论文信息 - Cryptography and Computer Security

Cryptography and Computer Security

We study the problem of constructing secure multi-party com putation (MPC) protocols that are completely fair — meaning that either all the parties learn the output of the f unction, or nobody does — even when a majority of the parties are corrupted. We first propose a framework for fair multi-party computation, within which we formulate a definition of secure and fair prot ocols. The definition follows the standard simulation paradigm, but is modified to allow the protocol to depend o the running time of the adversary. In this way, we avoid a well-known impossibility result for fair MPC with corrupted majority; in particular, our definition admits constructions that tolerate up to (n − 1) corruptions, wheren is the total number of parties. Next, we define a “commit-prove-fair-open” functionality and const ruct an efficient protocol that realizes it, using a new variant of a cryptographic primitive known as “time-lines. ” Finally, we show that some of the existing secure MPC protocols can be easily transformed into fair protocols by using the “commit-prove-fair-open” functionality. Putting these results together, we construct efficie nt, secure MPC protocols that are completely fair even in the presence of corrupted majorities. Furthermore, thes e protocols remain secure when arbitrarily composed with any protocols, which means, in particular, that they ar e concurrently-composable and non-malleable. Finally, as an example, we show a very efficient protocol that fa irly nd securely solves the socialist millionaires’ problem. 2. L. Kissner, A. Oprea, M. Reiter, D. Song, K. Yang. Private Push and Pull with Applications to Anonymous Communication. Abstract We propose a modification of the Private Information Retriev al (PIR) model to allow modification of the database from which information is requested and rich searching on keywords, with access control. To accomplish this, we give Private Push and Pull (P ) protocols for a group of n servers. The communication complexity between the client and the servers is independen t of the number of records in the database (or more generally, the number of previous push and pull transac tions) and can be independent on the number of servers, depending on the choice of cryptographic primitiv es. Our scheme relies on a partially homomorphic cryptosystem, for which there is an algorithm for composing ciphertexts to get an encryption of the added plaintexts. To demonstrate the utility of P 3 , we use it to implement an unlinkable anonymous communicati on message service, which can easily be extended to one that pro vides both sender and receiver anonymity. 3. P. MacKenzie, K. Yang. On Simulation-Sound Trapdoor Commitments. Abstract We study the recently introduced notion of a simulation-sound trapdoor commitment (SSTC) scheme. In this paper, we present a new, simpler definition for an SSTC scheme that admits more efficient constructions and can be used in a larger set of applications. Specifically, we show how to construct SSTC schemes from any one-way functions, and how to construct very efficient SSTC s chemes based on specific number-theoretic assumptions. We also show how to construct simulation-sound, non-malleable, and universally-composable zeroknowledge protocols using SSTC schemes, yielding, for inst ance, the most efficient universally-composable zero-knowledge protocols known. Finally, we explore the re lation between SSTC schemes and non-malleable commitment schemes by presenting a sequence of implication nd separation results, which in particular imply that SSTC schemes are non-malleable. 4. K. Yang. On the (Im)possibility of Non-interactive Correlation Distillation . Abstract We study the problem of non-interactive correlation distil lation (NICD). Suppose Alice and Bob each has a string, denoted by A = a0a1 · · · an−1 andB = b0b1 · · · bn−1, respectively. Furthermore, for every k = 0, 1, ..., n − 1, (ak, bk) is independently drawn from a distribution N , known as the “noise mode”. Alice and Bob wish to “distill” the correlation non-interactivel y, i.e., they wish to each apply a function to their strings, and output one bit, denoted by X andY , such thatPr[X = Y ] can be made as close to 1 as possible. The problem is, for what noise model can they succeed? This pr oblem is related to various topics in computer

Oded Goldreich | A. Sahai | R. Impagliazzo | S. Vadhan | S. Rudich

[1] Ke Yang. Integer Circuit Evaluation Is PSPACE-Complete , 2001, J. Comput. Syst. Sci..

[2] Amit Sahai,et al. On the (im)possibility of obfuscating programs , 2001, JACM.

[3] Ke Yang. On Learning Correlated Boolean Functions Using Statistical Queries , 2001, ALT.

[4] Andris Ambainis,et al. Extracting quantum entanglement (general entanglement purification protocols) , 2001, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[5] M. Blum,et al. On the Complexity of MAX/MIN/AVRG Circuits , 2002 .

[6] Ke Yang,et al. New Lower Bounds for Statistical Query Learning , 2002, COLT.

[7] Avrim Blum,et al. On statistical query sampling and NMR quantum computing , 2003, 18th IEEE Annual Conference on Computational Complexity, 2003. Proceedings..

[8] Ke Yang,et al. On the (im)possibility of non-interactive correlation distillation , 2004, Theor. Comput. Sci..

[9] Juan A. Garay. Efficient and Universally Composable Committed Oblivious Transfer and Applications , 2004, TCC.