Results 1  10
of
82
Multiparty Communication Complexity
, 1989
"... A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boo ..."
Abstract

Cited by 766 (22 self)
 Add to MetaCart
A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boolean answer deterministically with only a polynomial increase in communication with respect to the information lower bound given by the nondeterministic communication complexity of the function.
Perfectly Secure Message Transmission
, 1990
"... We study the problem of perfectly secure communication in a general network in which processors and communication lines may be faulty. Lower bounds are obtained on the connectivity required for successful secure communication. Efficient algorithms are obtained that operate with this connectivity an ..."
Abstract

Cited by 136 (5 self)
 Add to MetaCart
We study the problem of perfectly secure communication in a general network in which processors and communication lines may be faulty. Lower bounds are obtained on the connectivity required for successful secure communication. Efficient algorithms are obtained that operate with this connectivity and rely on no complexity theoretic assumptions. These are the first algorithms for secure communication in a general network to simultaneously achieve the three goals of perfect secrecy, perfect resiliency, and worst case time linear in the diameter of the network.
Fast Randomized Consensus using Shared Memory
 Journal of Algorithms
, 1988
"... We give a new randomized algorithm for achieving consensus among asynchronous processes that communicate by reading and writing shared registers. The fastest previously known algorithm has exponential expected running time. Our algorithm is polynomial, requiring an expected O(n 4 ) operations ..."
Abstract

Cited by 136 (32 self)
 Add to MetaCart
(Show Context)
We give a new randomized algorithm for achieving consensus among asynchronous processes that communicate by reading and writing shared registers. The fastest previously known algorithm has exponential expected running time. Our algorithm is polynomial, requiring an expected O(n 4 ) operations. Applications of this algorithm include the elimination of critical sections from concurrent data structures and the construction of asymptotically unbiased shared coins.
The Round Complexity of Secure Protocols
, 1990
"... ) Donald Beaver Harvard University Silvio Micali y MIT Phillip Rogaway y MIT Abstract In a network of n players, each player i having private input x i , we show how the players can collaboratively evaluate a function f(x 1 ; : : : ; xn ) in a way that does not compromise the privacy of the pla ..."
Abstract

Cited by 121 (3 self)
 Add to MetaCart
) Donald Beaver Harvard University Silvio Micali y MIT Phillip Rogaway y MIT Abstract In a network of n players, each player i having private input x i , we show how the players can collaboratively evaluate a function f(x 1 ; : : : ; xn ) in a way that does not compromise the privacy of the players' inputs, and yet requires only a constant number of rounds of interaction. The underlying model of computation is a complete network of private channels, with broadcast, and a majority of the players must behave honestly. Our solution assumes the existence of a oneway function. 1 Introduction Secure function evaluation. Assume we have n parties, 1; : : : ; n; each party i has a private input x i known only to him. The parties want to correctly evaluate a given function f on their inputs, that is to compute y = f(x 1 ; : : : ; xn ), while maintaining the privacy of their own inputs. That is, they do not want to reveal more than the value y implicitly reveals. Secure function evaluat...
The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untraceability with Computationally Secure Serviceability
, 1989
"... In Journal of Cryptology 1/1 (1988) 6575 ( = [Chau_88]), David Chaum describes a beautiful technique, the DCnet, which should allow participants to send and receive messages anonymously in an arbitrary network. The untraceability of the senders is proved to be unconditional, but that of the recipi ..."
Abstract

