## Secure multi-party computational geometry (2001)

Venue: | INTERNATIONAL WORKSHOP ON ALGORITHMS AND DATA STRUCTURES |

Citations: | 57 - 9 self |

### BibTeX

@INPROCEEDINGS{Atallah01securemulti-party,

author = {Mikhail J. Atallah and Wenliang Du},

title = {Secure multi-party computational geometry},

booktitle = {INTERNATIONAL WORKSHOP ON ALGORITHMS AND DATA STRUCTURES},

year = {2001},

pages = {165--179},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

The general secure multi-party computation problem is when multiple parties (say, Alice and Bob) each have private data (respectively, a and b) and seek to compute some function f(a; b) without revealing to each other anything unintended (i.e., anything other than what can be inferred from knowing f(a; b)). It is well known that, in theory, the general secure multi-party computation problem is solvable using circuit evaluation protocols. While this approach is appealing in its generality, the communication complexity of the resulting protocols depend on the size of the circuit that expresses the functionality to be computed. As Goldreich has recently pointed out [6], using the solutions derived from these general results to solve specic problems can be impractical; problem-speci c solutions should be developed, for eciency reasons. This paper is a rst step in this direction for the area of computational geometry. We give simple solutions to some specic geometric problems, and in doing so we develop some building blocks that we believe will be useful in the solution of other geometric and combinatorial problems as well.

### Citations

672 | Public-key cryptosystems based on composite degree residuosity classes
- Paillier
- 1999
(Show Context)
Citation Context ...property for some of our protocols: E k (x)E k (y) = E k (x+y). Many such systems exist, and examples include the systems by Benaloh [2], Naccache and Stern [10], Okamoto and Uchiyama [13], Paillier [=-=14], to -=-mention a few. A useful property of homomorphic encryption schemes is that an \addition" operation can be conduced based on the encrypted data without decrypting them. 4 Mikhail J. Atallah et al.... |

584 |
How to generate and exchange secrets
- Yao
- 1986
(Show Context)
Citation Context ...n what could be derived from the result. Of course all of the above problems, as well as other computational geometry problems, are special cases of the general Secure Multi-party Computation problem =-=[16, 9, 6]-=-. Generally speaking, a secure multi-party computation problem deals with computing a function on any input, in a distributed network where each participant holds one of the inputs, ensuring that no m... |

572 |
Protocols for secure computations
- Yao
- 1982
(Show Context)
Citation Context ...protocol used as a primitive in our solutions; The purpose of the protocol is to compare two private numbers (i.e., determine which is larger). This private comparison problem wassrst proposed by Yao =-=[15]-=- and is referred as Yao's Millionaire Problem (because two millionaires wish to know who is richer, without revealing any other information about their net worth). The early cryptographic solution by ... |

489 | A.: A randomized protocol for signing contracts
- Even, Goldreich, et al.
- 1985
(Show Context)
Citation Context ...ansfer Goldreich's circuit evaluation protocol uses the 1-out-of-N Oblivious Transfer, and our protocols in this paper also heavily depends on this protocol. An 1-out-of-N Oblivious Transfer protocol =-=[7, 4]-=- refers to a protocol where at the beginning of the protocol one party, Bob has N inputs X 1 ; : : : ; XN and at the end of the protocol the other party, Alice, learns one of the inputs X i for some 1... |

462 |
How to play any mental game
- Goldreich, Micali, et al.
- 1987
(Show Context)
Citation Context ...n what could be derived from the result. Of course all of the above problems, as well as other computational geometry problems, are special cases of the general Secure Multi-party Computation problem =-=[16, 9, 6]-=-. Generally speaking, a secure multi-party computation problem deals with computing a function on any input, in a distributed network where each participant holds one of the inputs, ensuring that no m... |

225 | Computationally private information retrieval with polylogarithmic communication
- Cachin, Micali, et al.
- 1999
(Show Context)
Citation Context ...owing Bob to learn anything about i. An ecient 1-out-of-N Oblivious Transfer protocol was proposed in [11] by Naor and Pinkas. By combining this protocol with the scheme by Cachin, Micali and Stadler =-=[8]-=-, the 1-out-of-N Oblivious Transfer protocol could be achieved with polylogarithmic (in n) communication complexity. Homomorphic Encryption Schemes We need a public-key cryptosystems with a homomorphi... |

117 |
Secure multi-party computation. Working Draft, Verison 1.1
- Goldreich
- 1998
(Show Context)
Citation Context ...ing in its generality, the communication complexity of the resulting protocols depend on the size of the circuit that expresses the functionality to be computed. As Goldreich has recently pointed out =-=[-=-6], using the solutions derived from these general results to solve specic problems can be impractical; problem-specic solutions should be developed, for eciency reasons. This paper is asrst step in t... |

