How to generate and exchange secrets

In this paper we introduce a new tool for controlling the knowledge transfer process in cryptographic protocol design. It is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature. Specifically, we show how two parties A and B can interactively generate a random integer N = p?q such that its secret, i.e., the prime factors (p, q), is hidden from either party individually but is recoverable jointly if desired. This can be utilized to give a protocol for two parties with private values i and j to compute any polynomially computable functions f(i,j) and g(i,j) with minimal knowledge transfer and a strong fairness property. As a special case, A and B can exchange a pair of secrets sA, sB, e.g. the factorization of an integer and a Hamiltonian circuit in a graph, in such a way that sA becomes computable by B when and only when sB becomes computable by A. All these results are proved assuming only that the problem of factoring large intergers is computationally intractable.

[1]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[3]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[4]  Manuel Blum,et al.  How to exchange (secret) keys , 1983, TOCS.

[5]  Vijay V. Vazirani,et al.  Trapdoor pseudo-random number generators, with applications to protocol design , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[6]  Tom Tedrick,et al.  How to Exchange Half a Bit , 1983, CRYPTO.

[7]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[8]  Silvio Micali,et al.  How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[9]  Adi Shamir,et al.  The cryptographic security of truncated linearly related variables , 1985, STOC '85.

[10]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[11]  Moti Yung,et al.  A private interactive test of a boolean predicate a minimum-knowledge public-key cryptosystems , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[12]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[13]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.