Results 1  10
of
70
Privacy Preserving Auctions and Mechanism Design
, 1999
"... We suggest an architecture for executing protocols for auctions and, more generally, mechanism design. Our goal is to preserve the privacy of the inputs of the participants (so that no nonessential information about them is divulged, even a posteriori) while maintaining communication and computation ..."
Abstract

Cited by 185 (12 self)
 Add to MetaCart
We suggest an architecture for executing protocols for auctions and, more generally, mechanism design. Our goal is to preserve the privacy of the inputs of the participants (so that no nonessential information about them is divulged, even a posteriori) while maintaining communication and computational efficiency. We achieve this goal by adding another party  the auction issuer  that generates the programs for computing the auctions but does not take an active part in the protocol. The auction issuer is not a trusted party, but is assumed not to collude with the auctioneer. In the case of auctions, barring collusion between the auctioneer and the auction issuer, neither party gains any information about the bids, even after the auction is over. Moreover, bidders can verify that the auction was performed correctly. The protocols do not require any communication between the bidders and the auction issuer and the computational efficiency is very reasonable. This architecture can be used to implement any mechanism design where the important factor is the complexity of the decision procedure.
Mix and Match: Secure Function Evaluation via Ciphertexts (Extended Abstract)
 In Proceedings of Asiacrypt00
, 2000
"... We introduce a novel approach to general secure multiparty computation that avoids the intensive use of verifiable secret sharing characterizing nearly all previous protocols in the literature. Instead, our scheme involves manipulation of ciphertexts for which the underlying private key is shared by ..."
Abstract

Cited by 78 (5 self)
 Add to MetaCart
We introduce a novel approach to general secure multiparty computation that avoids the intensive use of verifiable secret sharing characterizing nearly all previous protocols in the literature. Instead, our scheme involves manipulation of ciphertexts for which the underlying private key is shared by participants in the computation. The benefits of this protocol include a high degree of conceptual and structural simplicity, low message complexity, and substantial flexibility with respect to input and output value formats. We refer to this new approach as mix and match. While the atomic operations in mix and match are logical operations, rather than full field operations as in previous approaches, the techniques we introduce are nonetheless highly practical for computations involving intensive bitwise manipulation. One application for which mix and match is particularly well suited is that of sealedbid auctions. Thus, as another contribution in this paper, we present a practical, mixandmatchbased auction protocol that is fully private and noninteractive and may be readily adapted to a wide range of auction strategies.
Secure MultiParty Computation Problems and Their Applications: A Review And Open Problems
 In New Security Paradigms Workshop
, 2001
"... The growth of the Internet has triggered tremendous opportunities for cooperative computation, where people are jointly conducting computation tasks based on the private inputs they each supplies. These computations could occur between mutually untrusted parties, or even between competitors. For exa ..."
Abstract

Cited by 68 (1 self)
 Add to MetaCart
The growth of the Internet has triggered tremendous opportunities for cooperative computation, where people are jointly conducting computation tasks based on the private inputs they each supplies. These computations could occur between mutually untrusted parties, or even between competitors. For example, customers might send to a remote database queries that contain private information; two competing financial organizations might jointly invest in a project that must satisfy both organizations' private and valuable constraints, and so on. Today, to conduct such computations, one entity must usually know the inputs from all the participants; however if nobody can be trusted enough to know all the inputs, privacy will become a primary concern. This problem is referred to as Secure Multiparty Computation Problem (SMC) in the literature. Research in the SMC area has been focusing on only a limited set of specific SMC problems, while privacy concerned cooperative computations call for SMC studies in a variety of computation domains. Before we can study the problems, we need to identify and define the specific SMC problems for those computation domains. We have developed a frame to facilitate this problemdiscovery task. Based on our framework, we have identified and defined a number of new SMC problems for a spectrum of computation domains. Those problems include privacypreserving database query, privacypreserving scientific computations, privacypreserving intrusion detection, privacypreserving statistical analysis, privacypreserving geometric computations, and privacypreserving data mining. The goal of this paper is not only to present our results, but also to serve as a guideline so other people can identify useful SMC problems in their own computation domains.
Secure multiparty computational geometry
 INTERNATIONAL WORKSHOP ON ALGORITHMS AND DATA STRUCTURES
, 2001
"... The general secure multiparty computation problem is when multiple parties (say, Alice and Bob) each have private data (respectively, a and b) and seek to compute some function f(a; b) without revealing to each other anything unintended (i.e., anything other than what can be inferred from knowing f ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
The general secure multiparty computation problem is when multiple parties (say, Alice and Bob) each have private data (respectively, a and b) and seek to compute some function f(a; b) without revealing to each other anything unintended (i.e., anything other than what can be inferred from knowing f(a; b)). It is well known that, in theory, the general secure multiparty computation problem is solvable using circuit evaluation protocols. While this approach is appealing in its generality, the communication complexity of the resulting protocols depend on the size of the circuit that expresses the functionality to be computed. As Goldreich has recently pointed out [6], using the solutions derived from these general results to solve specic problems can be impractical; problemspeci c solutions should be developed, for eciency reasons. This paper is a rst step in this direction for the area of computational geometry. We give simple solutions to some specic geometric problems, and in doing so we develop some building blocks that we believe will be useful in the solution of other geometric and combinatorial problems as well.
Secure Vickrey Auctions without Threshold Trust
, 2002
"... We argue that threshold trust is not an option in most of the reallife electronic auctions.We then propose two new cryptographic Vickrey auction schemes that involve, apart from the bidders and the seller S, an auction authority A so that unless S and A collude the outcome of auctions will be correc ..."
Abstract

