Results 1  10
of
37
Privacypreserving cooperative statistical analysis
 In Proceedings of the 17th Annual Computer Security Applications Conference
, 2001
"... The growth of the Internet opens up tremendous opportunities for cooperative computation, where the answer depends on the private inputs of separate entities. Sometimes these computations may occur between mutually untrusted entities. The problem is trivial if the context allows the conduct of these ..."
Abstract

Cited by 66 (0 self)
 Add to MetaCart
(Show Context)
The growth of the Internet opens up tremendous opportunities for cooperative computation, where the answer depends on the private inputs of separate entities. Sometimes these computations may occur between mutually untrusted entities. The problem is trivial if the context allows the conduct of these computations by a trusted entity that would know the inputs from all the participants; however if the context disallows this then the techniques of secure multiparty computation become very relevant and can provide useful solutions. Statistic analysis is a widely used computation in real life, but the known methods usually require one to know the whole data set; little work has been conducted to investigate how statistical analysis could be performed in a cooperative environment, where the participants want to conduct statistical analysis on the joint data set, but each participant is concerned about the confidentiality of its own data. In this paper we have developed protocols for conducting the statistic analysis in such kind of cooperative environment based on a data perturbation technique and cryptography primitives.
Secure multiparty computational geometry
 INTERNATIONAL WORKSHOP ON ALGORITHMS AND DATA STRUCTURES
, 2001
"... The general secure multiparty computation problem is when multiple parties (say, Alice and Bob) each have private data (respectively, a and b) and seek to compute some function f(a; b) without revealing to each other anything unintended (i.e., anything other than what can be inferred from knowing f ..."
Abstract

Cited by 65 (9 self)
 Add to MetaCart
(Show Context)
The general secure multiparty computation problem is when multiple parties (say, Alice and Bob) each have private data (respectively, a and b) and seek to compute some function f(a; b) without revealing to each other anything unintended (i.e., anything other than what can be inferred from knowing f(a; b)). It is well known that, in theory, the general secure multiparty computation problem is solvable using circuit evaluation protocols. While this approach is appealing in its generality, the communication complexity of the resulting protocols depend on the size of the circuit that expresses the functionality to be computed. As Goldreich has recently pointed out [6], using the solutions derived from these general results to solve specic problems can be impractical; problemspeci c solutions should be developed, for eciency reasons. This paper is a rst step in this direction for the area of computational geometry. We give simple solutions to some specic geometric problems, and in doing so we develop some building blocks that we believe will be useful in the solution of other geometric and combinatorial problems as well.
A New and Efficient AllOrNothing Disclosure of Secrets Protocol
, 1998
"... Twoparty protocols have been considered for a long time. ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
Twoparty protocols have been considered for a long time.
Quantum algorithms for algebraic problems
, 2008
"... Quantum computers can execute algorithms that dramatically outperform classical computation. As the bestknown example, Shor discovered an efficient quantum algorithm for factoring integers, whereas factoring appears to be difficult for classical computers. Understanding what other computational pro ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
Quantum computers can execute algorithms that dramatically outperform classical computation. As the bestknown example, Shor discovered an efficient quantum algorithm for factoring integers, whereas factoring appears to be difficult for classical computers. Understanding what other computational problems can be solved significantly faster using quantum algorithms is one of the major challenges in the theory of quantum
Computational indistinguishability between quantum states and its cryptographic application
 Advances in Cryptology – EUROCRYPT 2005
, 2005
"... We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset s ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
(Show Context)
We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset states with a hidden permutation over the symmetric group of finite degree. This naturally generalizes the commonlyused distinction problem between two probability distributions in computational cryptography. As our major contribution, we show three cryptographic properties: (i) QSCDff has the trapdoor property; (ii) the averagecase hardness of QSCDff coincides with its worstcase hardness; and (iii) QSCDff is computationally at least as hard in the worst case as the graph automorphism problem. These cryptographic properties enable us to construct a quantum publickey cryptosystem, which is likely to withstand any chosen plaintext attack of a polynomialtime quantum adversary. We further discuss a generalization of QSCDff, called QSCDcyc, and introduce a multibit encryption scheme relying on the cryptographic properties of QSCDcyc.
