Engineering Secure Two-Party Computation Protocols

Secure two-party computation, called secure function evaluation (SFE), enables two mutually mistrusting parties, the client and server, to evaluate an arbitrary function on their respective private inputs while revealing nothing but the result. Originally the technique was considered to be too inefficient for practical privacy-preserving applications, but in recent years rapid speed-up in computers and communication networks, algorithmic improvements, automatic generation, and optimizations have enabled their application in many scenarios. The author offers an extensive overview of the most practical and efficient modern techniques used in the design and implementation of secure computation and related protocols. After an introduction that sets secure computation in its larger context of other privacy-enhancing technologies such as secure channels and trusted computing, he covers the basics of practically efficient secure function evaluation, circuit optimizations and constructions, hardware-assisted garbled circuit protocols, and the modular design of efficient SFE protocols. The goal of the author's research is to use algorithm engineering methods to engineer efficient secure protocols, both as a generic tool and for solving practical applications, and he achieves an excellent balance between the theory and applicability. The book is essential for researchers, students and practitioners in the area of applied cryptography and information security who aim to construct practical cryptographic protocols for privacy-preserving real-world applications.

[1]  Ahmad-Reza Sadeghi,et al.  Sokrates - A Compiler Framework for Zero-Knowledge Protocols , 2005 .

[2]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[3]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[4]  Ahmad-Reza Sadeghi,et al.  Generalized Universal Circuits for Secure Evaluation of Private Functions with Application to Data Classification , 2009, IACR Cryptol. ePrint Arch..

[5]  Michael K. Reiter,et al.  Automatic generation of two-party computations , 2003, CCS '03.

[6]  Alptekin Küpçü,et al.  ZKPDL: A Language-Based System for Efficient Zero-Knowledge Proofs and Electronic Cash , 2010, USENIX Security Symposium.

[7]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[8]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[9]  Michael I. Schwartzbach,et al.  A domain-specific programming language for secure multiparty computation , 2007, PLAS '07.

[10]  Shai Avidan,et al.  Efficient Methods for Privacy Preserving Face Detection , 2006, NIPS.

[11]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[12]  Joan Boyar,et al.  Short Discrete Proofs , 1996, EUROCRYPT.

[13]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[14]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[15]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[16]  Ahmad-Reza Sadeghi,et al.  Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs - (Full Version) , 2010, CHES.

[17]  Ahmad-Reza Sadeghi,et al.  From Dust to Dawn: Practically Efficient Two-Party Secure Function Evaluation Protocols and their Modular Design , 2010, IACR Cryptol. ePrint Arch..

[18]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[19]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, Journal of Cryptology.

[20]  Stefan Katzenbeisser,et al.  Privacy preserving error resilient dna searching through oblivious automata , 2007, CCS '07.

[21]  Vitaly Shmatikov,et al.  Privacy-preserving remote diagnostics , 2007, CCS '07.

[22]  Kerstin Lemke,et al.  Embedded Security: Physical Protection against Tampering Attacks , 2006 .

[23]  Mikhail J. Atallah,et al.  Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles , 2006, NDSS.

[24]  Sean W. Smith,et al.  Hardware-Assisted Secure Computation , 2009 .

[25]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[26]  Giuseppe F. Italiano,et al.  Algorithm engineering, Algorithmics Column , 2003, Bull. EATCS.

[27]  Rafail Ostrovsky,et al.  Efficient Non-interactive Secure Computation , 2011, EUROCRYPT.

[28]  Nico Döttling,et al.  Unconditional and Composable Security Using a Single Stateful Tamper-Proof Hardware Token , 2011, TCC.

[29]  Stephan Krenn Bringing Zero-Knowledge Proofs of Knowledge to Practice , 2009, Security Protocols Workshop.

[30]  Ahmad-Reza Sadeghi,et al.  Automatic Generation of Sound Zero-Knowledge Protocols , 2008, IACR Cryptol. ePrint Arch..

[31]  Chris I. Dalton,et al.  Towards automated security policy enforcement in multi-tenant virtual data centers , 2010, J. Comput. Secur..

