Results 1 
5 of
5
Authenticated Byzantine Generals in Dual Failure Model
"... Pease et al. introduced the problem of Byzantine Generals (BGP) to study the effects of Byzantine faults in distributed protocols for reliable broadcast. It is well known that BGP among n players tolerating up to t faults is (efficiently) possible if and only if n> 3t. To overcome this severe limita ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Pease et al. introduced the problem of Byzantine Generals (BGP) to study the effects of Byzantine faults in distributed protocols for reliable broadcast. It is well known that BGP among n players tolerating up to t faults is (efficiently) possible if and only if n> 3t. To overcome this severe limitation, Pease et al. introduced a variant of BGP, Authenticated Byzantine General (ABG). Here players are supplemented with digital signatures (or similar tools) to thwart the challenge posed by Byzantine faults. Subsequently, they proved that with the use of authentication, fault tolerance of protocols for reliable broadcast can be amazingly increased to n> t (which is a huge improvement over the n> 3t). Byzantine faults are the most generic form of faults. In a network not all faults are always malicious. Some faulty nodes may only leak their data while others are malicious. Motivated from this, we study the problem of ABG in (tb,tp)mixed adversary model where the adversary can corrupt up to any tb players actively and control up to any other tp players passively. We prove that in such a setting, ABG over a completely connected synchronous network of n nodes tolerating a (tb,tp)adversary is possible if and only if n> 2tb+min(tb, tp) when tp> 0. Interestingly, our results can also be seen as an attempt to unify the extant literature on BGP and ABG.
Compression from collisions, or why CRHF combiners have a long output
 Advances in Cryptology – CRYPTO 2008. Lecture Notes in Computer Science
, 2004
"... Abstract. A blackbox combiner for collision resistant hash functions (CRHF) is a construction which given blackbox access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of blackbox co ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. A blackbox combiner for collision resistant hash functions (CRHF) is a construction which given blackbox access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of blackbox combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto’07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hashfunctions given a single collision for the combiner (Canetti et al [Crypto’07] building on Boneh and Boyen [Crypto’06] and Pietrzak [Eurocrypt’07]). Our proof uses a lemma similar to the elegant “reconstruction lemma ” of Gennaro and Trevisan [FOCS’00], which states that any function which is not oneway is compressible (and thus uniformly random function must be oneway). In a similar vein we show that a function which is not collision resistant is compressible. We also borrow ideas from recent work by Haitner et al. [FOCS’07], who show that one can prove the reconstruction lemma even relative to some very powerful oracles (in our case this will be an exponential time collisionfinding oracle). 1
Unconditional security from noisy quantum storage
, 2009
"... We consider the implementation of twoparty cryptographic primitives based on the sole assumption that no largescale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide sec ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We consider the implementation of twoparty cryptographic primitives based on the sole assumption that no largescale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide security even against the most general attack. Such unconditional results were previously only known in the socalled boundedstorage model which is a special case of our setting. Our protocols can be implemented with presentday hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties.
Errortolerant combiners for oblivious primitives
"... Abstract. A robust combiner is a construction that combines several implementations of a primitive based on different assumptions, and yields an implementation guaranteed to be secure if at least some assumptions (i.e. sufficiently many but not necessarily all) are valid. In this paper we generalize ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. A robust combiner is a construction that combines several implementations of a primitive based on different assumptions, and yields an implementation guaranteed to be secure if at least some assumptions (i.e. sufficiently many but not necessarily all) are valid. In this paper we generalize this concept by introducing errortolerant combiners, which in addition to protection against insecure implementations provide tolerance to functionality failures: an errortolerant combiner guarantees a secure and correct implementation of the output primitive even if some of the candidates are insecure or faulty. We present simple constructions of errortolerant robust combiners for oblivious linear function evaluation. The proposed combiners are also interesting in the regular (not errortolerant) case, as the construction is much more efficient than the combiners known for oblivious transfer. 1
Acknowledgements
, 2006
"... and Information Theory lectures. I am grateful for the valuable discussions that I had with the brilliant ..."
Abstract
 Add to MetaCart
and Information Theory lectures. I am grateful for the valuable discussions that I had with the brilliant