Results 1  10
of
65
Multiparty Communication Complexity
, 1989
"... A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boo ..."
Abstract

Cited by 614 (21 self)
 Add to MetaCart
A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boolean answer deterministically with only a polynomial increase in communication with respect to the information lower bound given by the nondeterministic communication complexity of the function.
Fast Randomized Consensus using Shared Memory
 Journal of Algorithms
, 1988
"... We give a new randomized algorithm for achieving consensus among asynchronous processes that communicate by reading and writing shared registers. The fastest previously known algorithm has exponential expected running time. Our algorithm is polynomial, requiring an expected O(n 4 ) operations ..."
Abstract

Cited by 129 (31 self)
 Add to MetaCart
We give a new randomized algorithm for achieving consensus among asynchronous processes that communicate by reading and writing shared registers. The fastest previously known algorithm has exponential expected running time. Our algorithm is polynomial, requiring an expected O(n 4 ) operations. Applications of this algorithm include the elimination of critical sections from concurrent data structures and the construction of asymptotically unbiased shared coins.
Perfectly Secure Message Transmission
, 1990
"... We study the problem of perfectly secure communication in a general network in which processors and communication lines may be faulty. Lower bounds are obtained on the connectivity required for successful secure communication. Efficient algorithms are obtained that operate with this connectivity an ..."
Abstract

Cited by 102 (3 self)
 Add to MetaCart
We study the problem of perfectly secure communication in a general network in which processors and communication lines may be faulty. Lower bounds are obtained on the connectivity required for successful secure communication. Efficient algorithms are obtained that operate with this connectivity and rely on no complexity theoretic assumptions. These are the first algorithms for secure communication in a general network to simultaneously achieve the three goals of perfect secrecy, perfect resiliency, and worst case time linear in the diameter of the network.
The Round Complexity of Secure Protocols
, 1990
"... ) Donald Beaver Harvard University Silvio Micali y MIT Phillip Rogaway y MIT Abstract In a network of n players, each player i having private input x i , we show how the players can collaboratively evaluate a function f(x 1 ; : : : ; xn ) in a way that does not compromise the privacy of the pla ..."
Abstract

Cited by 90 (2 self)
 Add to MetaCart
) Donald Beaver Harvard University Silvio Micali y MIT Phillip Rogaway y MIT Abstract In a network of n players, each player i having private input x i , we show how the players can collaboratively evaluate a function f(x 1 ; : : : ; xn ) in a way that does not compromise the privacy of the players' inputs, and yet requires only a constant number of rounds of interaction. The underlying model of computation is a complete network of private channels, with broadcast, and a majority of the players must behave honestly. Our solution assumes the existence of a oneway function. 1 Introduction Secure function evaluation. Assume we have n parties, 1; : : : ; n; each party i has a private input x i known only to him. The parties want to correctly evaluate a given function f on their inputs, that is to compute y = f(x 1 ; : : : ; xn ), while maintaining the privacy of their own inputs. That is, they do not want to reveal more than the value y implicitly reveals. Secure function evaluat...
Fully Polynomial Byzantine Agreement for n>3t Processors in t+1 Rounds
 SIAM Journal of Computing
, 1998
"... . This paper presents a polynomialtime protocol for reaching Byzantine agreement in t + 1 rounds whenever n ? 3t, where n is the number of processors and t is an a priori upper bound on the number of failures. This resolves an open problem presented by Pease, Shostak and Lamport in 1980. An earlys ..."
Abstract

Cited by 66 (5 self)
 Add to MetaCart
. This paper presents a polynomialtime protocol for reaching Byzantine agreement in t + 1 rounds whenever n ? 3t, where n is the number of processors and t is an a priori upper bound on the number of failures. This resolves an open problem presented by Pease, Shostak and Lamport in 1980. An earlystopping variant of this protocol is also presented, reaching agreement in a number of rounds that is proportional to the number of processors that actually fail. SICOMP 271 (1998), pp.247290 Key words. Byzantine agreement, consensus, distributed computing, fault tolerance, computer security. AMS subject classifications. 68M10, 68M15, 68Q22, 94C12 1. Introduction. The Byzantine agreement problem (BA), introduced by Pease, Shostak and Lamport in [22], is recognized as a fundamental problem in faulttolerant distributed computing. Over the last decade or more, the problem has received a great deal of attention in the literature, and has become a testbed for a variety of models for distrib...
Complete characterization of adversaries tolerable in secure multiparty computation
 Proc. 16th ACM Symposium on Principles of Distributed Computing (PODC
, 1997
"... Abstract The classical results in unconditional multiparty computation among a set of n players state that less than n=2 passive or less than n=3 active adversaries can be tolerated; assuming a broadcast channel the threshold for active adversaries is n=2. Strictly generalizing these results we spe ..."
Abstract