Cited by 50 (13 self)
 Add to MetaCart
We argue that threshold trust is not an option in most of the reallife electronic auctions.We then propose two new cryptographic Vickrey auction schemes that involve, apart from the bidders and the seller S, an auction authority A so that unless S and A collude the outcome of auctions will be correct, and moreover, S will not get any information about the bids, while A will learn bid statistics. Further extensions make it possible to decrease damage that colluding S and A can do, and to construct (m + 1)st price auction schemes. The communication complexity between the S and A in mediumsize auctions is at least one order of magnitude less than in the NaorPinkasSumner scheme.
Protocols For Secure Remote Database Access With Approximate Matching
, 2000
"... Suppose that Bob has a database D and that Alice wants to perform a search query q on D (e.g., “is q in D?”). Since Alice is concerned about her privacy, she does not want Bob to know the query or the response to the query. How could this be done? There are elegant cryptographic techniques for solvi ..."
Abstract

Cited by 41 (10 self)
 Add to MetaCart
Suppose that Bob has a database D and that Alice wants to perform a search query q on D (e.g., “is q in D?”). Since Alice is concerned about her privacy, she does not want Bob to know the query or the response to the query. How could this be done? There are elegant cryptographic techniques for solving this problem under various constraints (such as “Bob should know neither nor the answer to the query ” and “Alice should learn nothing about D other than the answer to the query”), while optimizing various performance criteria (e.g., amount of communication). We consider the version of this problem where the query is of the type “is approximately in �? ” for a number of different notions of “approximate”, some of which arise in image processing and template matching, while others are of the stringedit type that arise in biological sequence comparisons. New techniques are needed in this framework of approximate searching, because each notion of “approximate equality” introduces its own set of difficulties; using encryption is more problematic in this framework because the items that are approximately equal cease to be so after encryption or cryptographic hashing. Practical protocols for solving such problems make possible new forms of ecommerce between proprietary database owners and customers who seek to query the database, with privacy.
Noninteractive Private Auctions
, 2001
"... We describe a new auction protocol that enjoys the following properties: the biddings are submitted noninteractively and no information beyond the result is disclosed. The protocol is efficient for a logarithmic number of players. Our solution uses a semitrusted third party T who learns no informa ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
We describe a new auction protocol that enjoys the following properties: the biddings are submitted noninteractively and no information beyond the result is disclosed. The protocol is efficient for a logarithmic number of players. Our solution uses a semitrusted third party T who learns no information provided that he does not collude with any participant. The robustness against active cheating players is achieved through an extra mechanism for fair encryption of a bit which is of independent interest. The scheme is based on homomorphic encryption but differs from general techniques of secure circuit evaluation by taking into account the level of each gate and allowing efficient computation of unbounded logical gates. In a scenario with a small numbers of players, we believe that our work may be of practical significance, especially for electronic transactions.
Fully Private Auctions in a constant number of rounds
, 2002
"... We present a new cryptographic auction protocol that prevents extraction of bid information despite any collusion of participants. This requirement is stronger than common assumptions in existing protocols that prohibit the collusion of certain thirdparties (e.g. distinct auctioneers) . Full privac ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
We present a new cryptographic auction protocol that prevents extraction of bid information despite any collusion of participants. This requirement is stronger than common assumptions in existing protocols that prohibit the collusion of certain thirdparties (e.g. distinct auctioneers) . Full privacy is obtained by using homomorphic encryption (e.g. ElGamal) and distributing the private key among the set of bidders. Bidders jointly compute the auction outcome on their own without uncovering any additional information in a constant number of rounds. No auctioneers or other trusted third parties are needed to resolve the auction. Yet, robustness is assured due to public verifiability of the entire protocol. The scheme can be applied to any uniformprice (or socalled (M + 1)stprice) auction. To the best of our knowledge, there is no other cryptographic auction protocol that achieves a similar level of privacy. The selling price is only revealed to the seller and the winning bidders themselves. In addition, we propose schemes that require more rounds but are computationally much more e#cient. 1
PrivacyPreserving Cooperative Scientific Computations
 IN 14TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP
, 2001
"... The growth of the Internet has triggered tremendous opportunities for cooperative computation, in which multiple parties need to jointly conduct computation tasks based on the private inputs they each supply. These computations could occur between mutually untrusted parties, or even between competit ..."
Abstract

Cited by 33 (6 self)
 Add to MetaCart
The growth of the Internet has triggered tremendous opportunities for cooperative computation, in which multiple parties need to jointly conduct computation tasks based on the private inputs they each supply. These computations could occur between mutually untrusted parties, or even between competitors. For example, two competing financial organizations might jointly invest in a project that must satisfy both organizations' private and valuable constraints. Today, to conduct such a computation, one must usually know the inputs from all the participants; however if nobody can be trusted enough to know all the inputs, privacy will become a primary concern. Linear
Secure and Private Sequence Comparisons
 In WPES’03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society
, 2003
"... We give an e#cient protocol for sequence comparisons of the editdistance kind, such that neither party reveals anything about their private sequence to the other party (other than what can be inferred from the edit distance between their two sequences  which is unavoidable because computing that ..."
Abstract

Cited by 31 (7 self)
 Add to MetaCart
We give an e#cient protocol for sequence comparisons of the editdistance kind, such that neither party reveals anything about their private sequence to the other party (other than what can be inferred from the edit distance between their two sequences  which is unavoidable because computing that distance is the purpose of the protocol). The amount of communication done by our protocol is proportional to the time complexity of the bestknown algorithm for performing the sequence comparison.