[32]  Sean W. Smith,et al.  Small, stupid, and scalable: secure computing with faerieplay , 2010, STC '10.

[33]  Vitaly Shmatikov,et al.  Privacy-Preserving Classifier Learning , 2009, Financial Cryptography.

[34]  Ke Xu,et al.  Mobile Agent Security Through Multi-Agent Cryptographic Protocols , 2003, International Conference on Internet Computing.

[35]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[36]  Ahmad-Reza Sadeghi,et al.  Practical Secure Evaluation of Semi-Private Functions , 2009, IACR Cryptol. ePrint Arch..

[37]  Jörn Müller-Quade,et al.  Universally composable zero-knowledge arguments and commitments from signature cards , 2007 .

[38]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[39]  Beate Bollig,et al.  Improving the Variable Ordering of OBDDs Is NP-Complete , 1996, IEEE Trans. Computers.

[40]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[41]  Juan A. Garay Efficient and Universally Composable Committed Oblivious Transfer and Applications , 2004, TCC.

[42]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[43]  Marc Stevens,et al.  Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.

[44]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[45]  Ahmad-Reza Sadeghi,et al.  Efficient privacy-preserving classification of ECG signals , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[46]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[47]  Peter Sanders Algorithm Engineering - An Attempt at a Definition , 2009, Efficient Algorithms.

[48]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[49]  Ahmad-Reza Sadeghi,et al.  Property-Based TPM Virtualization , 2008, ISC.

[50]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[51]  C. Leonard Berman,et al.  Circuit width, register allocation, and ordered binary decision diagrams , 1991, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[52]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[53]  Thomas Schneider,et al.  Practical Secure Function Evaluation , 2008, Informatiktage.

[54]  Ivan Visconti,et al.  On Efficient Non-Interactive Oblivious Transfer with Tamper-Proof Hardware , 2010, IACR Cryptol. ePrint Arch..

[55]  Radha Poovendran,et al.  The AES-CMAC Algorithm , 2006, RFC.

[56]  Joan Boyar,et al.  Concrete Multiplicative Complexity of Symmetric Functions , 2006, MFCS.

[57]  Berry Schoenmakers,et al.  A protocol issue for the malicious case of Yao's garbled circuit construction , 2006 .

[58]  Bradley Malin,et al.  Preserving privacy by de-identifying face images , 2005, IEEE Transactions on Knowledge and Data Engineering.

[59]  Ke Xu,et al.  Universally Composable Secure Mobile Agent Computation , 2004, ISC.

[60]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[61]  Yu Yu,et al.  On Developing Privacy-Preserving Compilers , 2006 .

[62]  B.C.H. Turton Extending Quine-McCluskey for Exclusive-Or logic synthesis , 1996 .

[63]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[64]  Bernhard Jansen,et al.  Trusted Virtual Domains: Secure Foundations for Business and IT Services , 2005 .

[65]  Ahmad-Reza Sadeghi,et al.  Efficient Privacy-Preserving Face Recognition , 2009, ICISC.

[66]  Ivan Damgård,et al.  Asynchronous Multiparty Computation: Theory and Implementation , 2008, IACR Cryptol. ePrint Arch..

[67]  Jesper Buus Nielsen,et al.  Extending Oblivious Transfers Efficiently - How to get Robustness Almost for Free , 2007, IACR Cryptol. ePrint Arch..

[68]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[69]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[70]  Carsten Lund,et al.  On the communication complexity of zero-knowledge proofs , 1993, Journal of Cryptology.

[71]  Steve H. Weingart Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences , 2000, CHES.

[72]  Ivan Damgård,et al.  Homomorphic encryption and secure comparison , 2008, Int. J. Appl. Cryptogr..

[73]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[74]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[75]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[76]  Makoto Yokoo,et al.  Secure computation for combinatorial auctions and market exchanges , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[77]  Yuval Ishai,et al.  Semantic Security under Related-Key Attacks and Applications , 2011, ICS.

[78]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[79]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[80]  Leslie G. Valiant,et al.  Universal circuits (Preliminary Report) , 1976, STOC '76.

