Results 1  10
of
161
Privacypreserving set operations
 in Advances in Cryptology  CRYPTO 2005, LNCS
, 2005
"... In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no part ..."
Abstract

Cited by 158 (0 self)
 Add to MetaCart
(Show Context)
In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no party learns more information about other parties ’ private input sets than what can be deduced from the result. In this paper, we propose efficient techniques for privacypreserving operations on multisets. By employing the mathematical properties of polynomials, we build a framework of efficient, secure, and composable multiset operations: the union, intersection, and element reduction operations. We apply these techniques to a wide range of practical problems, achieving more efficient results than those of previous work.
Private Circuits: Securing Hardware against Probing Attacks
 In Proceedings of CRYPTO 2003
, 2003
"... Abstract. Can you guarantee secrecy even if an adversary can eavesdrop on your brain? We consider the problem of protecting privacy in circuits, when faced with an adversary that can access a bounded number of wires in the circuit. This question is motivated by side channel attacks, which allow an a ..."
Abstract

Cited by 130 (7 self)
 Add to MetaCart
Abstract. Can you guarantee secrecy even if an adversary can eavesdrop on your brain? We consider the problem of protecting privacy in circuits, when faced with an adversary that can access a bounded number of wires in the circuit. This question is motivated by side channel attacks, which allow an adversary to gain partial access to the inner workings of hardware. Recent work has shown that side channel attacks pose a serious threat to cryptosystems implemented in embedded devices. In this paper, we develop theoretical foundations for security against side channels. In particular, we propose several efficient techniques for building private circuits resisting this type of attacks. We initiate a systematic study of the complexity of such private circuits, and in contrast to most prior work in this area provide a formal threat model and give proofs of security for our constructions.
Efficient Multiparty Computations Secure Against an Adaptive Adversary
, 1999
"... We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the securechannels model, where a broadcast channel is given and a nonzero error probability is allowed. In this model Rabin and BenOr proposed VSS and MPC protocols secure against an adversary that can corrupt a ..."
Abstract

Cited by 87 (21 self)
 Add to MetaCart
We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the securechannels model, where a broadcast channel is given and a nonzero error probability is allowed. In this model Rabin and BenOr proposed VSS and MPC protocols secure against an adversary that can corrupt any minority of the players. In this paper, we first observe that a subprotocol of theirs, known as weak secret sharing (WSS), is not secure against an adaptive adversary, contrary to what was believed earlier. We then propose new and adaptively secure protocols for WSS, VSS and MPC that are substantially more efficient than the original ones. Our protocols generalize easily to provide security against general Q²adversaries.
Distributing Trust on the Internet
 in Proc. International Conference on Dependable Systems and Networks (DSN2001
, 2000
"... This paper describes an architecture for secure and faulttolerant service replication in an asynchronous network such as the Internet, where a malicious adversary may corrupt some servers and control the network. It relies on recent protocols for randomized Byzantine agreement and for atomic broadc ..."
Abstract

Cited by 43 (7 self)
 Add to MetaCart
(Show Context)
This paper describes an architecture for secure and faulttolerant service replication in an asynchronous network such as the Internet, where a malicious adversary may corrupt some servers and control the network. It relies on recent protocols for randomized Byzantine agreement and for atomic broadcast, which exploit concepts from threshold cryptography. The model and its assumptions are discussed in detail and compared to related work from the last decade in the first part of this work, and an overview of the broadcast protocols in the architecture is provided. The standard approach in faulttolerant distributed systems is to assume that at most a certain fraction of servers fails. In the second part, novel general failure patterns and corresponding protocols are introduced. They allow for realistic modeling of realworld trust assumptions, beyond (weighted) threshold models. Finally, it is discussed how three different applications can be realized using such an architecture: ...
Distributed PseudoRandom Functions and KDCs
 ADVANCES IN CRYPTOLOGY: EUROCRYPT '99, VOLUME 1592 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1999
"... This work describes schemes for distributing between n servers the evaluation of a function f which is an approximation to a random function, such that only authorized subsets of servers are able to compute the function. A user who wants to compute f(x) should send x to the members of an authorize ..."
Abstract

