Results 1  10
of
51
Universally composable security: A new paradigm for cryptographic protocols
, 2013
"... We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved ..."
Abstract

Cited by 611 (34 self)
 Add to MetaCart
We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general protocol composition operation, called universal composition. The proposed framework with its securitypreserving composition operation allows for modular design and analysis of complex cryptographic protocols from relatively simple building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol instances that run concurrently in an adversarially controlled manner. This is a useful guarantee, that allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.
Security and Composition of Multiparty Cryptographic Protocols
 JOURNAL OF CRYPTOLOGY
, 1998
"... We present general definitions of security for multiparty cryptographic protocols, with focus on the task of evaluating a probabilistic function of the parties' inputs. We show that, with respect to these definitions, security is preserved under a natural composition operation. The definitions f ..."
Abstract

Cited by 389 (18 self)
 Add to MetaCart
We present general definitions of security for multiparty cryptographic protocols, with focus on the task of evaluating a probabilistic function of the parties' inputs. We show that, with respect to these definitions, security is preserved under a natural composition operation. The definitions follow the general paradigm of known definitions; yet some substantial modifications and simplifications are introduced. The composition operation is the natural `subroutine substitution' operation, formalized by Micali and Rogaway. We consider several standard settings for multiparty protocols, including the cases of eavesdropping, Byzantine, nonadaptive and adaptive adversaries, as well as the informationtheoretic and the computational models. In particular, in the computational model we provide the first definition of security of protocols that is shown to be preserved under composition.
Efficient Multiparty Computations Secure Against an Adaptive Adversary
, 1999
"... We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the securechannels model, where a broadcast channel is given and a nonzero error probability is allowed. In this model Rabin and BenOr proposed VSS and MPC protocols secure against an adversary that can corrupt a ..."
Abstract

Cited by 67 (17 self)
 Add to MetaCart
We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the securechannels model, where a broadcast channel is given and a nonzero error probability is allowed. In this model Rabin and BenOr proposed VSS and MPC protocols secure against an adversary that can corrupt any minority of the players. In this paper, we first observe that a subprotocol of theirs, known as weak secret sharing (WSS), is not secure against an adaptive adversary, contrary to what was believed earlier. We then propose new and adaptively secure protocols for WSS, VSS and MPC that are substantially more efficient than the original ones. Our protocols generalize easily to provide security against general Q²adversaries.
Efficient Byzantine Agreement Secure Against General Adversaries (Extended Abstract)
 IN PROC. 12TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING (DISC
, 1998
"... This paper presents protocols for Byzantine agreement, i.e. for reliable broadcast, among a set of n players, some of which may be controlled by an adversary. It is wellknown that Byzantine agreement is possible if and only if the number of cheaters is less than n/3. In this paper we consider ..."
Abstract

Cited by 30 (8 self)
 Add to MetaCart
This paper presents protocols for Byzantine agreement, i.e. for reliable broadcast, among a set of n players, some of which may be controlled by an adversary. It is wellknown that Byzantine agreement is possible if and only if the number of cheaters is less than n/3. In this paper we consider a general adversary that is specified by a set of subsets of the player set (the adversary structure), and any one of these subsets may be corrupted by the adversary. The only condition we need is that no three of these subsets cover the full player set. A result of Hirt and Maurer implies that this condition is necessary and sufficient for the existence of a Byzantine agreement protocol, but the complexity of their protocols is generally exponential in the number of players. The purpose of this paper...
Secure Multiparty Computation Goes Live ⋆
"... Abstract. In this note, we report on the first largescale and practical application of multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. 1 Introduction and History In multiparty computation (MPC), we consider a number of pl ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
Abstract. In this note, we report on the first largescale and practical application of multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. 1 Introduction and History In multiparty computation (MPC), we consider a number of players P1,..., Pn, who initially each hold inputs x1,..., xn, and we then want to securely compute some function f on these inputs, where f(x1,..., xn) = (y1,..., yn), such that Pi learns yi but no other information. This should hold, even if players exhibit some amount of adversarial behavior. The goal can be accomplished by an interactive
Secure MultiParty Computation Made Simple
 IN COMMUNICATION NETWORKS
, 2002
"... A simple approach to secure multiparty computation is presented. Unlike ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
A simple approach to secure multiparty computation is presented. Unlike
Reducibility and Completeness In Private Computations
 SIAM J. Comput
"... We define the notions of reducibility and completeness in (two party and multiparty) private computations. Let g be an nargument function. We say that a function f is reducible to a function g if n honestbutcurious players can compute the function f nprivately, given a blackbox for g (for whi ..."
Abstract