[81]  Vincenzo Piuri,et al.  Privacy-preserving fingercode authentication , 2010, MM&Sec '10.

[82]  Joan Boyar,et al.  On the multiplicative complexity of Boolean functions over the basis (cap, +, 1) , 2000, Theor. Comput. Sci..

[83]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[84]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[85]  Ke Xu,et al.  On Garbled Circuits and Constant Round Secure Function Evaluation , 2012 .

[86]  Vladimir Kolesnikov,et al.  Truly Efficient String Oblivious Transfer Using Resettable Tamper-Proof Tokens , 2010, TCC.

[87]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[88]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[89]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, EUROCRYPT.

[90]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[91]  Ahmad-Reza Sadeghi,et al.  Privacy-Preserving ECG Classification With Branching Programs and Neural Networks , 2011, IEEE Transactions on Information Forensics and Security.

[92]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[93]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[94]  Yehuda Lindell,et al.  A Proof of Yao's Protocol for Secure Two-Party Computation , 2004, Electron. Colloquium Comput. Complex..

[95]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[96]  Yehuda Lindell,et al.  Constructions of truly practical secure protocols using standardsmartcards , 2008, CCS.

[97]  Benny Pinkas,et al.  Secure Set Intersection with Untrusted Hardware Tokens , 2011, CT-RSA.

[98]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[99]  Ahmad-Reza Sadeghi,et al.  A Certifying Compiler for Zero-Knowledge Proofs of Knowledge Based on Sigma-Protocols , 2010, IACR Cryptol. ePrint Arch..

[100]  Vladimir Kolesnikov,et al.  A Practical Universal Circuit Construction and Secure Evaluation of Private Functions , 2008, Financial Cryptography.

[101]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[102]  Craig Gentry,et al.  A Simple BGN-Type Cryptosystem from LWE , 2010, EUROCRYPT.

[103]  Mikhail J. Atallah,et al.  Hidden access control policies with hidden credentials , 2004, WPES '04.

[104]  John Cocke,et al.  A methodology for the real world , 1981 .

[105]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[106]  Ahmad-Reza Sadeghi,et al.  Efficient Secure Two-Party Computation with Untrusted Hardware Tokens (Full Version) , 2010, Towards Hardware-Intrinsic Security.

[107]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[108]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[109]  Eric Allender,et al.  Complexity , 2007, Scholarpedia.

[110]  Priti Shankar,et al.  The Compiler Design Handbook: Optimizations and Machine Code Generation , 2002, The Compiler Design Handbook.

[111]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[112]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[113]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[114]  Ronald L. Rivest,et al.  Introduction to Algorithms, Second Edition , 2001 .

[115]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[116]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[117]  Marc Fischlin,et al.  A Cost-Effective Pay-Per-Multiplication Comparison Method for Millionaires , 2001, CT-RSA.

[118]  Yehuda Lindell,et al.  Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries , 2008, SCN.

[119]  Eugene H. Spafford,et al.  Secure outsourcing of scientific computations , 2001, Adv. Comput..

[120]  Jin-Yi Cai,et al.  Circuit minimization problem , 2000, STOC '00.

[121]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[122]  Philipp Woelfel,et al.  Bounds on the OBDD-size of integer multiplication via universal hashing , 2001, J. Comput. Syst. Sci..

[123]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[124]  Jan Camenisch,et al.  Cryptographic security for mobile code , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[125]  Vladimir Kolesnikov Gate Evaluation Secret Sharing and Secure One-Round Two-Party Computation , 2005, ASIACRYPT.

[126]  Yehuda Lindell,et al.  Secure Multiparty Computation for Privacy-Preserving Data Mining , 2009, IACR Cryptol. ePrint Arch..

[127]  Claude E. Shannon,et al.  The synthesis of two-terminal switching circuits , 1949, Bell Syst. Tech. J..

[128]  Christoph G. Schütz,et al.  L1 - Faster Development and Benchmarking of Cryptographic Protocols , 2009 .

[129]  Benny Pinkas,et al.  Secure Computation of the k th-Ranked Element , 2004, EUROCRYPT.

