Results 1  10
of
37
Multiparty Communication Complexity
, 1989
"... A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boo ..."
Abstract

Cited by 689 (20 self)
 Add to MetaCart
A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boolean answer deterministically with only a polynomial increase in communication with respect to the information lower bound given by the nondeterministic communication complexity of the function.
Protecting Data Privacy in Private Information Retrieval Schemes
 JCSS
"... Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for suc ..."
Abstract

Cited by 125 (21 self)
 Add to MetaCart
Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity.
Player simulation and general adversary structures in perfect multiparty computation
, 2000
"... The goal of secure multiparty computation is to transform a given protocol involving a trusted party into a protocol without need for the trusted party, by simulating the party among the players. Indeed, by the same means, one can simulate an arbitrary player in any given protocol. We formally defin ..."
Abstract

Cited by 79 (10 self)
 Add to MetaCart
The goal of secure multiparty computation is to transform a given protocol involving a trusted party into a protocol without need for the trusted party, by simulating the party among the players. Indeed, by the same means, one can simulate an arbitrary player in any given protocol. We formally define what it means to simulate a player by a multiparty protocol among a set of (new) players, and we derive the resilience of the new protocol as a function of the resiliences of the original protocol and the protocol used for the simulation. In contrast to all previous protocols that specify the tolerable adversaries by the number of corruptible players (a threshold), we consider general adversaries characterized by an adversary structure, a set of subsets of the player set, where the adversary may corrupt the players of one set in the structure. Recursively applying the simulation technique to standard threshold multiparty protocols results in protocols secure against general adversaries. The classical results in unconditional multiparty computation among a set of n players state that, in the passive model, any adversary that corrupts less than n=2 players can be tolerated, and in the active model, any adversary that corrupts less than n=3 players can be tolerated. Strictly generalizing
Private Simultaneous Messages Protocols with Applications
 In Proc. of 5th ISTCS
, 1997
"... We study the Private Simultaneous Messages (PSM) model which is a variant of the model proposed in [15]. In the PSM model there are n players P 1 ; : : : ; Pn , each player P i holding a secret input x i (say, a bit), and all having access to a common random string. Each player sends a single messag ..."
Abstract

