Results 1 
8 of
8
On 2Round Secure Multiparty Computation
 In Proc. Crypto ’02
, 2002
"... Abstract. Substantial efforts have been spent on characterizing the round complexity of various cryptographic tasks. In this work we study the round complexity of secure multiparty computation in the presence of an active (Byzantine) adversary, assuming the availability of secure pointtopoint chan ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Substantial efforts have been spent on characterizing the round complexity of various cryptographic tasks. In this work we study the round complexity of secure multiparty computation in the presence of an active (Byzantine) adversary, assuming the availability of secure pointtopoint channels and a broadcast primitive. It was recently shown that in this setting three rounds are sufficient for arbitrary secure computation tasks, with a linear security threshold, and two rounds are sufficient for certain nontrivial tasks. This leaves open the question whether every function can be securely computed in two rounds. We show that the answer to this question is “no”: even some very simple functions do not admit secure 2round protocols (independently of their communication and time complexity) and thus 3 is the exact round complexity of general secure multiparty computation. Yet, we also present some positive results by identifying a useful class of functions which can be securely computed in two rounds. Our results apply both to the informationtheoretic and to the computational notions of security.
Y.: Constantround multiparty computation using a blackbox pseudorandom generator
 In: CRYPTO. LNCS
, 2005
"... Abstract. We present a constantround protocol for general secure multiparty computation which makes a blackbox use of a pseudorandom generator. In particular, the protocol does not require expensive zeroknowledge proofs and its communication complexity does not depend on the computational complexi ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present a constantround protocol for general secure multiparty computation which makes a blackbox use of a pseudorandom generator. In particular, the protocol does not require expensive zeroknowledge proofs and its communication complexity does not depend on the computational complexity of the underlying cryptographic primitive. Our protocol withstands an active, adaptive adversary corrupting a minority of the parties. Previous constantround protocols of this type were only known in the semihonest model or for restricted classes of functionalities. 1
On expected constantround protocols for Byzantine agreement
 In Advances in Cryptology — Crypto ’06
, 2006
"... In a seminal paper, Feldman and Micali show an nparty Byzantine agreement protocol in the plain model that tolerates t < n/3 malicious parties and runs in expected constant rounds. Here, resolving a question that had been open since their work, we show an expected constantround protocol for aut ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
(Show Context)
In a seminal paper, Feldman and Micali show an nparty Byzantine agreement protocol in the plain model that tolerates t < n/3 malicious parties and runs in expected constant rounds. Here, resolving a question that had been open since their work, we show an expected constantround protocol for authenticated Byzantine agreement assuming honest majority (i.e., t < n/2), and relying only on the existence of signature schemes and a publickey infrastructure. Combined with existing results, this gives the first expected constantround protocol for secure computation with honest majority in a pointtopoint network under the same assumptions. Our key technical tool — a new primitive we introduce called moderated VSS — also yields a simpler proof of the FeldmanMicali result. In addition, we show a simple technique for sequential composition of Byzantine agreement protocols that do not achieve simultaneous termination, something that is inherent for protocols using o(t) rounds.
Improving the round complexity of VSS in pointtopoint networks
 In 35th International Colloquium on Automata, Languages and Programming (ICALP), volume 5126 of Lecture Notes in Computer Science
, 2008
"... We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t < n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. ( ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t < n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. Existing protocols, however, treat the broadcast channel as being available “for free ” and do not attempt to minimize its usage. This approach leads to relatively poor round complexity when such protocols are compiled to run over a pointtopoint network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also satisfies a certain “2level sharing ” property that makes it useful for constructing protocols for general secure computation. 1
Roundefficient secure computation in pointtopoint networks
 In EUROCRYPT
, 2007
"... Abstract. Essentially all work studying the round complexity of secure computation assume broadcast as an atomic primitive. Protocols constructed under this assumption tend to have very poor round complexity when compiled for a pointtopoint network due to the high overhead of emulating each invoc ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Essentially all work studying the round complexity of secure computation assume broadcast as an atomic primitive. Protocols constructed under this assumption tend to have very poor round complexity when compiled for a pointtopoint network due to the high overhead of emulating each invocation of broadcast. This problem is compounded when broadcast is used in more than one round of the original protocol due to the complexity of handling sequential composition (when using roundefficient emulation of broadcast). We argue that if the goal is to optimize round complexity in pointtopoint networks, then it is preferable to design protocols — assuming a broadcast channel —minimizing the number of rounds in which broadcast is used rather than minimizing the total number of rounds. With this in mind, we present protocols for secure computation in a number of settings that use only a single round of broadcast. In all cases, we achieve optimal security threshold for adaptive adversaries, and obtain protocols whose round complexity (in a pointtopoint network) improves on prior work. 1
Improving the round complexity of ’roundoptimal’ vss. Cryptology ePrint Archive, Report 2007/358
, 2007
"... We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfectlysecure VSS where the number of corrupted parties t satisfies t < n/3, with n being the total number of parties. Work of Gennaro et al. (STOC 2001) and ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfectlysecure VSS where the number of corrupted parties t satisfies t < n/3, with n being the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. The efficient 3round protocol of Fitzi et al., however, treats the broadcast channel as being available “for free ” and does not attempt to minimize its usage. As argued previously by the authors, this approach leads to poor round complexity when protocols are compiled for a pointtopoint network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also has a certain “2level sharing ” property that makes it useful for constructing protocols for general secure computation. 1
This work was carried out under the supervision of
, 2014
"... Ph.D. studies are full of challenges, personal achievements, friendships and sometimes even failures. As this period is reaching its end, it is time to conclude by thanking the many people who made these past few years some of the most enjoyable in my life. First and foremost, I would like to thank ..."
Abstract
 Add to MetaCart
(Show Context)
Ph.D. studies are full of challenges, personal achievements, friendships and sometimes even failures. As this period is reaching its end, it is time to conclude by thanking the many people who made these past few years some of the most enjoyable in my life. First and foremost, I would like to thank my advisor, Prof. Yehuda Lindell. Yehuda introduced me the field of Cryptography and to the research world. Yehuda taught me so many important lessons during my studies and I am sure that he will continue to inspire me in the future. His endless demand for excellence, his immense knowledge, his unwillingness to compromise, along with his drive, enthusiasm and guidance are the major reasons for the achievements in these studies. Yehuda has put a lot of time and effort in so that I could succeed and become an independent researcher and I am deeply grateful for it. Aside for his outstanding professional achievements, Yehuda also has a great personality and I feel greatly privileged that I had the opportunity to work closely with him. I would like also to thank our crypto group in BarIlan: Benny Pinkas, Ran Cohen, Eran