Results 1 
9 of
9
How to Construct ConstantRound ZeroKnowledge Proof Systems for NP
 Journal of Cryptology
, 1995
"... Constantround zeroknowledge proof systems for every language in NP are presented, assuming the existence of a collection of clawfree functions. In particular, it follows that such proof systems exist assuming the intractability of either the Discrete Logarithm Problem or the Factoring Problem for ..."
Abstract

Cited by 157 (8 self)
 Add to MetaCart
Constantround zeroknowledge proof systems for every language in NP are presented, assuming the existence of a collection of clawfree functions. In particular, it follows that such proof systems exist assuming the intractability of either the Discrete Logarithm Problem or the Factoring Problem for Blum Integers.
Foundations of Cryptography (Fragments of a Book)
, 1995
"... this paper date to early 1983. Yet, the paper, being rejected three times from major conferences, has first appeared in public only in 1985, concurrently to the paper of Babai [B85].) A restricted form of interactive proofs, known by the name Arthur Mer'lin Games, was introduced by Babai [B85]. (The ..."
Abstract

Cited by 142 (21 self)
 Add to MetaCart
this paper date to early 1983. Yet, the paper, being rejected three times from major conferences, has first appeared in public only in 1985, concurrently to the paper of Babai [B85].) A restricted form of interactive proofs, known by the name Arthur Mer'lin Games, was introduced by Babai [B85]. (The restricted form turned out to be equivalent in power see Section [mssng(effp.sec)].) The interactive proof for Graph NonIsomorphism is due to Goldreich, Micali and Wigderson The concept of zeroknowledge has been introduced by Goldwasser, Micali and Rackoff, in the same paper quoted above [R85]. Their paper contained also a perfect zeroknowledge proof for Quadratic Non Residuousity. The perfect zeroknowledge proof system for Graph Isomorphism is due to Goldreich, Micali and Wigderson [W86]. The latter paper is also the source to the zeroknowledge proof systems for all languages in 2V72, using any (nonunifomly) oneway function. (Brassard and Crapeau have later' constructed alternative zeroknowledge proof systems for 2V72, using a stronger' intractability assumption, specifically the intractability of the Quadratic Residuousity Problem.) The cryptographic applications of zeroknowledge proofs were the very motivation for their presentation in [R85]. Zeroknowledge proofs were applied to solve cryptographic problems in [FRW85] and [CF85]. However, many more applications were possible once it was shown how to construct zeroknowledge proof systems for every language in In particular, general methodologies for the construction of cryptographic protocols have appeared in [6MW86,GW87]
HardCore Distributions for Somewhat Hard Problems
 In 36th Annual Symposium on Foundations of Computer Science
, 1995
"... Consider a decision problem that cannot be 1 \Gamma ffi approximated by circuits of a given size in the sense that any such circuit fails to give the correct answer on at least a ffi fraction of instances. We show that for any such problem there is a specific "hardcore" set of inputs which is at le ..."
Abstract

Cited by 116 (13 self)
 Add to MetaCart
Consider a decision problem that cannot be 1 \Gamma ffi approximated by circuits of a given size in the sense that any such circuit fails to give the correct answer on at least a ffi fraction of instances. We show that for any such problem there is a specific "hardcore" set of inputs which is at least a ffi fraction of all inputs and on which no circuit of a slightly smaller size can get even a small advantage over a random guess. More generally, our argument holds for any nonuniform model of computation closed under majorities. We apply this result to get a new proof of the Yao XOR lemma [Y], and to get a related XOR lemma for inputs that are only kwise independent. 1 Introduction If you have a difficult computational problem, is it always the case that several independent instances of the problem are proportionately harder than a single instance? In particular, if any algorithm taking less than R resources has failure probability at least ffi for a particular problem on a certai...
Adaptively Secure Multiparty Computation
, 1996
"... A fundamental problem in designing secure multiparty protocols is how to deal with adaptive adversaries (i.e., adversaries that may choose the corrupted parties during the course of the computation), in a setting where the channels are insecure and secure communication is achieved by cryptographi ..."
Abstract

Cited by 77 (8 self)
 Add to MetaCart
A fundamental problem in designing secure multiparty protocols is how to deal with adaptive adversaries (i.e., adversaries that may choose the corrupted parties during the course of the computation), in a setting where the channels are insecure and secure communication is achieved by cryptographic primitives based on the computational limitations of the adversary.
Studies in Secure Multiparty Computation and Applications
, 1996
"... Consider a set of parties who do not trust each other, nor the channels by which they communicate. Still, the parties wish to correctly compute some common function of their local inputs, while keeping their local data as private as possible. This, in a nutshell, is the problem of secure multiparty ..."
Abstract

