Results 1  10
of
130
Private Information Retrieval
, 1997
"... Publicly accessible databases are an indispensable resource for retrieving up to date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the user ..."
Abstract

Cited by 426 (13 self)
 Add to MetaCart
Publicly accessible databases are an indispensable resource for retrieving up to date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the users ' intentions are to be kept secret, users are often cautious about accessing the database. It can be shown that when accessing a single database, to completely guarantee the privacy of the user, the whole database should be downloaded, namely n bits should be communicated (where n is the number of bits in the database). In this work, we investigate whether by replicating the database, more efficient solutions to the private retrieval problem can be obtained. We describe schemes that enable a user to access k replicated copies of a database (k * 2) and privately retrieve information stored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. Our schemes use the replication to gain substantial saving. In particular, we have ffl A two database scheme with communication complexity of O(n1=3). ffl A scheme for a constant number, k, of databases with communication complexity O(n1=k). ffl A scheme for 13 log2 n databases with polylogarithmic (in n) communication complexity.
A Sanctuary for Mobile Agents
, 1997
"... The Sanctuary project at UCSD is building a secure infrastructure for mobile agents, and examining ..."
Abstract

Cited by 125 (4 self)
 Add to MetaCart
The Sanctuary project at UCSD is building a secure infrastructure for mobile agents, and examining
Towards sound approaches to counteract poweranalysis attacks
, 1999
"... Abstract. Side channel cryptanalysis techniques, such as the analysis of instantaneous power consumption, have been extremely e ective in attacking implementations on simple hardware platforms. There are several proposed solutions to resist these attacks, most of which are ad{hoc and can easily be r ..."
Abstract

Cited by 105 (0 self)
 Add to MetaCart
Abstract. Side channel cryptanalysis techniques, such as the analysis of instantaneous power consumption, have been extremely e ective in attacking implementations on simple hardware platforms. There are several proposed solutions to resist these attacks, most of which are ad{hoc and can easily be rendered ine ective. A scienti c approach is to create a model for the physical characteristics of the device, and then design implementations provably secure in that model, i.e, they resist generic attacks with an a priori bound on the number of experiments. We propose an abstract model which approximates power consumption in most devices and in particular small single{chip devices. Using this, we propose a generic technique to create provably resistant implementations for devices where the power model has reasonable properties, and a source of randomness exists. We prove alower bound on the number of experiments required to mount statistical attacks on devices whose physical characteristics satisfy reasonable properties. 1
Upper Bound on the Communication Complexity of Private Information Retrieval
, 1996
"... We construct a scheme for private information retrieval with k databases and communication complexity O(n 1=(2k\Gamma1) ). 1 Introduction Much attention has been given to the problem of protecting a database from the user that tries to retrieve the information that he is not allowed to access[2, ..."
Abstract

Cited by 89 (1 self)
 Add to MetaCart
We construct a scheme for private information retrieval with k databases and communication complexity O(n 1=(2k\Gamma1) ). 1 Introduction Much attention has been given to the problem of protecting a database from the user that tries to retrieve the information that he is not allowed to access[2, 8, 12]. In some scenarios, the opposite problem can appear: a user wishes to retrieve some infomation from a database without revealing to the database what information he needs. For example[7], an investor wishes to receive information about certain stock but he does not wishe others (even the database) to know in which particular stock he is interesed. However, there is only one way to reach complete privacy: the user should ask for the copy of entire database. Otherwise, the database will get some information what the user wishes to know. This is not a good solution because it requires much time and much communiction from the database to the user. If there are several identical copies ...
OneRound Secure Computation and Secure Autonomous Mobile Agents (Extended Abstract)
, 2000
"... This paper investigates oneround secure computation between two distrusting parties: Alice and Bob each have private inputs to a common function, but only Alice, acting as the receiver, is to learn the output; the protocol is limited to one message from Alice to Bob followed by one message from Bob ..."
Abstract

Cited by 71 (0 self)
 Add to MetaCart
This paper investigates oneround secure computation between two distrusting parties: Alice and Bob each have private inputs to a common function, but only Alice, acting as the receiver, is to learn the output; the protocol is limited to one message from Alice to Bob followed by one message from Bob to Alice. A model in which Bob may be computationally unbounded is investigated, which corresponds to informationtheoretic security for Alice. It is shown that 1. for honestbutcurious behavior and unbounded Bob, any function computable by a polynomialsize circuit can be computed securely assuming the hardness of the decisional DiffieHellman problem; 2. for malicious behavior by both (bounded) parties, any function computable by a polynomialsize circuit can be computed securely, in a publickey framework, assuming the hardness of the decisional DiffieHellman problem.
Efficient Checking of Polynomials and Proofs and the Hardness of Approximation Problems
, 1992
"... The definition of the class NP [Coo71, Lev73] highlights the problem of verification of proofs as one of central interest to theoretical computer science. Recent efforts have shown that the efficiency of the verification can be greatly improved by allowing the verifier access to random bits and acce ..."
Abstract

