Results 1 
9 of
9
On robust combiners for oblivious transfer and other primitives
 In Proc. Eurocrypt ’05
, 2005
"... At the mouth of two witnesses... shall the matter be establishedDeuteronomy Chapter 19. ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
At the mouth of two witnesses... shall the matter be establishedDeuteronomy Chapter 19.
On the impossibility of efficiently combining collision resistant hash functions
 In Proc. Crypto ’06
, 2006
"... Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1 and H2 clearly works, but at the cost of doubling the hash output size. We ask whether a better constr ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1 and H2 clearly works, but at the cost of doubling the hash output size. We ask whether a better construction exists, namely, can we hedge our bets without doubling the size of the output? We take a step towards answering this question in the negative — we show that any secure construction that evaluates each hash function once cannot output fewer bits than simply concatenating the given functions. 1
On robust combiners for private information retrieval and other primitives
 CRYPTO
, 2006
"... Abstract. Let A and B denote cryptographic primitives. A (k, m)robust AtoB combiner is a construction, which takes m implementations of primitive A as input, and yields an implementation of primitive B, which is guaranteed to be secure as long as at least k input implementations are secure. The ma ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Abstract. Let A and B denote cryptographic primitives. A (k, m)robust AtoB combiner is a construction, which takes m implementations of primitive A as input, and yields an implementation of primitive B, which is guaranteed to be secure as long as at least k input implementations are secure. The main motivation for such constructions is the tolerance against wrong assumptions on which the security of implementations is based. For example, a (1,2)robust AtoB combiner yields a secure implementation of B even if an assumption underlying one of the input implementations of A turns out to be wrong. In this work we study robust combiners for private information retrieval (PIR), oblivious transfer (OT), and bit commitment (BC). We propose a (1,2)robust PIRtoPIR combiner, and describe various optimizations based on properties of existing PIR protocols. The existence of simple PIRtoPIR combiners is somewhat surprising, since OT, a very closely related primitive, seems difficult to combine (Harnik et al., Eurocrypt’05). Furthermore, we present (1,2)robust PIRtoOT and PIRtoBC combiners. To the best of our knowledge these are the first constructions of AtoB combiners with A � = B. Such combiners, in addition to being interesting in their own right, offer insights into relationships between cryptographic primitives. In particular, our PIRtoOT combiner together with the impossibility result for OTcombiners of Harnik et al. rule out certain types of reductions of PIR to OT. Finally, we suggest a more finegrained approach to construction of robust combiners, which may lead to more efficient and practical combiners in many scenarios.
Nontrivial blackbox combiners for collisionresistant hashfunctions don’t exist
 In Proc. Eurocrypt ’07
, 2007
"... 1 Introduction A function H: f0; 1g ..."
Robuster Combiners for Oblivious Transfer
"... Abstract. A(k; n)robust combiner for a primitive F takes as input n candidate implementations of F and constructs an implementation of F, which is secure assuming that at least k of the input candidates are secure. Such constructions provide robustness against insecure implementations and wrong ass ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Abstract. A(k; n)robust combiner for a primitive F takes as input n candidate implementations of F and constructs an implementation of F, which is secure assuming that at least k of the input candidates are secure. Such constructions provide robustness against insecure implementations and wrong assumptions underlying the candidate schemes. In a recent work Harnik et al. (Eurocrypt 2005) have proposed a (2; 3)robust combiner for oblivious transfer (OT), and have shown that (1; 2)robust OTcombiners of a certain type are impossible. In this paper we propose new, generalized notions of combiners for twoparty primitives, which capture the fact that in many twoparty protocols the security of one of the parties is unconditional, or is based on an assumption independent of the assumption underlying the security of the other party. This finegrained approach results in OTcombiners strictly stronger than the constructions known before. In particular, we propose an OTcombiner which guarantees secure OT even when only one candidate is secure for both parties, and every remaining candidate is flawed for one of the parties. Furthermore, we present an efficient uniform OTcombiner, i.e., a single combiner which is secure simultaneously for a wide range of candidates ’ failures. Finally, our definition allows for a very simple impossibility result, which shows that the proposed OTcombiners achieve optimal robustness.
