Results 1 
6 of
6
The (True) Complexity of Statistical Zero Knowledge (Extended Abstract)
 Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, ACM
, 1990
"... ) Mihir Bellare Silvio Micali y Rafail Ostrovsky z MIT Laboratory for Computer Science 545 Technology Square Cambridge, MA 02139 Abstract Statistical zeroknowledge is a very strong privacy constraint which is not dependent on computational limitations. In this paper we show that given a comp ..."
Abstract

Cited by 40 (17 self)
 Add to MetaCart
) Mihir Bellare Silvio Micali y Rafail Ostrovsky z MIT Laboratory for Computer Science 545 Technology Square Cambridge, MA 02139 Abstract Statistical zeroknowledge is a very strong privacy constraint which is not dependent on computational limitations. In this paper we show that given a complexity assumption a much weaker condition suffices to attain statistical zeroknowledge. As a result we are able to simplify statistical zeroknowledge and to better characterize, on many counts, the class of languages that possess statistical zeroknowledge proofs. 1 Introduction An interactive proof involves two parties, a prover and a verifier, who talk back and forth. The prover, who is computationally unbounded, tries to convince the probabilistic polynomial time verifier that a given theorem is true. A zeroknowledge proof is an interactive proof with an additional privacy constraint: the verifier does not learn why the theorem is true [11]. That is, whatever the polynomialtime verif...
Fair Games Against an AllPowerful Adversary
 AMS DIMACS Series in Discrete Mathematics and Theoretical Computer Science
, 1991
"... Suppose that a weak (polynomial time) device needs to interact over a clear channel with a strong (infinitelypowerful) and untrustworthy adversarial device. Assuming the existence of oneway functions, during this interaction (game) the infinitelypowerful device can encrypt and (computationally) hi ..."
Abstract

Cited by 38 (14 self)
 Add to MetaCart
Suppose that a weak (polynomial time) device needs to interact over a clear channel with a strong (infinitelypowerful) and untrustworthy adversarial device. Assuming the existence of oneway functions, during this interaction (game) the infinitelypowerful device can encrypt and (computationally) hide information from the weak device. However, to keep the game fair, the weak player must hide information from the infinitelypowerful player in the informationtheoretic sense. Clearly, encryption in this case is useless, and other means must be used. In this paper, we show that under a general complexity assumption, this task is always possible to achieve. That is, we show that the weak player can play any polynomial length partialinformation game (or secure protocol) with the strong player using any oneway function; we achieve this by implementing oblivious transfer protocol in this model. We also establish related impossibility results concerning oblivious transfer. In the proof of ou...
OneWay Functions, Hard on Average Problems, and Statistical ZeroKnowledge Proofs (Extended Abstract)
 IN PROCEEDINGS OF THE 6TH ANNUAL STRUCTURE IN COMPLEXITY THEORY CONFERENCE
, 1991
"... In this paper, we study connections among oneway functions, hard on the average problems, and statistical zeroknowledge proofs. In particular, we show how these three notions are related and how the third notion can be better characterized, assuming the first one. ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
In this paper, we study connections among oneway functions, hard on the average problems, and statistical zeroknowledge proofs. In particular, we show how these three notions are related and how the third notion can be better characterized, assuming the first one.
Interactive Hashing Simplifies ZeroKnowledge Protocol Design (Extended Abstract)
 Proc. of EuroCrypt 93
, 1998
"... Often the core difficulty in designing zeroknowledge protocols arises from having to consider every possible cheating verifier trying to extract aAditional information. ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
Often the core difficulty in designing zeroknowledge protocols arises from having to consider every possible cheating verifier trying to extract aAditional information.
Theory and Application of Extractable Functions
, 2009
"... We propose a new cryptographic primitive, called extractable functions. An extractable function guarantees any machine that manages to output a point in the range of this function knows a corresponding preimage. Wecapture knowledgeofpreimage bywayofalgorithmicextraction. Weformulate twomainvariantso ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We propose a new cryptographic primitive, called extractable functions. An extractable function guarantees any machine that manages to output a point in the range of this function knows a corresponding preimage. Wecapture knowledgeofpreimage bywayofalgorithmicextraction. Weformulate twomainvariantsofextractability,namelynoninteractiveandinteractive. Thenoninteractive variant can be regarded as a generalization from speci c knowledge assumptions to a notion that is formulated in general computational terms. Indeed, we show how to realize it under several di erent assumptions. On the other hand, interactive extraction can be realized from certain perfectly oneway (POW) functions or veri able secretsharing (VSS) schemes. Wetheninitiateamoregeneralstudyofextractablefunctionaimedatunderstanding theconceptofextractabilityinofitself. Inparticularwedemonstratethataweaknotion of extraction implies a strong one, and make rigorous the intuition that extraction and obfuscation are complementary notions. We demonstrate the usefulness of the new primitive in two quite di erent settings.