Cited by 70 (9 self)
 Add to MetaCart
The definition of the class NP [Coo71, Lev73] highlights the problem of verification of proofs as one of central interest to theoretical computer science. Recent efforts have shown that the efficiency of the verification can be greatly improved by allowing the verifier access to random bits and accepting probabilistic guarantees from the verifier [BFL91, BFLS91, FGL + 91, AS92]. We improve upon the efficiency of the proof systems developed above and obtain proofs which can be verified probabilistically by examining only a constant number of (randomly chosen) bits of the proof. The efficiently verifiable proofs constructed here rely on the structural properties of lowdegree polynomials. We explore the properties of these functions by examining some simple and basic questions about them. We consider questions of the form: • (testing) Given an oracle for a function f, is f close to a lowdegree polynomial? • (correcting) Let f be close to a lowdegree polynomial g, is it possible to efficiently reconstruct the value of g on any given input using an oracle for f? 2 The questions described above have been raised before in the context of coding theory as the problems of errordetecting and errorcorrecting of codes. More recently
Security issues and requirements for Internetscale publishsubscribe systems
 In Proceedings of the Thirtyfifth Hawaii International Conference on System Sciences (HICSS35), Big Island
, 2002
"... Publishsubscribe is a communication paradigm that supports dynamic, manytomany communications in a distributed environment. Contentbased pubsub systems are often implemented on a peertopeer infrastructure that enables information dissemination from information producers (publishers) to consum ..."
Abstract

Cited by 67 (3 self)
 Add to MetaCart
Publishsubscribe is a communication paradigm that supports dynamic, manytomany communications in a distributed environment. Contentbased pubsub systems are often implemented on a peertopeer infrastructure that enables information dissemination from information producers (publishers) to consumers (subscribers) through a subscription mechanism. In a widearea pubsub network, the pubsub service must handle information dissemination across distinct authoritative domains, heterogeneous platforms and a large, dynamic population of publishers and subscribers. Such an environment raises serious security concerns. In this paper, we investigate the security issues and requirements that arise in an internetscale contentbased pubsub system. We distinguish among those requirements that can be
New Collapse Consequences Of NP Having Small Circuits
, 1995
"... . We show that if a selfreducible set has polynomialsize circuits, then it is low for the probabilistic class ZPP(NP). As a consequence we get a deeper collapse of the polynomialtime hierarchy PH to ZPP(NP) under the assumption that NP has polynomialsize circuits. This improves on the wellknown ..."
Abstract

Cited by 59 (7 self)
 Add to MetaCart
. We show that if a selfreducible set has polynomialsize circuits, then it is low for the probabilistic class ZPP(NP). As a consequence we get a deeper collapse of the polynomialtime hierarchy PH to ZPP(NP) under the assumption that NP has polynomialsize circuits. This improves on the wellknown result of Karp, Lipton, and Sipser (1980) stating a collapse of PH to its second level \Sigma P 2 under the same assumption. As a further consequence, we derive new collapse consequences under the assumption that complexity classes like UP, FewP, and C=P have polynomialsize circuits. Finally, we investigate the circuitsize complexity of several language classes. In particular, we show that for every fixed polynomial s, there is a set in ZPP(NP) which does not have O(s(n))size circuits. Key words. polynomialsize circuits, advice classes, lowness, randomized computation AMS subject classifications. 03D10, 03D15, 68Q10, 68Q15 1. Introduction. The question of whether intractable sets ca...
Pseudorandomness and averagecase complexity via uniform reductions
 In Proceedings of the 17th Annual IEEE Conference on Computational Complexity
, 2002
"... Abstract. Impagliazzo and Wigderson (36th FOCS, 1998) gave the first construction of pseudorandom generators from a uniform complexity assumption on EXP (namely EXP � = BPP). Unlike results in the nonuniform setting, their result does not provide a continuous tradeoff between worstcase hardness an ..."
Abstract

Cited by 57 (9 self)
 Add to MetaCart
Abstract. Impagliazzo and Wigderson (36th FOCS, 1998) gave the first construction of pseudorandom generators from a uniform complexity assumption on EXP (namely EXP � = BPP). Unlike results in the nonuniform setting, their result does not provide a continuous tradeoff between worstcase hardness and pseudorandomness, nor does it explicitly establish an averagecase hardness result. In this paper: ◦ We obtain an optimal worstcase to averagecase connection for EXP: if EXP � ⊆ BPTIME(t(n)), then EXP has problems that cannot be solved on a fraction 1/2 + 1/t ′ (n) of the inputs by BPTIME(t ′ (n)) algorithms, for t ′ = t Ω(1). ◦ We exhibit a PSPACEcomplete selfcorrectible and downward selfreducible problem. This slightly simplifies and strengthens the proof of Impagliazzo and Wigderson, which used a #Pcomplete problem with these properties. ◦ We argue that the results of Impagliazzo and Wigderson, and the ones in this paper, cannot be proved via “blackbox ” uniform reductions.