Approaches to efficient and robust cryptographic protocols

The growing influence of the Internet and other communication networks on our daily lives and on the global economy shows clearly that the security issues in such networks are of the uttermost importance. Motivated both by the theoretical questions and by the potential real-world applications, in this dissertation we study problems of secure cooperation in communication networks. In particular we focus on constructing efficient and robust protocols for various cryptographic tasks. In the first part of this thesis we study the problem of secure multiparty computation (MPC), which allows a set of n players to evaluate an agreed function of their inputs in a secure way, i.e., so that an adversary corrupting some of the players cannot achieve more than controlling the inputs and outputs of these players. The concept of MPC is very general and powerful, since it allows to realize essentially any distributed computational task in a secure way. For that reason the MPC problem has been studied extensively since its introduction by Yao in 1982. A major goal of these studies is to design protocols with low communication complexity, and two main research directions emerged over the time, with focus on reducing round-, resp. bit-complexity. In this thesis we focus on the bitcomplexity, i.e., the number of bits communicated between the parties during the computation, and we consider this problem in asynchronous networks, which model pretty closely real-world networks. We propose an MPC protocol, which is secure with respect to an active adversary corrupting up to t < n/3 players (this is optimal in an asynchronous network), and which is the most efficient protocol currently known. For our constructions we develop several novel techniques, which were used also in subsequent works on efficient MPC protocols. In the second part of this thesis we turn to a problem which is common to all cryptographic research based on computational assumptions.

[1]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[2]  William I. Gasarch,et al.  A Survey on Private Information Retrieval (Column: Computational Complexity) , 2004, Bull. EATCS.

[3]  Aggelos Kiayias,et al.  Decoding of Interleaved Reed Solomon Codes over Noisy Data , 2003, ICALP.

[4]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[5]  Dan Boneh,et al.  On the Impossibility of Efficiently Combining Collision Resistant Hash Functions , 2006, CRYPTO.

[6]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[7]  Yan-Cheng Chang,et al.  Single Database Private Information Retrieval with Logarithmic Communication , 2004, ACISP.

[8]  Jürg Wullschleger,et al.  Error-Tolerant Combiners for Oblivious Primitives , 2008, ICALP.

[9]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[10]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[11]  Martin Hirt,et al.  Cryptographic Asynchronous Multi-party Computation with Optimal Resilience (Extended Abstract) , 2005, EUROCRYPT.

[12]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[13]  Ran Canetti,et al.  Asynchronous secure computation , 1993, STOC.

[14]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[15]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[16]  Martin Hirt,et al.  Robust Multiparty Computation with Linear Communication Complexity , 2006, CRYPTO.

[17]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[18]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[19]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[20]  Aggelos Kiayias,et al.  Secure Games with Polynomial Expressions , 2001, ICALP.

[21]  Ueli Maurer,et al.  Cascade ciphers: The importance of being first , 1993, Journal of Cryptology.

[22]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[23]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[24]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[25]  Tal Rabin,et al.  Asynchronous secure computations with optimal resilience (extended abstract) , 1994, PODC '94.

[26]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[27]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[28]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[29]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[30]  Ivan Damgård,et al.  On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions , 1998, EUROCRYPT.

[31]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[32]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[33]  Claude Cripeaut Equivalence Between Two Flavours of Oblivious Transfers , 1988 .

[34]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[35]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[36]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[37]  Pim Tuyls,et al.  Practical Two-Party Computation Based on the Conditional Gate , 2004, ASIACRYPT.

[38]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[39]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[40]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[41]  Miklos Santha,et al.  On the Reversibility of Oblivious Transfer , 1991, EUROCRYPT.

[42]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[43]  Stefan Wolf,et al.  Oblivious Transfer Is Symmetric , 2006, EUROCRYPT.

[44]  Oded Goldreich,et al.  On the power of cascade ciphers , 1985, TOCS.

[45]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[46]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[47]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[48]  K. Srinathan,et al.  Asynchronous Unconditionally Secure Computation: An Efficiency Improvement , 2002, INDOCRYPT.

[49]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[50]  Hao Chen,et al.  Secure Computation from Random Error Correcting Codes , 2007, EUROCRYPT.

[51]  Bartosz Przydatek,et al.  On Robust Combiners for Private Information Retrieval and Other Primitives , 2006, CRYPTO.

[52]  Matthew K. Franklin,et al.  Joint Encryption and Message-Efficient Secure Computation , 1993, CRYPTO.

[53]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[54]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[55]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[56]  Jesper Buus Nielsen,et al.  A Threshold Pseudorandom Function Construction and Its Applications , 2002, CRYPTO.

[57]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[58]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[59]  Amir Herzberg,et al.  On Tolerant Cryptographic Constructions , 2005, CT-RSA.

[60]  Samuel J. Beckett,et al.  Waiting for Godot : tragicomedy in 2 acts , 1954 .

[61]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[62]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[63]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[64]  Ueli Maurer,et al.  Robustness for Free in Unconditional Multi-party Computation , 2001, CRYPTO.

[65]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[66]  Ivan Damgård,et al.  On the complexity of verifiable secret sharing and multiparty computation , 2000, STOC '00.

[67]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[68]  Rafail Ostrovsky,et al.  One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval , 2000, EUROCRYPT.

[69]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[70]  Martin Hirt,et al.  Asynchronous Multi-Party Computation with Quadratic Communication , 2008, ICALP.

[71]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[72]  Iftach Haitner,et al.  Implementing Oblivious Transfer Using Collection of Dense Trapdoor Permutations , 2004, TCC.

[73]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[74]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[75]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[76]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[77]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[78]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[79]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[80]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[81]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[82]  Krzysztof Pietrzak,et al.  Non-trivial Black-Box Combiners for Collision-Resistant Hash-Functions Don't Exist , 2007, EUROCRYPT.

[83]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[84]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[85]  G. Blakley,et al.  An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems , 1981 .

[86]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[87]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[88]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[89]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[90]  Jürg Wullschleger,et al.  Robuster Combiners for Oblivious Transfer , 2007, TCC.

[91]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[92]  K. Srinathan,et al.  Efficient Asynchronous Secure Multiparty Distributed Computation , 2000, INDOCRYPT.

[93]  Carles Padró,et al.  On Codes, Matroids, and Secure Multiparty Computation From Linear Secret-Sharing Schemes , 2005, IEEE Transactions on Information Theory.

[94]  Yuval Ishai,et al.  One-way functions are essential for single-server private information retrieval , 1999, STOC '99.