Tolerant Combiners: Resilient Cryptographic Design
, 2002
"... We investigate how to construct secure cryptographic schemes, from few candidate schemes, some of which may be insecure. Namely, tolerant constructions tolerate the insecurity of some of the component schemes used in the construction. We define tolerant constructions, and investigate folklore, pract ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We investigate how to construct secure cryptographic schemes, from few candidate schemes, some of which may be insecure. Namely, tolerant constructions tolerate the insecurity of some of the component schemes used in the construction. We define tolerant constructions, and investigate folklore, practical cascade and parallel constructions. We prove cascade of encryption schemes provide tolerance for indistinguishability under chosen ciphertext attacks, including a weak adaptive variant. Similarly, certain parallel constructions ensure tolerance for unforgeability of Signature/MAC schemes, OWF, ERF, AONT and certain collisionresistant hash functions. We present (new) tolerant constructions for (several variants of) commitment schemes. Our constructions are simple, efficient and practical. To ensure practicality, we use concrete security analysis (in addition to the simpler asymptotic analysis).
Errortolerant combiners for oblivious primitives
"... Abstract. A robust combiner is a construction that combines several implementations of a primitive based on different assumptions, and yields an implementation guaranteed to be secure if at least some assumptions (i.e. sufficiently many but not necessarily all) are valid. In this paper we generalize ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. A robust combiner is a construction that combines several implementations of a primitive based on different assumptions, and yields an implementation guaranteed to be secure if at least some assumptions (i.e. sufficiently many but not necessarily all) are valid. In this paper we generalize this concept by introducing errortolerant combiners, which in addition to protection against insecure implementations provide tolerance to functionality failures: an errortolerant combiner guarantees a secure and correct implementation of the output primitive even if some of the candidates are insecure or faulty. We present simple constructions of errortolerant robust combiners for oblivious linear function evaluation. The proposed combiners are also interesting in the regular (not errortolerant) case, as the construction is much more efficient than the combiners known for oblivious transfer. 1
Cryptology
"... Cryptology has advanced tremendously since 1976; this chapter provides a brief overview of the current stateoftheart in the field. Several major themes predominate in the development. One such theme is the careful elaboration of the definition of security for a cryptosystem. A second theme has be ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Cryptology has advanced tremendously since 1976; this chapter provides a brief overview of the current stateoftheart in the field. Several major themes predominate in the development. One such theme is the careful elaboration of the definition of security for a cryptosystem. A second theme has been the search for provably secure cryptosystems, based on plausible assumptions about the difficulty of specific numbertheoretic problems or on the existence of certain kinds of functions (such as oneway functions). A third theme is the invention of many novel and surprising cryptographic capabilities, such as publickey cryptography, digital signatures, secretsharing, oblivious transfers, and zeroknowledge proofs. These themes have been developed and interwoven so that today theorems of breathtaking generality and power assert the existence of cryptographic techniques capable of solving almost any imaginable cryptographic problem.
Certificate
, 2007
"... First of all, I would like to express my deepest gratitude to my advisor Prof. Pandu Rangan C, for inspiring me to take up research seriously. He is easily, one of the best professors I have come across in my four years of undergraduate life. His courses and his formal methods of approaching mathema ..."
Abstract
 Add to MetaCart
First of all, I would like to express my deepest gratitude to my advisor Prof. Pandu Rangan C, for inspiring me to take up research seriously. He is easily, one of the best professors I have come across in my four years of undergraduate life. His courses and his formal methods of approaching mathematical problems have helped me obtain a good grasp in the field of theoretical computer science. I thank him for providing the appropriate environment for research in the TCSLab, well known for books, journals and proceedings strewn all around. I would also like to recollect the valuable spree of technical discussions that I have had with him along with the students and interns of the lab on various topics in cryptography during the past 3 years at the lab. I would like to thank my faculty advisor, Prof. C. Siva Ram Murthy for his encouraging words during my initial terms in the department. I would also like to thank Dr. B. Ravindran for helping me broaden my interests in Computer Science through his courses on Operating Systems and Reinforcement learning. I am grateful to Dr. Shankar Balachandran and Prof. G. Srinivasan for they have stood by me and boosted my selfconfidence during my tough times. The teteatete sessions that I had with Shankar in his room and near GC reminded me of my school days and friends. The Cricket talk in the CoffeewithGS sessions every Thursday along