Open Questions, Talk Abstracts, and Summary of Discussions

Participants took a critical look at the results, choice of problems, guiding philosophies, research methodology , and engineering projects that currently absorb much of the eeort of people working in \cryptography" and \computer system security." This report summarizes both the formal presentations and the informal discussions that took place. Section 1 contains our account of the group discussions and statements of open questions, both general and speciic, that we think are important. This report on the workshop is based on our recollections, our notes, and notes taken by the graduate-student participants; we assume responsibility for any inaccuracies in our account. Section 2 contains abstracts of the talks presented at the workshop; whenever possible, these abstracts are accompanied by references to complete papers or extended abstracts that the speaker has published. Names and addresses of participants are given in Section 3. The part of the theoretical computer science community that studies cryptography has created a large amount of terminology. Many of these terms were used in Wednesday morn-ing's talks.

[1]  Andrew M. Odlyzko,et al.  Solving Large Sparse Linear Systems over Finite Fields , 1990, CRYPTO.

[2]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[3]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[4]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[5]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[6]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[7]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[8]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[9]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[10]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[11]  Carsten Lund,et al.  Non-deterministic exponential time has two-prover interactive protocols , 2005, computational complexity.

[12]  Carsten Lund,et al.  Nondeterministic exponential time has two-prover interactive protocols , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[15]  Andrew M. Odlyzko,et al.  Computation of discrete logarithms in prime fields , 1991, Des. Codes Cryptogr..

[16]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[17]  Silvio Micali,et al.  How to sign given any trapdoor function , 1988, STOC '88.

[18]  Michael Merritt Limitations of the Kerberos Protocol , 1991 .

[19]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[20]  Joan Feigenbaum,et al.  Lower bounds on random-self-reducibility , 1990, Proceedings Fifth Annual Structure in Complexity Theory Conference.

[21]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[22]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[25]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[26]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[27]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[28]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[29]  Bradley Taylor A framework for network security , 1989 .

[30]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[31]  Arjen K. Lenstra,et al.  Factoring by Electronic Mail , 1990, EUROCRYPT.

[32]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[33]  Michael Merritt,et al.  Protocols for Data Security , 1983, Computer.

[34]  Rafail Ostrovsky,et al.  The (true) complexity of statistical zero knowledge , 1990, STOC '90.

[35]  Moti Yung,et al.  Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds , 1989, ICALP.

[36]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[37]  Joseph Y. Halpern,et al.  A knowledge-based analysis of zero knowledge , 1988, STOC '88.

[38]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[39]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[40]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[41]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[42]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[43]  Richard A. Kemmerer,et al.  Analyzing encryption protocols using formal verification techniques , 1989, IEEE J. Sel. Areas Commun..

[44]  Oded Goldreich,et al.  Towards a Theory of Software Protection , 1986, CRYPTO.

[45]  Bert den Boer,et al.  Detection of Disrupters in the DC Protocol , 1990, EUROCRYPT.

[46]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[47]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[48]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[49]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[50]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[51]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[52]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[53]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[54]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[55]  Joan Feigenbaum,et al.  Hiding Instances in Zero-Knowledge Proof Systems (Extended Abstract) , 1990, CRYPTO.

[56]  Seinosuke Toda On the computational power of PP and (+)P , 1989, 30th Annual Symposium on Foundations of Computer Science.

[57]  Andrew Chi-Chih Yao,et al.  Coherent Functions and Program ( extended abstract ) Checkers , .

[58]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[59]  Joan Feigenbaum,et al.  Hiding Instances in Multioracle Queries , 1990, STACS.

[60]  Manuel Blum,et al.  Designing programs that check their work , 1989, STOC '89.

[61]  OtwayDave,et al.  Efficient and timely mutual authentication , 1987 .

[62]  Martín Abadi,et al.  Authentication: A Practical Study in Belief and Action , 1988, TARK.

[63]  Gilles Brassard,et al.  Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[64]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[65]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[66]  J. D. Tygar,et al.  An Integrated Toolkit for Operating System Security , 1986 .

[67]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[68]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[69]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[70]  Michael J. Fischer,et al.  Relations Among Complexity Measures , 1979, JACM.

[71]  J. H. Moore Protocol failures in cryptosystems , 1988, Proc. IEEE.

[72]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[73]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[74]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[75]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.