Results 1  10
of
26
Allor Nothing Disclosure of Secrets
, 1987
"... this paper a practical computationally secure solution. This solution is inspired by our work on zeroknowledge interactive protocols [BC1, BC2]. In a companion paper [BCR], we show how to efficiently reduce this general allornothing disclosure of secrets problem to a much simpler problem known as ..."
Abstract

Cited by 91 (6 self)
 Add to MetaCart
this paper a practical computationally secure solution. This solution is inspired by our work on zeroknowledge interactive protocols [BC1, BC2]. In a companion paper [BCR], we show how to efficiently reduce this general allornothing disclosure of secrets problem to a much simpler problem known as the twobit problem. The main interest of this reduction is that it is information theoretic and that it does not depend on unproved assumptions.
A UniformComplexity Treatment of Encryption and ZeroKnowledge
, 1993
"... We provide a treatment of encryption and zeroknowledge in terms of uniform complexity measures. This treatment is appropriate for cryptographic settings modeled by probabilistic polynomialtime machines. Our uniform treatment allows to construct secure encryption schemes and zeroknowledge proof s ..."
Abstract

Cited by 77 (10 self)
 Add to MetaCart
We provide a treatment of encryption and zeroknowledge in terms of uniform complexity measures. This treatment is appropriate for cryptographic settings modeled by probabilistic polynomialtime machines. Our uniform treatment allows to construct secure encryption schemes and zeroknowledge proof systems (for all INP) using only uniform complexity assumptions. We show that uniform variants of the two definitions of security, presented in the pioneering work of Goldwasser and Micali, are in fact equivalent. Such a result was known before only for the nonuniform formalization.
NonTransitive Transfer of Confidence: A Perfect ZeroKnowledge Interactive Protocol for SAT and Beyond
, 1986
"... A perfect zeroknowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any prob ..."
Abstract

Cited by 57 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any problem in NP (and beyond). The fact that our protocol is perfect zeroknowledge does not depend on unproved cryptographic assumptions. Furthermore, our protocol is powerful enough to allow Alice to convince Bob of theorems for which she does not even have a proof. Whenever Alice can convince herself probabilistically of a theorem, perhaps thanks to her knowledge of some trapdoor information, she can convince Bob as well, without compromising the trapdoor in any way. This results in a nontransitive transfer of confidence from Alice to Bob, because Bob will not be able to convince anyone else afterwards. Our protocol is dual to those of [GrMiWi86a, BrCr86]. 1. INTRODUCTION Assume that Alice h...
ConstantRound Perfect ZeroKnowledge Computationally Convincing Protocols
, 1991
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 \Gammak . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds. The protocol is computationally convincing (rather than statistically convincing as would have been an interactive proofsystem in the sense of Goldwasser, Micali and Rackoff) because the ver...
Everything in NP can be argued in perfect zeroknowledge in a bounded number of rounds
, 1989
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 k . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds (under the assumption that it is possible to find a prime p with known factorization of p 1 such that it is infeasible to compute discrete logarithms modulo p even for someone who knows the factors o...
A zeroknowledge Poker protocol that achieves confidentiality of the players' strategy or How to achieve an electronic Poker face
, 1986
"... This paper proposes a new poker protocol that allows players to keep secret their strategy. This protocol is an extension of the one given by Crepeau in [Cr]. The security will not be based on the knowledge of the entire deck of card at the end of the game, but rather on some independent information ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
This paper proposes a new poker protocol that allows players to keep secret their strategy. This protocol is an extension of the one given by Crepeau in [Cr]. The security will not be based on the knowledge of the entire deck of card at the end of the game, but rather on some independent information linked to the entries of the deck. This protocol achieves every constraints of a real poker game. It is the first complete solution to the mental poker problem. It achieves all the necessary conditions suggested in [Cr]:  2  . Uniqueness of cards . Uniform random distribution of cards . Absence of trusted third party . Cheating detection with a very high probability . Complete confidentiality of cards . Minimal effect of coalitions . Complete confidentiality of strategy 2. Review of the protocol in [Cr]
The Foundations of Modern Cryptography
, 1998
"... In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental result ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental results obtained using them. Special effort is made in attempt to dissolve common misconceptions regarding these paradigms and results. c flCopyright 1998 by Oded Goldreich. Permission to make copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that new copies bear this notice and the full citation on the first page. Abstracting with credit is permitted. A preliminary version of this essay has appeared in the proceedings of Crypto97 (Springer's Lecture Notes in Computer Science, Vol. 1294). 0 Contents 1 Introduction 2 I Basic Tools 6 2 Central Paradigms 6 2.1 Computati...
How to Prove All NP Statements in ZeroKnowledge and a Methodology of Cryptographic Protocol Design (Extended Abstract)
 PROC. OF CRYPTO 1986, THE 6TH ANN. INTL. CRYPTOLOGY CONF., VOLUME 263 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1998
"... ..."
Lecture Notes on Cryptography
, 2001
"... This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MI ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.
Zeroknowledge proofs and string commitments withstanding quantum attacks
, 2004
"... The concept of zeroknowledge (ZK) has become of fundamental importance in cryptography. However, in a setting where entities are modeled by quantum computers, classical arguments for proving ZK fail to hold since, in the quantum setting, the concept of rewinding is not generally applicable. More ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
The concept of zeroknowledge (ZK) has become of fundamental importance in cryptography. However, in a setting where entities are modeled by quantum computers, classical arguments for proving ZK fail to hold since, in the quantum setting, the concept of rewinding is not generally applicable. Moreover, known classical techniques that avoid rewinding have various shortcomings in the quantum setting. We propose new