94 | All-or-nothing disclosure of secrets
- Brassard, Crépeau, et al.
- 1987
(Show Context)
Citation Context ...ansfer Goldreich's circuit evaluation protocol uses the 1-out-of-N Oblivious Transfer, and our protocols in this paper also heavily depends on this protocol. An 1-out-of-N Oblivious Transfer protocol =-=[7, 4]-=- refers to a protocol where at the beginning of the protocol one party, Bob has N inputs X 1 ; : : : ; XN and at the end of the protocol the other party, Alice, learns one of the inputs X i for some 1... |

92 | Efficient Private Bidding and Auctions with an Oblivious Third Party
- Cachin
- 1999
(Show Context)
Citation Context ...The early cryptographic solution by Yao [15] has communication complexity that is exponential in the number of bits of the numbers involved, using an untrusted third party. Cachin proposed a solution =-=[3-=-] based on the -hiding assumption. His protocol uses an untrusted third party that can misbehave on its own (for the purpose of illegally obtaining information about Alice's or Bob's private vectors) ... |

65 | Comparing information without leaking it
- Fagin, Naor, et al.
- 1996
(Show Context)
Citation Context ...whether Alice's U equals Bob's VA without disclosing each person's private input to the other person. This comparison problem is well studied, and was thoroughly discussed by Fagin, Naor, and Winkler =-=[12-=-]. Several methods for it were discussed in [12, 11]. For example, the following is part of the folklore: Protocol 5 (Equality-Testing Protocol) Inputs: Alice has U , Bob has VA . Outputs: U = VA i EB... |

59 |
Dense probabilistic encryption
- Benaloh
- 1994
(Show Context)
Citation Context ...ion Schemes We need a public-key cryptosystems with a homomorphic property for some of our protocols: E k (x)E k (y) = E k (x+y). Many such systems exist, and examples include the systems by Benaloh [=-=2], Nac-=-cache and Stern [10], Okamoto and Uchiyama [13], Paillier [14], to mention a few. A useful property of homomorphic encryption schemes is that an \addition" operation can be conduced based on the ... |

43 | Protocols for secure remote database access with approximate matching
- Du, Atallah, et al.
- 2001
(Show Context)
Citation Context ...of n m . Now, let us consider the unanswered question: how could Alice get (X+R b ) without learning or R b ? We do this with a technique based on a homomorphic public key system, that was used in [1] in a dierent context (to compute the minimum value in a vector that is the dierence of Alice's private vector and Bob's private vector). Recall that an encryption scheme is homomorphic if E k (x)E... |

29 | Quantum public-key cryptosystems
- Okamoto, Tanaka, et al.
(Show Context)
Citation Context ... a homomorphic property for some of our protocols: E k (x)E k (y) = E k (x+y). Many such systems exist, and examples include the systems by Benaloh [2], Naccache and Stern [10], Okamoto and Uchiyama [=-=13], Pai-=-llier [14], to mention a few. A useful property of homomorphic encryption schemes is that an \addition" operation can be conduced based on the encrypted data without decrypting them. 4 Mikhail J.... |

25 |
A new cryptosystem based on higher residues
- Naccache, Stern
- 1998
(Show Context)
Citation Context ...blic-key cryptosystems with a homomorphic property for some of our protocols: E k (x)E k (y) = E k (x+y). Many such systems exist, and examples include the systems by Benaloh [2], Naccache and Stern [=-=10], Oka-=-moto and Uchiyama [13], Paillier [14], to mention a few. A useful property of homomorphic encryption schemes is that an \addition" operation can be conduced based on the encrypted data without de... |

13 |
Oblivious transfer and polynomial evaluation (extended abstract
- Naor, Pinkas
(Show Context)
Citation Context ...for some 1 i N of her choice, without learning anything about the other inputs and without allowing Bob to learn anything about i. An ecient 1-out-of-N Oblivious Transfer protocol was proposed in [1=-=1]-=- by Naor and Pinkas. By combining this protocol with the scheme by Cachin, Micali and Stadler [8], the 1-out-of-N Oblivious Transfer protocol could be achieved with polylogarithmic (in n) communicatio... |

1 |
Privacy-preserving cooperative scienti computations
- Du, Atallah
(Show Context)
Citation Context ...owever, if F is a simple enough functionality, using circuit a evaluation protocol can be practical. The existing protocols listed below serve as important building blocks in our solutions. Our paper =-=[5-=-] contains some primitives for general scientic problems, that could be used as subroutines by some of our computations (as special cases), however the next section will give better solutions for the ... |