Cited by 29 (12 self)
 Add to MetaCart
We study the Private Simultaneous Messages (PSM) model which is a variant of the model proposed in [15]. In the PSM model there are n players P 1 ; : : : ; Pn , each player P i holding a secret input x i (say, a bit), and all having access to a common random string. Each player sends a single message to a special player, Carol, depending on its own input and the random string (and independently of all other messages). Based on these messages, Carol should be able to compute f(x 1 ; : : : ; xn ) (for some predetermined function f) but should learn no additional information on the values of x 1 ; : : : ; xn .
Complexity and Security of Distributed Protocols
, 1993
"... This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the c ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the complexity (cryptographic) assumptions that are made. We present new protocols, both for general secure computation (i.e., of any function over a finite domain) and for specific tasks (e.g., electronic money). We investigate fundamental relationships among security needs and various resource requirements, with an emphasis on communication complexity. A number of mathematical methods are employed for our investigations, including algebraic, graphtheoretic, and cryptographic techniques.
On the Structure of the Privacy Hierarchy
, 1994
"... An N argument function f(x 1 ; : : : ; xN ) is called t  private if there exists a protocol for computing f so that no coalition of at most t parties can infer any additional information from the execution, other than the value of the function. The motivation of this work is to understand what lev ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
An N argument function f(x 1 ; : : : ; xN ) is called t  private if there exists a protocol for computing f so that no coalition of at most t parties can infer any additional information from the execution, other than the value of the function. The motivation of this work is to understand what levels of privacy are attainable. So far, only two levels of privacy were known for N argument functions which are defined over finite domains: Functions that are N  private, and functions that are b(N \Gamma 1)=2c  private but not dN=2e  private. In this work, we show that the privacy hierarchy for Nargument functions which are defined over finite domains, has exactly d(N + 1)=2e levels. We prove this by constructing, for any dN=2e t N \Gamma 2, an Nargument function which is t  private but not t + 1  private. Keywords: private functions, privacy hierarchy, distributed computing. 1 Introduction An Nargument function f(x 1 ; : : : ; xN ) is called t  private if there exists ...
Privacy, Additional Information, and Communication
 IEEE Transactions on Information Theory
, 1993
"... Two parties, each holding one input of a twovariable function, communicate in order to determine the value of the function. Each party wants to expose as little of its input as possible to the other party. We prove tight bounds on the minimum amount of information about the individual inputs that m ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
(Show Context)
Two parties, each holding one input of a twovariable function, communicate in order to determine the value of the function. Each party wants to expose as little of its input as possible to the other party. We prove tight bounds on the minimum amount of information about the individual inputs that must be revealed in the computation of most functions and of some specific ones, and show that a computation that reveals little information about the individual inputs may require many more message exchanges than a more revealing computation. Key words: Private distributed protocols, additionalinformation, communicationcomplexity, roundscomplexity. 1 Introduction Let f be a function of two nbit inputs, x and y. Two honest parties, PX holding x and P Y having y, each with unlimited computing power, communicate to determine f(x; y). Each party wants to keep as much of its input secret from the other party. For some privately computable functions this can be done without revealing any mo...
Characterizing Linear Size Circuits in Terms of Privacy
, 1996
"... In this paper we prove a perhaps unexpected relationship between the complexity class of the boolean functions that have linear size circuits, and nparty private protocols. ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
In this paper we prove a perhaps unexpected relationship between the complexity class of the boolean functions that have linear size circuits, and nparty private protocols.
A RandomnessRounds Tradeoff in Private Computation
"... We study the role of randomness in multiparty private computations. In particular, we give several results that prove the existence of a randomnessrounds tradeoff in multiparty private computation of xor. We show that with a single random bit, Θ(n) rounds are necessary and sufficient to ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We study the role of randomness in multiparty private computations. In particular, we give several results that prove the existence of a randomnessrounds tradeoff in multiparty private computation of xor. We show that with a single random bit, &Theta;(n) rounds are necessary and sufficient to privately compute xor of n input bits. With d&ge;2 random bits, &Omega;(log n / d) rounds are necessary, and O(log n / log d) are sufficient. More generally...
A quantitative approach to reductions in secure computation
 In Proc. of 1st TCC
, 2004
"... Secure computation is one of the most fundamental cryptographic tasks. It is known that all functions can be computed securely in the information theoretic setting, given access to a black box for some complete function such as AND. However, without such a black box, not all functions can be securel ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Secure computation is one of the most fundamental cryptographic tasks. It is known that all functions can be computed securely in the information theoretic setting, given access to a black box for some complete function such as AND. However, without such a black box, not all functions can be securely computed. This gives rise to two types of functions, those that can be computed without a black box (“easy”) and those that cannot (“hard”). However, no further distinction among the hard functions is made. In this paper, we take a quantitative approach, associating with each function f the minimal number of calls to the black box that are required for securely computing f. Such an approach was taken before, mostly in an adhoc manner, for specific functions f of interest. We propose a systematic study, towards a general characterization of the hierarchy according to the number of blackbox calls. This approach leads to a better understanding of the inherent complexity for securely computing a given function f. Furthermore, minimizing the number of calls to the black box can lead to more efficient protocols when the calls to the black box are replaced by a secure protocol. We take a first step in this study, by considering the twoparty, honestbutcurious, informationtheoretic case. For this setting, we provide a complete characterization for deterministic protocols. We explore the hierarchy for randomized protocols as well, giving upper and lower bounds, and comparing it to the deterministic hierarchy. We show that for every Boolean function the largest gap between randomized and deterministic protocols is at most exponential, and there are functions which exhibit such a gap.