Cited by 43 (0 self)
 Add to MetaCart
This work describes schemes for distributing between n servers the evaluation of a function f which is an approximation to a random function, such that only authorized subsets of servers are able to compute the function. A user who wants to compute f(x) should send x to the members of an authorized subset and receive information which enables him to compute f(x). We require that such a scheme is consistent, i.e. that given an input x all authorized subsets compute the same value f(x). The solutions we present enable the operation of many servers, preventing bottlenecks or single points of failure. There are also no single entities which can compromise the security of the entire network. The solutions can be used to distribute the operation of a Key Distribution Center (KDC). They are far better than the known partitioning to domains or replication solutions to this problem, and are especially suited to handle users of multicast groups.
Efficient Secure MultiParty Computation
, 2000
"... ) Martin Hirt 1 , Ueli Maurer 1 , and Bartosz Przydatek 2?? 1 ETH Zurich, Switzerland, fhirt,maurerg@inf.ethz.ch 2 Carnegie Mellon University, USA, bartosz@cs.cmu.edu Asiacrypt 2000 Abstract. Since the introduction of secure multiparty computation, all proposed protocols that provide s ..."
Abstract

Cited by 35 (7 self)
 Add to MetaCart
) Martin Hirt 1 , Ueli Maurer 1 , and Bartosz Przydatek 2?? 1 ETH Zurich, Switzerland, fhirt,maurerg@inf.ethz.ch 2 Carnegie Mellon University, USA, bartosz@cs.cmu.edu Asiacrypt 2000 Abstract. Since the introduction of secure multiparty computation, all proposed protocols that provide security against cheating players suer from very high communication complexities. The most ecient unconditionally secure protocols among n players, tolerating cheating by up to t < n=3 of them, require communicating O(n 6 ) eld elements for each multiplication of two elements, even if only one player cheats. In this paper, we propose a perfectly secure multiparty protocol which requires communicating O(n 3 ) eld elements per multiplication. In this protocol, the number of invocations of the broadcast primitive is independent of the size of the circuit to be computed. The proposed techniques are generic and apply to other protocols for robust distributed computations. Furthe...
Parallel Reducibility for InformationTheoretically Secure Computation
 In Proc. of Crypto, SpringerVerlag (LNCS 1880
, 2000
"... Abstract. Secure Function Evaluation (SFE) protocols are very hard to design, and reducibility has been recognized as a highly desirable property of SFE protocols. Informally speaking, reducibility (sometimes called modular composition) is the automatic ability to break up the design of complex SFE ..."
Abstract

Cited by 32 (9 self)
 Add to MetaCart
Abstract. Secure Function Evaluation (SFE) protocols are very hard to design, and reducibility has been recognized as a highly desirable property of SFE protocols. Informally speaking, reducibility (sometimes called modular composition) is the automatic ability to break up the design of complex SFE protocols into several simpler, individually secure components. Despite much effort, only the most basic type of reducibility, sequential reducibility (where only a single subprotocol can be run at a time), has been considered and proven to hold for a specific class of SFE protocols. Unfortunately, sequential reducibility does not allow one to save on the number of rounds (often the most expensive resource in a distributed setting), and achieving more general notions is not easy (indeed, certain SFE notions provably enjoy sequential reducibility, but fail to enjoy more general ones). In this paper, for informationtheoretic SFE protocols, we • Formalize the notion of parallel reducibility, where subprotocols can be run at the same time; • Clarify that there are two distinct forms of parallel reducibility: ⋆ Concurrent reducibility, which applies when the order of the subprotocol calls is not important (and which reduces the round complexity dramatically as compared to sequential reducibility); and ⋆ Synchronous reducibility, which applies when the subprotocols must be executed simultaneously (and which allows modular design in settings where sequential reducibility does not even apply). • Show that a large class of SFE protocols (i.e., those satisfying a slight modification of the original definition of Micali and Rogaway [15]) provably enjoy (both forms of) parallel reducibility. 1
Secure MultiParty Computation Made Simple
 IN COMMUNICATION NETWORKS
, 2002
"... A simple approach to secure multiparty computation is presented. Unlike ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
A simple approach to secure multiparty computation is presented. Unlike
Perfect ConstantRound Secure Computation via Perfect Randomizing Polynomials
 In Proc. 29th ICALP
, 2002
"... Various informationtheoretic constantround secure multiparty protocols are known for classes such as NC and polynomialsize branching programs [1, 13, 18, 3, 19, 10]. All these protocols have a small probability of failure, or alternatively use an expected constant number of rounds, suggesti ..."
Abstract

Cited by 31 (17 self)
 Add to MetaCart
Various informationtheoretic constantround secure multiparty protocols are known for classes such as NC and polynomialsize branching programs [1, 13, 18, 3, 19, 10]. All these protocols have a small probability of failure, or alternatively use an expected constant number of rounds, suggesting that this might be an inherent phenomenon. In the current paper we prove that this is not the case by presenting several constructions of perfect constantround protocols.
Secure Distributed Linear Algebra in a Constant Number of Rounds
 In Proc. Crypto
, 2000
"... . Consider a network of processors among which elements in ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
(Show Context)
. Consider a network of processors among which elements in