[130]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[131]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[132]  Benny Pinkas,et al.  Secure Hamming Distance Based Computation and Its Applications , 2009, ACNS.

[133]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[134]  Ivan Damgård,et al.  Using Compilers to Enhance Cryptographic Product Development , 2009, ISSE.

[135]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[136]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[137]  Randal E. Bryant,et al.  On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[138]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[139]  Lior Malka,et al.  VMCrypt: modular software architecture for scalable secure computation , 2011, CCS '11.

[140]  Gilles Brassard,et al.  Zero-Knowledge Simulation of Boolean Circuits , 1986, CRYPTO.

[141]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[142]  Mikhail J. Atallah,et al.  Privacy-preserving credit checking , 2005, EC '05.

[143]  Ahmad-Reza Sadeghi,et al.  Ask Your E-Doctor Without Telling: Privacy-Preserving Medical Diagnostics (Poster) , 2009 .

[144]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[145]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[146]  Roopa Vishwanathan,et al.  Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology , 2009, DBSec.

[147]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[148]  Vladimir Kolesnikov,et al.  MAC Precomputation with Applications to Secure Memory , 2009, ISC.

[149]  Ahmad-Reza Sadeghi,et al.  Automatic Generation of Sigma-Protocols , 2009, EuroPKI.

[150]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[151]  Vandana Gunupudi,et al.  Generalized Non-Interactive Oblivious Transfer Using Count-Limited Objects with Applications to Secure Mobile Agents , 2008, Financial Cryptography.

[152]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[153]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[154]  Keith B. Frikken Practical Private DNA String Searching and Matching through Efficient Oblivious Automata Evaluation , 2009, DBSec.

[155]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[156]  Juan A. Garay,et al.  Practical and Secure Solutions for Integer Comparison , 2007, Public Key Cryptography.

[157]  Ivan Damgård,et al.  Universally Composable Multiparty Computation with Partially Isolated Parties , 2009, TCC.

[158]  Somesh Jha,et al.  Secure function evaluation with ordered binary decision diagrams , 2006, CCS '06.

[159]  Adam D. Smith,et al.  Efficient Two Party and Multi Party Computation Against Covert Adversaries , 2008, EUROCRYPT.

[160]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[161]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[162]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[163]  A. Benjamin Premkumar,et al.  Securely utilizing external computing power , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[164]  Ivan Damgård,et al.  Efficient and Secure Comparison for On-Line Auctions , 2007, ACISP.

[165]  Heribert Vollmer,et al.  Introduction to Circuit Complexity: A Uniform Approach , 2010 .

[166]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[167]  Patrick Schaumont,et al.  Design methods for Security and Trust , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[168]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[169]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[170]  Felix C. Freiling,et al.  TrustedPals: Secure Multiparty Computation Implemented with Smart Cards , 2006, ESORICS.

[171]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[172]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[173]  Joan Boyar,et al.  A New Combinational Logic Minimization Technique with Applications to Cryptology , 2010, SEA.

[174]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[175]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[176]  Gilles Brassard,et al.  Subquadratic zero-knowledge , 1995, JACM.

[177]  Amir Herzberg,et al.  Secure Guaranteed Computation , 2010, IACR Cryptol. ePrint Arch..

[178]  Ahmad-Reza Sadeghi,et al.  Secure Evaluation of Private Linear Branching Programs with Medical Applications , 2009, ESORICS.

[179]  Sergei P. Skorobogatov,et al.  Data Remanence in Flash Memory Devices , 2005, CHES.

[180]  Ian F. Blake,et al.  Strong Conditional Oblivious Transfer and Computing on Intervals , 2004, ASIACRYPT.

[181]  Alex Pentland,et al.  Face recognition using eigenfaces , 1991, Proceedings. 1991 IEEE Computer Society Conference on Computer Vision and Pattern Recognition.

[182]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[183]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[184]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[185]  Sean W. Smith,et al.  Fairy Dust, Secrets, and the Real World , 2003, IEEE Secur. Priv..

[186]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[187]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[188]  Sean W. Smith,et al.  More Efficient Secure Function Evaluation Using Tiny Trusted Third Parties , 2005 .

[189]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.