Cited by 77 (8 self)
 Add to MetaCart
Consider a set of parties who do not trust each other, nor the channels by which they communicate. Still, the parties wish to correctly compute some common function of their local inputs, while keeping their local data as private as possible. This, in a nutshell, is the problem of secure multiparty computation. This problem is fundamental in cryptography and in the study of distributed computations. It takes many different forms, depending on the underlying network, on the function to be computed, and on the amount of distrust the parties have in each other and in the network. We study several aspects of secure multiparty computation. We first present new definitions of this problem in various settings. Our definitions draw from previous ideas and formalizations, and incorporate aspects that were previously overlooked. Next we study the problem of dealing with adaptive adversaries. (Adaptive adversaries are adversaries that corrupt parties during the course of the computation, based on...
Perfectly OneWay Probabilistic Hash Functions
"... Probabilistic hash functions that hide all partial information on their input were recently introduced. This new cryptographic primitive can be regarded as a function that offers "perfect onewayness", in the following sense: Having access to the function value on some input is equivalent ..."
Abstract

Cited by 73 (9 self)
 Add to MetaCart
Probabilistic hash functions that hide all partial information on their input were recently introduced. This new cryptographic primitive can be regarded as a function that offers "perfect onewayness", in the following sense: Having access to the function value on some input is equivalent to having access only to an oracle that answers "yes " if the correct input is queried, and answers "no " otherwise. Constructions of this primitive (originally called oracle hashing and here renamed perfectly oneway functions) were given based on certain strong variants of the DiffieHellman assumption. In this work we present several constructions of perfectly oneway functions; some constructions are based on clawfree permutation, and others are based on any oneway permutation. One of our constructions is simple and efficient to the point of being attractive from a practical point of view.
Incoercible Multiparty Computation
 Proc. 37th IEEE Symp. on Foundations of Computer Science
, 1996
"... Current secure multiparty protocols have the following deficiency. The public transcript of the communication can be used as an involuntary commitment of the parties to their inputs and outputs. Thus parties can be later coerced by some authority to reveal their private data. Previous work that has ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
Current secure multiparty protocols have the following deficiency. The public transcript of the communication can be used as an involuntary commitment of the parties to their inputs and outputs. Thus parties can be later coerced by some authority to reveal their private data. Previous work that has pointed this interesting problem out contained only partial treatment. In this work we present the first general treatment of the coercion problem in secure computation. First we present a general definition of protocols that provide resilience to coercion. Our definition constitutes a natural extension of the general paradigm used for defining secure multiparty protocols. Next we show that if trapdoor permutations exist then any function can be incoercibly computed (i.e., computed by a protocol that provides resilience to coercion) in the presence of computationally bounded adversaries and only public communication channels. This ...
On constructing 11 oneway functions
 Electronic Colloquium on Computational Complexity (ECCC
, 1995
"... Abstract. We show how to construct lengthpreserving 11 oneway functions based on popular intractability assumptions (e.g., RSA, DLP). Such 11 functions should not be confused with (infinite) families of (finite) oneway permutations. What we want and obtain is a single (infinite) 11 oneway fun ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Abstract. We show how to construct lengthpreserving 11 oneway functions based on popular intractability assumptions (e.g., RSA, DLP). Such 11 functions should not be confused with (infinite) families of (finite) oneway permutations. What we want and obtain is a single (infinite) 11 oneway function.
Perfectly OneWay Probabilistic Hash Functions
"... Probabilistic hash functions that hide all partial information on their input were recently introduced. This new cryptographic primitive can be regarded as a function that offers "perfect onewayness", in the following sense: Having access to the function value on some input is equivalent to havi ..."
Abstract
 Add to MetaCart
Probabilistic hash functions that hide all partial information on their input were recently introduced. This new cryptographic primitive can be regarded as a function that offers "perfect onewayness", in the following sense: Having access to the function value on some input is equivalent to having access only to an oracle that answers "yes" if the correct input is queried, and answers "no" otherwise. Constructions of this primitive (originally called oracle hashing and here renamed perfectly oneway functions) were given based on certain strong variants of the DiffieHellman assumption. In this work we present several constructions of perfectly oneway functions; some constructions are based on clawfree permutation, and others are based on any oneway permutation. One of our constructions is simple and efficient to the point of being attractive from a practical point of view. IBM T.J. Watson Research Center. Email: canetti@watson.ibm.com y MIT Laboratory for Computer Sc...