Controlled Gradual Disclosure Schemes for Random Bits and Their Applications

We construct a protocol that enables a secret bit to be revealed gradually in a very controlled manner. In particular, if Alice possesses a bit S that was generated randomly according to the uniform distribution and 1/2 < p1 < ... < pm = 1 then, using our protocol with Bob, Alice can achieve the following. The protocol consists of m stages and, after the i-th stage, Bob's best prediction of S, based on all his interactions with Alice, is correct with probability exactly pi (and a reasonable condition is satisfied in the case where S is not initially uniform). Furthermore, under an intractability assumption, our protocol can be made "oblivious" to Alice and "secure" against an Alice or Bob that might try to cheat in various ways. Previously proposed gradual disclosure schemes for single bits release information in a less controlled manner: the probabilities that represent Bob's confidence of his knowledge of S follow a random walk that eventually drifts towards 1, rather than a predetermined sequence of values.Using controlled gradual disclosure schemes, we show how to construct an improved version of the protocol proposed by Luby, Micali and Hackoff for two-party secret bit exchanging ("How to Simultaneously Exchange a Secret Bit by Flipping a Symmetrically-Biased Coin", Proc. 22nd Ann. IEEE Symp. on Foundations of Computer Science, 1983, pp. 11-21) that is secure against additional kinds of attacks that the previous protocol is not secure against. Also, our protocol is more efficient in the number of rounds that it requires to attain a given level of security, and is proven to be asymptotically optimal in this respect.We also show how to use controlled gradual disclosure schemes to improve existing protocols for other cryptographic problems, such as multi-party function evaluation.

[1]  Tom Tedrick,et al.  How to Exchange Half a Bit , 1983, CRYPTO.

[2]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[3]  Ernest F. Brickell,et al.  Gradual and Verifiable Release of a Secret , 1987, CRYPTO.

[4]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[5]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[6]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[7]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[8]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[9]  Manuel Blum How to exchange (secret) keys , 1983, STOC '83.

[10]  Manuel Blum,et al.  How to Generate Cryptographically Strong Sequences of Pseudo Random Bits , 1982, FOCS.

[11]  Donald Beaver,et al.  Multiparty computation with faulty majority , 1989, 30th Annual Symposium on Foundations of Computer Science.

[12]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[13]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[14]  Vijay V. Vazirani,et al.  Trapdoor pseudo-random number generators, with applications to protocol design , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[15]  Silvio Micali,et al.  How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[16]  Joseph Y. Halpern,et al.  A Logic to Reason about Likelihood , 1987, Artif. Intell..