Cited by 81 (1 self)
 Add to MetaCart
In Journal of Cryptology 1/1 (1988) 6575 ( = [Chau_88]), David Chaum describes a beautiful technique, the DCnet, which should allow participants to send and receive messages anonymously in an arbitrary network. The untraceability of the senders is proved to be unconditional, but that of the recipients implicitly assumes a reliable broadcast network. This assumption is unrealistic in some networks, but it can be removed completely by using the failstop key generation schemes by Waidner (these proceedings, = [Waid_89]). In both cases, however, each participant can untraceably and permanently disrupt the entire DCnet. We present a protocol which guarantees unconditional untraceability, the original goal of the DCnet, on the inseparability assumption (i.e. the attacker must be unable to prevent honest participants from communicating, which is considerably less than reliable broadcast), and computationally secure serviceability: Computationally restricted disrupters can be identified and removed from the DCnet. On the one hand, our solution is based on the lovely idea by David Chaum [Chau_88 § 2.5] of setting traps for disrupters. He suggests a scheme to guarantee unconditional untraceability and computationally secure serviceability, too, but on the reliable broadcast assumption. The same scheme seems to be used by
Fully Polynomial Byzantine Agreement for n>3t Processors in t+ 1 Rounds
 SIAM J. of Computing
, 1998
"... ..."
(Show Context)
Complete characterization of adversaries tolerable in secure multiparty computation
 Proc. 16th ACM Symposium on Principles of Distributed Computing (PODC
, 1997
"... Abstract The classical results in unconditional multiparty computation among a set of n players state that less than n=2 passive or less than n=3 active adversaries can be tolerated; assuming a broadcast channel the threshold for active adversaries is n=2. Strictly generalizing these results we spe ..."
Abstract

Cited by 74 (11 self)
 Add to MetaCart
(Show Context)
Abstract The classical results in unconditional multiparty computation among a set of n players state that less than n=2 passive or less than n=3 active adversaries can be tolerated; assuming a broadcast channel the threshold for active adversaries is n=2. Strictly generalizing these results we specify the set of potentially misbehaving players as an arbitrary set of subsets of the player set. We prove the necessary and sufficient conditions for the existence of secure multiparty protocols in terms of the potentially misbehaving player sets. For every function there exists a protocol secure against a set of potential passive collusions if and only if no two of these collusions add up to the full player set. The same condition applies for active adversaries when assuming a broadcast channel. Without broadcast channels, for every function there exists a protocol secure against a set of potential active adverse player sets if and only if no three of these sets add up to the full player set. The complexities of the protocols not using a broadcast channel are polynomial, that of the protocol with broadcast is only slightly higher.
Unconditional Sender and Recipient Untraceability in spite of Active Attacks
, 1989
"... . A protocol is described which allows to send and receive messages anonymously using an arbitrary communication network, and it is proved to be unconditionally secure. This improves a result by DAVID CHAUM: The DCnet guarantees the same, but on the assumption of a reliable broadcast network. Since ..."
Abstract

Cited by 48 (1 self)
 Add to MetaCart
. A protocol is described which allows to send and receive messages anonymously using an arbitrary communication network, and it is proved to be unconditionally secure. This improves a result by DAVID CHAUM: The DCnet guarantees the same, but on the assumption of a reliable broadcast network. Since unconditionally secure Byzantine Agreement cannot be achieved, such a reliable broadcast network cannot be realized by algorithmic means. The solution proposed here, the DC + net, uses the DCnet, but replaces the reliable broadcast network by a failstop one. By choosing the keys necessary for the DCnet dependently on the previously broadcast messages, the failstop broadcast can be achieved unconditionally secure and without increasing the complexity of the DCnet significantly, using an arbitrary communication network. Categories and Subject Descriptors: C.2.0 [ComputerCommunication Networks]: General  Security and protection, E.3 [Data Encryption], F.2.1 [Analysis of Algorithms...
Maintaining Authenticated Communication in the Presence of Breakins
 Journal of Cryptology
, 1998
"... We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and pe ..."
Abstract

Cited by 42 (6 self)
 Add to MetaCart
(Show Context)
We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and perhaps modified. Yet, we want parties whose security is thus compromised to regain their ability to communicate in an authenticated way aided by other parties. In this work we present a mathematical model for this highly adversarial setting, exhibiting salient properties and parameters, and then describe a practicallyappealing protocol for the task of maintaining authenticated communication in this model. A key element in our solution is devising proactive distributed signature (PDS) schemes in our model. Although PDS schemes are known in the literature, they are all designed for a model where authenticated communication and broadcast primitives are available. We therefore show how t...