Results 1  10
of
31
Multiparty Communication Complexity
, 1989
"... A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boo ..."
Abstract

Cited by 623 (20 self)
 Add to MetaCart
A given Boolean function has its input distributed among many parties. The aim is to determine which parties to tMk to and what information to exchange with each of them in order to evaluate the function while minimizing the total communication. This paper shows that it is possible to obtain the Boolean answer deterministically with only a polynomial increase in communication with respect to the information lower bound given by the nondeterministic communication complexity of the function.
Protecting Data Privacy in Private Information Retrieval Schemes
 JCSS
"... Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for suc ..."
Abstract

Cited by 109 (19 self)
 Add to MetaCart
Private Information Retrieval (PIR) schemes allow a user to retrieve the ith bit of an nbit data string x, replicated in k 2 databases (in the informationtheoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity.
Player simulation and general adversary structures in perfect multiparty computation
, 2000
"... The goal of secure multiparty computation is to transform a given protocol involving a trusted party into a protocol without need for the trusted party, by simulating the party among the players. Indeed, by the same means, one can simulate an arbitrary player in any given protocol. We formally defin ..."
Abstract

Cited by 72 (9 self)
 Add to MetaCart
The goal of secure multiparty computation is to transform a given protocol involving a trusted party into a protocol without need for the trusted party, by simulating the party among the players. Indeed, by the same means, one can simulate an arbitrary player in any given protocol. We formally define what it means to simulate a player by a multiparty protocol among a set of (new) players, and we derive the resilience of the new protocol as a function of the resiliences of the original protocol and the protocol used for the simulation. In contrast to all previous protocols that specify the tolerable adversaries by the number of corruptible players (a threshold), we consider general adversaries characterized by an adversary structure, a set of subsets of the player set, where the adversary may corrupt the players of one set in the structure. Recursively applying the simulation technique to standard threshold multiparty protocols results in protocols secure against general adversaries. The classical results in unconditional multiparty computation among a set of n players state that, in the passive model, any adversary that corrupts less than n=2 players can be tolerated, and in the active model, any adversary that corrupts less than n=3 players can be tolerated. Strictly generalizing
Private Simultaneous Messages Protocols with Applications
 In Proc. of 5th ISTCS
, 1997
"... We study the Private Simultaneous Messages (PSM) model which is a variant of the model proposed in [15]. In the PSM model there are n players P 1 ; : : : ; Pn , each player P i holding a secret input x i (say, a bit), and all having access to a common random string. Each player sends a single messag ..."
Abstract

Cited by 25 (10 self)
 Add to MetaCart
We study the Private Simultaneous Messages (PSM) model which is a variant of the model proposed in [15]. In the PSM model there are n players P 1 ; : : : ; Pn , each player P i holding a secret input x i (say, a bit), and all having access to a common random string. Each player sends a single message to a special player, Carol, depending on its own input and the random string (and independently of all other messages). Based on these messages, Carol should be able to compute f(x 1 ; : : : ; xn ) (for some predetermined function f) but should learn no additional information on the values of x 1 ; : : : ; xn .
Complexity and Security of Distributed Protocols
, 1993
"... This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the c ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the complexity (cryptographic) assumptions that are made. We present new protocols, both for general secure computation (i.e., of any function over a finite domain) and for specific tasks (e.g., electronic money). We investigate fundamental relationships among security needs and various resource requirements, with an emphasis on communication complexity. A number of mathematical methods are employed for our investigations, including algebraic, graphtheoretic, and cryptographic techniques.
On the Structure of the Privacy Hierarchy
, 1994
"... An N argument function f(x 1 ; : : : ; xN ) is called t  private if there exists a protocol for computing f so that no coalition of at most t parties can infer any additional information from the execution, other than the value of the function. The motivation of this work is to understand what lev ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
An N argument function f(x 1 ; : : : ; xN ) is called t  private if there exists a protocol for computing f so that no coalition of at most t parties can infer any additional information from the execution, other than the value of the function. The motivation of this work is to understand what levels of privacy are attainable. So far, only two levels of privacy were known for N argument functions which are defined over finite domains: Functions that are N  private, and functions that are b(N \Gamma 1)=2c  private but not dN=2e  private. In this work, we show that the privacy hierarchy for Nargument functions which are defined over finite domains, has exactly d(N + 1)=2e levels. We prove this by constructing, for any dN=2e t N \Gamma 2, an Nargument function which is t  private but not t + 1  private. Keywords: private functions, privacy hierarchy, distributed computing. 1 Introduction An Nargument function f(x 1 ; : : : ; xN ) is called t  private if there exists ...
Characterizing Linear Size Circuits in Terms of Privacy
, 1996
"... In this paper we prove a perhaps unexpected relationship between the complexity class of the boolean functions that have linear size circuits, and nparty private protocols. ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
In this paper we prove a perhaps unexpected relationship between the complexity class of the boolean functions that have linear size circuits, and nparty private protocols.
Privacy, Additional Information, and Communication
 IEEE Transactions on Information Theory
, 1993
"... Two parties, each holding one input of a twovariable function, communicate in order to determine the value of the function. Each party wants to expose as little of its input as possible to the other party. We prove tight bounds on the minimum amount of information about the individual inputs that m ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Two parties, each holding one input of a twovariable function, communicate in order to determine the value of the function. Each party wants to expose as little of its input as possible to the other party. We prove tight bounds on the minimum amount of information about the individual inputs that must be revealed in the computation of most functions and of some specific ones, and show that a computation that reveals little information about the individual inputs may require many more message exchanges than a more revealing computation. Key words: Private distributed protocols, additionalinformation, communicationcomplexity, roundscomplexity. 1 Introduction Let f be a function of two nbit inputs, x and y. Two honest parties, PX holding x and P Y having y, each with unlimited computing power, communicate to determine f(x; y). Each party wants to keep as much of its input secret from the other party. For some privately computable functions this can be done without revealing any mo...
A RandomnessRounds Tradeoff in Private Computation
"... We study the role of randomness in multiparty private computations. In particular, we give several results that prove the existence of a randomnessrounds tradeoff in multiparty private computation of xor. We show that with a single random bit, Θ(n) rounds are necessary and sufficient to ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We study the role of randomness in multiparty private computations. In particular, we give several results that prove the existence of a randomnessrounds tradeoff in multiparty private computation of xor. We show that with a single random bit, &Theta;(n) rounds are necessary and sufficient to privately compute xor of n input bits. With d&ge;2 random bits, &Omega;(log n / d) rounds are necessary, and O(log n / log d) are sufficient. More generally...
Private Computations Over the Integers
, 1995
"... The subject of this work is the possibility of private distributed computations of n argument functions defined over the integers. A function f is tprivate if there exists a protocol for computing f , so that no coalition of at most t participants can infer any additional information from the exe ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
The subject of this work is the possibility of private distributed computations of n argument functions defined over the integers. A function f is tprivate if there exists a protocol for computing f , so that no coalition of at most t participants can infer any additional information from the execution of the protocol. It is known that over finite domains, every function can be computed b(n \Gamma 1)=2cprivately. Some functions, like addition, are even nprivate. We prove that this result cannot be extended to infinite domains. The possibility of privately computing f is shown to be closely related to the communication complexity of f . Using this relation, we show, for example, that nargument addition is b(n \Gamma 1)=2cprivate over the nonnegative integers, but not even 1private over all the integers. Finally, a complete characterization of tprivate Boolean functions over countable domains is given. A Boolean function is 1private if and only if its communication complexit...