In cryptography, we do not know which computational assumptions are the most secure to rely on. Robust combiners attempt to solve this problem. Given several implementations of a certain primitive, e.g., of a commitment scheme, a combiner merges them into a new implementation that is secure if a minimum number of the input implementations are secure. A (k;n)-robust combiner merges n implementations, where k of them are required to remain secure. In this thesis, we investigate combiners for various primitives. We show which combiners for commitment schemes are possible and which combiners do not exist. We show that a certain combiner construction is impossible if only half of the input implementations are secure (technically speaking, we prove that transparent black-box (1; 2)-robust combiners for commitment schemes do not exist). Furthermore, we give explicit constructions for combiners where the majority of the input implementations are assumed to be secure. We make further investigations about combiners for interactive proof systems. However, this scenario is far more complicated and therefore, the statements made are somewhat crude. For oblivious transfer, a yet unpublished paper of Meier et al. proposes more tolerant constructions using a “swap” operation. We show that such an operation is necessary for certain types of combiners. Zusammenfassung Combiners werden in der Kryptographie verwendet, um sich gegen ungewisse berechenmassige Annahmen abzusichern. Gegeben sind Implementationen einer Primitive, zum Beispiel Bit Commitment. Ein Combiner verknupft diese Implementationen so, dass die Kombination sicher ist, wenn mindestens eine gewisse Anzahl der gegebenen Implementationen sicher ist. In dieser Arbeit befassen wir uns mit Combinern fur verschiedene Primitiven. Wir untersuchen, welche Combiners fur Commitment Schemes existieren und welche unmoglich sind. Wir zeigen, dass transparent black-box Combiner Konstruktionen nur moglich sind, falls die Mehrheit der gegebenen Implementationen sicher ist und konstruieren einen solchen Combiner. Weiter haben wir uns mit Combinern fur interaktive Beweissysteme befasst. Diese Ausgangslage ist viel komplizierter und die gemachten Aussagen sind eher einfacher Natur. Fur Oblivious Transfer werden in einer noch unveroffentlichten Arbeit von Meier et al. tolerantere Konstruktionen vorgeschlagen, welche nur mit einer “swap”-Operation funktionieren. Wir zeigen, dass eine Operation dieser Art notwendig ist.
[1]
Bartosz Przydatek,et al.
On Robust Combiners for Private Information Retrieval and Other Primitives
,
2006,
CRYPTO.
[2]
Adi Shamir,et al.
How to share a secret
,
1979,
CACM.
[3]
Stefan Wolf,et al.
Oblivious Transfer Is Symmetric
,
2006,
EUROCRYPT.
[4]
Oded Goldreich,et al.
On the power of cascade ciphers
,
1985,
TOCS.
[5]
Michael O. Rabin,et al.
How To Exchange Secrets with Oblivious Transfer
,
2005,
IACR Cryptol. ePrint Arch..
[6]
Moni Naor,et al.
On Robust Combiners for Oblivious Transfer and Other Primitives
,
2005,
EUROCRYPT.
[7]
Amir Herzberg,et al.
On Tolerant Cryptographic Constructions
,
2005,
CT-RSA.
[8]
Jonathan Katz,et al.
Chosen-Ciphertext Security of Multiple Encryption
,
2005,
TCC.
[9]
Jürg Wullschleger,et al.
Robuster Combiners for Oblivious Transfer
,
2007,
TCC.
[10]
Ivan Damgård,et al.
Commitment Schemes and Zero-Knowledge Protocols
,
1998,
Lectures on Data Security.
[11]
Silvio Micali,et al.
The knowledge complexity of interactive proof-systems
,
1985,
STOC '85.
[12]
Thomas Siegenthaler,et al.
Design of Combiners to Prevent Divide and Conquer Attacks
,
1985,
CRYPTO.
[13]
Oded Goldreich,et al.
A randomized protocol for signing contracts
,
1985,
CACM.
[14]
Silvio Micali,et al.
Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems
,
1991,
JACM.
[15]
G. Blakley,et al.
An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems
,
1981
.
[16]
Moni Naor,et al.
Bit commitment using pseudorandomness
,
1989,
Journal of Cryptology.
[17]
Richard E. Overill,et al.
Foundations of Cryptography: Basic Tools
,
2002,
J. Log. Comput..
[18]
Russell Impagliazzo,et al.
One-way functions are essential for complexity based cryptography
,
1989,
30th Annual Symposium on Foundations of Computer Science.
[19]
Leonid A. Levin,et al.
A Pseudorandom Generator from any One-way Function
,
1999,
SIAM J. Comput..
[20]
David Chaum,et al.
Minimum Disclosure Proofs of Knowledge
,
1988,
J. Comput. Syst. Sci..
[21]
David S. Johnson,et al.
Computers and Intractability: A Guide to the Theory of NP-Completeness
,
1978
.