Cited by 22 (7 self)
 Add to MetaCart
We define the notions of reducibility and completeness in (two party and multiparty) private computations. Let g be an nargument function. We say that a function f is reducible to a function g if n honestbutcurious players can compute the function f nprivately, given a blackbox for g (for which they secretly give inputs and get the result of operating g on these inputs). We say that g is complete (for private computations) if every function f is reducible to g. In this paper, we characterize the complete boolean functions: we show that a boolean function g is complete if and only if g itself cannot be computed nprivately (when there is no blackbox available). Namely, for boolean functions, the notions of completeness and nprivacy are complementary . This characterization gives a huge collection of complete functions (any nonprivate boolean function!) compared to very few examples given (implicitly) in previous work. On the other hand, for nonboolean functions, we show tha...
Efficient Multiparty Computations with Dishonest Minority
 IN EUROCRYPT '99
, 1998
"... We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the secure channels model, where a broadcast channel is given and a nonzero error probability is allowed. In this model Rabin and BenOr proposed VSS and MPC protocols, secure against an adversary that can corrupt a ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the secure channels model, where a broadcast channel is given and a nonzero error probability is allowed. In this model Rabin and BenOr proposed VSS and MPC protocols, secure against an adversary that can corrupt any minority of the players. In this paper, we first observe that a subprotocol of theirs, known as weak secret sharing (WSS), is not secure against an adaptive adversary, contrary to what was believed earlier. We then propose new and adaptively secure protocols for WSS, VSS and MPC that are substantially more ecient than the original ones. Our protocols generalize easily to provide security against general Q² adversaries.
Trading correctness for privacy in unconditional multiparty computation
 In Advances in Cryptology  CRYPTO '98, volume 1462 of Lecture Notes in Computer Science
, 1998
"... Abstract. This paper improves on the classical results in unconditionally secure multiparty computation among a set of n players, by considering a model with three simultaneously occurring types of player corruption: the adversary can actively corrupt (i.e. take full control over) up to ta players ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
Abstract. This paper improves on the classical results in unconditionally secure multiparty computation among a set of n players, by considering a model with three simultaneously occurring types of player corruption: the adversary can actively corrupt (i.e. take full control over) up to ta players and, additionally, can passively corrupt (i.e. read the entire information of) up to tp players and failcorrupt (i.e. stop the computation of) up to tf other players. The classical results in multiparty computation are for the special cases of only passive (ta = tf =0)or only active (tp = tf = 0) corruption. In the passive case, every function can be computed securely if and only if tp <n/2.Intheactivecase, every function can be computed securely if and only if ta <n/3; when a broadcast channel is available, then this bound is ta <n/2. These bounds are tight. Strictly improving these results, one of our results states that, in addition to tolerating ta <n/3 actively corrupted players, privacy can be
Efficient MultiParty Computation over Rings
 In Proc. EUROCRYPT ’03
, 2003
"... Abstract. Secure multiparty computation (MPC) is an active research area, and a wide range of literature can be found nowadays suggesting improvements and generalizations of existing protocols in various directions. However, all current techniques for secure MPC apply to functions that are represen ..."
Abstract

Cited by 14 (9 self)
 Add to MetaCart
Abstract. Secure multiparty computation (MPC) is an active research area, and a wide range of literature can be found nowadays suggesting improvements and generalizations of existing protocols in various directions. However, all current techniques for secure MPC apply to functions that are represented by (boolean or arithmetic) circuits over finite fields. We are motivated by two limitations of these techniques: – Generality. Existing protocols do not apply to computation over more general algebraic structures (except via a bruteforce simulation of computation in these structures). – Efficiency. The best known constantround protocols do not efficiently scale even to the case of large finite fields. Our contribution goes in these two directions. First, we propose a basis for unconditionally secure MPC over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a blackbox access to the ring operations and to random ring elements. Second, we extend these results to the constantround setting, and suggest efficiency improvements that are relevant also for the important special case of fields. We demonstrate the usefulness of the above results by presenting a novel application of MPC over (nonfield) rings to the roundefficient secure computation of the maximum function. 1