Cited by 64 (11 self)
 Add to MetaCart
Abstract The classical results in unconditional multiparty computation among a set of n players state that less than n=2 passive or less than n=3 active adversaries can be tolerated; assuming a broadcast channel the threshold for active adversaries is n=2. Strictly generalizing these results we specify the set of potentially misbehaving players as an arbitrary set of subsets of the player set. We prove the necessary and sufficient conditions for the existence of secure multiparty protocols in terms of the potentially misbehaving player sets. For every function there exists a protocol secure against a set of potential passive collusions if and only if no two of these collusions add up to the full player set. The same condition applies for active adversaries when assuming a broadcast channel. Without broadcast channels, for every function there exists a protocol secure against a set of potential active adverse player sets if and only if no three of these sets add up to the full player set. The complexities of the protocols not using a broadcast channel are polynomial, that of the protocol with broadcast is only slightly higher.
The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untraceability with Computationally Secure Serviceability
, 1989
"... In Journal of Cryptology 1/1 (1988) 6575 ( = [Chau_88]), David Chaum describes a beautiful technique, the DCnet, which should allow participants to send and receive messages anonymously in an arbitrary network. The untraceability of the senders is proved to be unconditional, but that of the recipi ..."
Abstract

Cited by 62 (1 self)
 Add to MetaCart
In Journal of Cryptology 1/1 (1988) 6575 ( = [Chau_88]), David Chaum describes a beautiful technique, the DCnet, which should allow participants to send and receive messages anonymously in an arbitrary network. The untraceability of the senders is proved to be unconditional, but that of the recipients implicitly assumes a reliable broadcast network. This assumption is unrealistic in some networks, but it can be removed completely by using the failstop key generation schemes by Waidner (these proceedings, = [Waid_89]). In both cases, however, each participant can untraceably and permanently disrupt the entire DCnet. We present a protocol which guarantees unconditional untraceability, the original goal of the DCnet, on the inseparability assumption (i.e. the attacker must be unable to prevent honest participants from communicating, which is considerably less than reliable broadcast), and computationally secure serviceability: Computationally restricted disrupters can be identified and removed from the DCnet. On the one hand, our solution is based on the lovely idea by David Chaum [Chau_88 § 2.5] of setting traps for disrupters. He suggests a scheme to guarantee unconditional untraceability and computationally secure serviceability, too, but on the reliable broadcast assumption. The same scheme seems to be used by
Maintaining Authenticated Communication in the Presence of Breakins
 Journal of Cryptology
, 1998
"... We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and pe ..."
Abstract

Cited by 40 (6 self)
 Add to MetaCart
We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and perhaps modified. Yet, we want parties whose security is thus compromised to regain their ability to communicate in an authenticated way aided by other parties. In this work we present a mathematical model for this highly adversarial setting, exhibiting salient properties and parameters, and then describe a practicallyappealing protocol for the task of maintaining authenticated communication in this model. A key element in our solution is devising proactive distributed signature (PDS) schemes in our model. Although PDS schemes are known in the literature, they are all designed for a model where authenticated communication and broadcast primitives are available. We therefore show how t...
Faulttolerant data structures
 In Proceedings of 37th IEEE FOCS
, 1996
"... We consider the tolerance of data structures to memory faults. We observe that many pointerbased data structures (e.g. linked lists, trees, etc.) are highly nonresilient to faults. A single fault in a linked list or tree may result in the loss of the entire set of data. In this paper we present a f ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
We consider the tolerance of data structures to memory faults. We observe that many pointerbased data structures (e.g. linked lists, trees, etc.) are highly nonresilient to faults. A single fault in a linked list or tree may result in the loss of the entire set of data. In this paper we present a formal framework for studying the fault tolerance properties of pointerbased data structures, and we provide fault tolerant versions of the stack, the linked list, and the dictionary tree. 1