Results 1  10
of
18
Limits on the Provable Consequences of Oneway Permutations
, 1989
"... We present strong evidence that the implication, "if oneway permutations exist, then secure secret key agreement is possible" is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new m ..."
Abstract

Cited by 162 (0 self)
 Add to MetaCart
We present strong evidence that the implication, "if oneway permutations exist, then secure secret key agreement is possible" is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where dl parties have access to a black box or a randomly selected permutation. Being totally random, this permutation will be strongly oneway in provable, informationthevretic way. We show that, if P = NP, no protocol for secret key agreement is secure in such setting. Thus, to prove that a secret key greement protocol which uses a oneway permutation as a black box is secure is as hrd as proving F NP. We also obtain, as corollary, that there is an oracle relative to which the implication is false, i.e., there is a oneway permutation, yet secretexchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any oneway permutation. Our results present a general framework for proving statements of the form, "Cryptographic application X is not likely possible based solely on complexity assumption Y." 1
Quantum Bit Commitment and Coin Tossing Protocols
 in Advances in Cryptology: Proceedings of Crypto '90, Lecture Notes in Computer Science
, 1991
"... this paper does not yield to this attack. Unfortunately, we can still describe a possible attack on this new scheme, which is based on an unverified belief about quantum mechanics (unlike EPR, which has been verified experimentally). Can one build such a scheme, unbreakable in an absolute way, bas ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
this paper does not yield to this attack. Unfortunately, we can still describe a possible attack on this new scheme, which is based on an unverified belief about quantum mechanics (unlike EPR, which has been verified experimentally). Can one build such a scheme, unbreakable in an absolute way, based solely on the equations of quantum mechanics? We cannot answer this question at this time. Still we have been able to build a cointossing protocol that is secure unless both attacks can be implemented. This seems to indicate that maybe Bit Commitment is more than CoinTossing since, at this time, we are unable to offer a Bit Commitment scheme with this same level of security. 7 Acknowledgements
Limits on the Provable Consequences of Oneway Functions
, 1989
"... This technical point will prevent the reader from suspecting any measuretheoretic fallacy. ..."
Abstract

Cited by 32 (1 self)
 Add to MetaCart
This technical point will prevent the reader from suspecting any measuretheoretic fallacy.
Certified Email with a Light Online Trusted Third Party: Design And Implementation
, 2002
"... This paper presents a new protocol for certified email. The protocol aims to combine security, scalability, easy implementation, and viable deployment. The protocol relies on a light online trusted third party; it can be implemented without any special software for the receiver beyond a standard em ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
This paper presents a new protocol for certified email. The protocol aims to combine security, scalability, easy implementation, and viable deployment. The protocol relies on a light online trusted third party; it can be implemented without any special software for the receiver beyond a standard email reader and web browser, and does not require any publickey infrastructure.
Correct and Private Reductions among Oblivious Transfers
, 1990
"... Roughly speaking a protocol is a way of exchanging messages so that each party gains some specified information. Correctness and privacy are fundamental constraints to the notion of a secure protocol. Essentially, correctness guarantees that the information the parties learn in executing a protocol ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
Roughly speaking a protocol is a way of exchanging messages so that each party gains some specified information. Correctness and privacy are fundamental constraints to the notion of a secure protocol. Essentially, correctness guarantees that the information the parties learn in executing a protocol is what was specified. Privacy guarantees that they cannot learn more than that. We investigate correctness and privacy for the primitive notion of oblivious transfer protocols. As introduced by Rabin, in an oblivious transfer a party S (the sender) owning a secret message m discloses this message to another party R (the receiver) with probability 1 2 . S does not find out whether R did get the message or not. A different version of this notion (1outof2oblivious transfer) was introduced by Even, Goldreich and Lempel. Traditionally, correctness and privacy were guaranteed assuming that the parties had bounded computational resources and that some appropriate mathematical problems were in...
Complexity and Security of Distributed Protocols
, 1993
"... This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the c ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the complexity (cryptographic) assumptions that are made. We present new protocols, both for general secure computation (i.e., of any function over a finite domain) and for specific tasks (e.g., electronic money). We investigate fundamental relationships among security needs and various resource requirements, with an emphasis on communication complexity. A number of mathematical methods are employed for our investigations, including algebraic, graphtheoretic, and cryptographic techniques.
A Certified EMail Protocol
 In 14th Annual Computer Security Applications Conference. ACM
, 1998
"... Protocols to facilitate secure electronic delivery are necessary if the Internet is to achieve its true potential as a business communications tool. We present a protocol for secure email that protects both the sender and the receiver, and can be implemented using current email products and existi ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Protocols to facilitate secure electronic delivery are necessary if the Internet is to achieve its true potential as a business communications tool. We present a protocol for secure email that protects both the sender and the receiver, and can be implemented using current email products and existing Internet infrastructure.
Distribution Chain Security
 In Proceedings of the 7th ACM Conference on Computer and Communications Security
, 2000
"... Digital content distribution systems will enable business models in the near future that cannot ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Digital content distribution systems will enable business models in the near future that cannot
Varieties of Secure Distributed Computing
 In Proceedings of Sequences II, Methods in Communications, Security and Computer Science
, 1996
"... this paper, we will see solutions to the Fortune 500 problem (or any other computational problem) that assume nothing more than that each company trusts that there are at least 333 other companies that will not betray it (plus secure phone lines). Other solutions show that if conferencecalling is a ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
this paper, we will see solutions to the Fortune 500 problem (or any other computational problem) that assume nothing more than that each company trusts that there are at least 333 other companies that will not betray it (plus secure phone lines). Other solutions show that if conferencecalling is also allowed, then each company need only assume that 250 other companies are honest. Still other solutions need only assume that the Chief Number Theorist of each company certifies that certain problems (such as quadratic residuosity) will remain intractable for as long as its financial information remains sensitive. Results in the field can be divided into two main categories: protocols and complexity results. Protocols can be divided into two main categories: cryptographic and noncryptographic. Cryptographic protocols can be divided into two main categories: twoparty protocols and multiparty protocols. These are the lines along which the bulk of this paper is organized.
Verifiable Disclosure of Secrets and Applications (Abstract)
"... A \Gamma 2 1 \Delta Oblivious Bit Transfer protocol is a way for a party Rachel to get one bit from a pair b 0 ; b 1 that another party Sam offers her. The difficulty is that Sam should not find out which secret Rachel is getting while Rachel should not be able to get partial information about mor ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
A \Gamma 2 1 \Delta Oblivious Bit Transfer protocol is a way for a party Rachel to get one bit from a pair b 0 ; b 1 that another party Sam offers her. The difficulty is that Sam should not find out which secret Rachel is getting while Rachel should not be able to get partial information about more than one of the bits. This paper shows a way to make "verifiable" this protocol (v \Gamma 2 1 \Delta Oblivious Bit Transfer ) and shows that it can be used to directly achieve oblivious circuit evaluation [Ki] and fair exchange of bits [MRL], assuming the existence of a nonverifiable version of the protocol.