Adapting Density Attacks to LowWeight Knapsacks
"... Abstract. Cryptosystems based on the knapsack problem were among the first publickey systems to be invented. Their high encryption/decryption rate attracted considerable interest until it was noticed that the underlying knapsacks often had a low density, which made them vulnerable to lattice attack ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Cryptosystems based on the knapsack problem were among the first publickey systems to be invented. Their high encryption/decryption rate attracted considerable interest until it was noticed that the underlying knapsacks often had a low density, which made them vulnerable to lattice attacks, both in theory and practice. To prevent lowdensity attacks, several designers found a subtle way to increase the density beyond the critical density by decreasing the weight of the knapsack, and possibly allowing nonbinary coefficients. This approach is actually a bit misleading: we show that lowweight knapsacks do not prevent efficient reductions to lattice problems like the shortest vector problem, they even make reductions more likely. To measure the resistance of lowweight knapsacks, we introduce the novel notion of pseudodensity, and we apply the new notion to the OkamotoTanakaUchiyama (OTU) cryptosystem from Crypto ’00. We do not claim to break OTU and we actually believe that this system may be secure with an appropriate choice of the parameters. However, our research indicates that, in its current form, OTU cannot be supported by an argument based on density. Our results also explain why Schnorr and Hörner were able to solve at Eurocrypt ’95 certain highdensity knapsacks related to the ChorRivest cryptosystem, using lattice reduction.
Decision oracles are equivalent to Matching oracles
 IN INTERNATIONAL WORKSHOP ON PRACTICE AND THEORY IN PUBLIC KEY CRYPTOGRAPHY ’99 (PKC ’99), NUMBER 1560 IN LECTURE NOTES IN COMPUTER SCIENCE
, 1999
"... One of the key directions in complexity theory which has also filtered through to cryptographic research, is the effort to classify related but seemingly distinct notions. Separation or reduction arguments are the basic means for this classification. Continuing this direction we identify a class o ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
One of the key directions in complexity theory which has also filtered through to cryptographic research, is the effort to classify related but seemingly distinct notions. Separation or reduction arguments are the basic means for this classification. Continuing this direction we identify a class of problems, called "matching problems," which are related to the class of "decision problems." In many cases, these classes are neither trivially equivalent nor distinct. Briefly, a "decision" problem consists of one instance and a supposedly related image of this instance; the problem is to decide whether the instance and the image indeed satisfy the given predicate. In a "matching" problem two such pairs of instancesimages are given, and the problem is to "match" or "distinguish" which image corresponds to which instance. Clearly the decision problem is more difficult, since given a "decision" oracle one can simply test each of the two images to be matched against an instance and solve th...
Density Attack on the Knapsack Cryptosystems with Enumerative Source (Extended Abstract)
, 2003
"... ..."
Generalizing Cryptosystems Based on the Subset Sum Problem
, 2009
"... We identify a generic construction of cryptosystems based on the subset sum problem and characterize the required homomorphic map. Using the homomorphism from the DamgårdJurik cryptosystem, we then eliminate the need for a discrete logarithm oracle in the key generation step of the Okamoto, Tanaka ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
We identify a generic construction of cryptosystems based on the subset sum problem and characterize the required homomorphic map. Using the homomorphism from the DamgårdJurik cryptosystem, we then eliminate the need for a discrete logarithm oracle in the key generation step of the Okamoto, Tanaka and Uchiyama scheme to provide a practical cryptosystem based on the subset sum problem. We also analyze the security of our cryptosystem and show that with proper parameter choices, it is computationally secure against latticebased attacks. Finally, we present a practical application of this system for RFID security and privacy.