcebounded computation. In order to make the survey as accessible as possible, we have presented elements of the theory of resource bounded computation (but only to the extent required for the description of the new approaches). This survey is not intended to provide an account of the more traditional approaches to randomness (e.g. Kolmogorov Complexity) and proofs (i.e. traditional logic systems). Whenever these approaches are described it is only in order to confront them with the new approaches.
OneWay Functions, Hard on Average Problems, and Statistical ZeroKnowledge Proofs (Extended Abstract)
 IN PROCEEDINGS OF THE 6TH ANNUAL STRUCTURE IN COMPLEXITY THEORY CONFERENCE
, 1991
"... In this paper, we study connections among oneway functions, hard on the average problems, and statistical zeroknowledge proofs. In particular, we show how these three notions are related and how the third notion can be better characterized, assuming the first one. ..."
Abstract

Cited by 29 (9 self)
 Add to MetaCart
(Show Context)
In this paper, we study connections among oneway functions, hard on the average problems, and statistical zeroknowledge proofs. In particular, we show how these three notions are related and how the third notion can be better characterized, assuming the first one.
Certifying Permutations: NonInteractive ZeroKnowledge Based on any Trapdoor Permutation
 Journal of Cryptology
, 1996
"... In cryptographic protocols it is often necessary to verify/certify the \tools " in use. This work demonstrates certain subtleties in treating a family of trapdoor permutations in this context, noting the necessity to\check " certain properties of these functions. The particular cas ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
(Show Context)
In cryptographic protocols it is often necessary to verify/certify the \tools &quot; in use. This work demonstrates certain subtleties in treating a family of trapdoor permutations in this context, noting the necessity to\check &quot; certain properties of these functions. The particular case we illustrate is that of noninteractive zeroknowledge. We point out that the elegant recent protocol of Feige, Lapidot and Shamir for proving NP statements in noninteractive zeroknowledge requires an additional certi cation of the underlying trapdoor permutation, and suggest a method for certifying permutations which lls this gap.
On the Knowledge Complexity of ...
 In 37th FOCS
, 1996
"... We show that if a language has an interactive proof of logarithmic statistical knowledgecomplexity, then it belongs to the class AM \ co AM. Thus, if the polynomial time hierarchy does not collapse, then NPcomplete languages do not have logarithmic knowledge complexity. Prior to this work, ther ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
We show that if a language has an interactive proof of logarithmic statistical knowledgecomplexity, then it belongs to the class AM \ co AM. Thus, if the polynomial time hierarchy does not collapse, then NPcomplete languages do not have logarithmic knowledge complexity. Prior to this work, there was no indication that would contradict NP languages being proven with even one bit of knowledge. Our result is a common generalization of two previous results: The rst asserts that statistical zero knowledge is contained in AM \ co AM [F89, AH91], while the second asserts that the languages recognizable in logarithmic statistical knowledge complexity are in BPP NP [GOP94]. Next, we consider the relation between the error probability and the knowledge complexity of an interactive proof. Note that reducing the error probability via repetition is not free: it may increase the knowledge complexity. We show that if the negligible error probability (n) is less than 2 3k(n) (where k(n) is the knowledge complexity) then the language proven is in the third level of the polynomial time hierarchy (specically, it is in AM NP . In the standard setting of negligible error probability, there exist PSPACEcomplete languages which have sublinear knowledge complexity. However, if we insist, for example, that the error probability is less than 2 n 2 , then PSPACEcomplete languages do not have subquadratic knowledge complexity, unless PSPACE= P 3 . In order to prove our main result, we develop an AM protocol for checking that a samplable distribution D has a given entropy h. For any fractions ; , the verier runs in time polynomial in 1= and log(1=) and fails with probability at most to detect an additive error in the entropy. We believe that this ...
Uniform Generation of NPwitnesses using an NPoracle
 Information and Computation
, 1997
"... A Uniform Generation procedure for NP is an algorithm which given any input in a fixed NPlanguage, outputs a uniformly distributed NPwitness for membership of the input in the language. We present a Uniform Generation procedure for NP that runs in probabilistic polynomialtime with an NPoracle. T ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
(Show Context)
A Uniform Generation procedure for NP is an algorithm which given any input in a fixed NPlanguage, outputs a uniformly distributed NPwitness for membership of the input in the language. We present a Uniform Generation procedure for NP that runs in probabilistic polynomialtime with an NPoracle. This improves upon results of Jerrum, Valiant and Vazirani, which either require a \Sigma P 2 oracle or obtain only almost uniform generation. Our procedure utilizes ideas originating in the works of Sipser, Stockmeyer, and Jerrum, Valiant and Vazirani. Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. EMail: mihir@cs.ucsd.edu. URL: http://wwwcse.ucsd.edu/users/mihir. Supported in part by NSF CAREER Award CCR9624439 and a 1996 Packard Foundation Fellowship in Science and Engineering. y Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, Israel. EMail: oded@wis...
Making ZeroKnowledge Provers Efficient
 Proceedings of the 24th Annual Symposium on the Theory of Computing, ACM
, 1995
"... We look at the question of how powerful a prover must be to give a zeroknowledge proof. We present the first unconditional bounds on the complexity of a statistical ZK prover. The result is that if a language possesses a statistical zeroknowledge then it also possesses a statistical zeroknowledge ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
(Show Context)
We look at the question of how powerful a prover must be to give a zeroknowledge proof. We present the first unconditional bounds on the complexity of a statistical ZK prover. The result is that if a language possesses a statistical zeroknowledge then it also possesses a statistical zeroknowledge proof in which the prover runs in probabilistic, polynomial time with an NP oracle. Previously this was only known given the existence of oneway permutations. Extending these techniques to protocols of knowledge complexity k(n) ? 0, we derive bounds on the time complexity of languages of "small" knowledge complexity. Underlying these results is a technique for efficiently generating an "almost" random element of a set S 2 NP. Specifically, we construct a probabilistic machine with an NP oracle which, on input 1 n and ffi ? 0 runs in time polynomial in n and lg ffi \Gamma1 , and outputs a random string from a distribution within distance ffi of the uniform distribution on S " f0; 1g n ...
Open Questions, Talk Abstracts, and Summary of Discussions
, 1991
"... s, and Summary of Discussions Joan Feigenbaum and Michael Merritt AT&T Bell Laboratories Murray Hill, NJ 07974 The DIMACS Workshop on Distributed Computing and Cryptography was held at the Nassau Inn in Princeton, New Jersey, on October 4, 5, and 6, 1989. Participants took a critical look at the ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
s, and Summary of Discussions Joan Feigenbaum and Michael Merritt AT&T Bell Laboratories Murray Hill, NJ 07974 The DIMACS Workshop on Distributed Computing and Cryptography was held at the Nassau Inn in Princeton, New Jersey, on October 4, 5, and 6, 1989. Participants took a critical look at the results, choice of problems, guiding philosophies, research methodology, and engineering projects that currently absorb much of the effort of people working in "cryptography" and "computer system security." This report summarizes both the formal presentations and the informal discussions that took place. Section 1 contains our account of the group discussions and statements of open questions, both general and specific, that we think are important. This report on the workshop is based on our recollections, our notes, and notes taken by the graduatestudent participants; we assume responsibility for any inaccuracies in our account. Section 2 contains abstracts of the talks presented at the worksh...