Conference Paper

Simplified VSS and Fact-Track Multiparty Computations with Applications to Threshold Cryptography.

Source: DBLP

Full-text preview

Available from:
  • Source
    • "Because SSS is linear, addition of two shared secrets can be computed by having each player locally add his shares of the two values. Multiplication of two shared secrets requires an extra round of communication to guarantee randomness and to correct the degree of the new polynomial [11]. Thus, a distributed multiplication requires a synchronization round with n 2 total messages. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Privacy-preserving techniques for distributed computation have been proposed recently as a promising framework in collaborative inter-domain network monitoring. Several different approaches exist to solve such class of problems, e.g., Homomorphic Encryption (HE) and Secure Multiparty Computation (SMC) based on Shamir’s Secret Sharing algorithm (SSS). Such techniques are complete from a computation-theoretic perspective: given a set of private inputs, it is possible to perform arbitrary computation tasks without revealing any of the intermediate results. In this paper we advocate the use of “elementary” (as opposite to “complete“) Secure Multiparty Computation (E-SMC) procedures for traffic monitoring. E-SMC supports only simple computations with private input and public output, i.e., they can not handle secret input nor secret (intermediate) output. The proposed simplification brings a dramatic reduction in complexity and enables massive-scale implementation with acceptable delay and overhead. Notwithstanding their simplicity, we claim that a simple additive E-SMC scheme is sufficient to perform many computation tasks of practical relevance to collaborative network monitoring, such as anonymous publishing and set operations.
    Full-text · Conference Paper · Jan 2011
  • Source
    • "., Pn, operations [x] + [y], [x] + c, and c[x] are performed by each Pi locally on its shares of x and y, while computation of [x][y] is interactive. The most common way of implementing multiplication is by sending the total of O(n 2 ) messages (where each Pi sends n − 1 messages, one to each other participant ) using, for instance, the techniques of [30], but recent results [37] [5] lower the communication to O(n) messages per multiplication at the cost of preprocessing. We assume complexity O(n 2 ) in our analysis. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Privacy-preserving set operations and set intersection in particular are a popular research topic. Despite a large body of literature, the great majority of the available solutions are two-party protocols and are not composable. In this work we design a comprehensive suite of secure multi-party protocols for set and multiset operations that are composable, do not assume any knowledge of the sets by the parties carrying out the secure computation, and can be used for secure outsourcing. All of our protocols have communication and computation complexity of O(m log m) for sets or multisets of size m, which compares favorably with prior work. Furthermore, we are not aware of any results that realize composable operations. Our protocols are secure in the information theoretic sense and are designed to minimize the round complexity.
    Preview · Article · Jan 2011 · International Journal of Information Security
  • Source
    • "Here, SK = α is computed in a distributed form (i.e., shared by multiple parties forming a distributed authority) using the concept of distributed key generation [39] over Z p . PK is computed using a distributed multiplication protocol over Z p [3] [27]. As we do not require SK during our protocols and as anybody can verify the correctness of PK using pairings, it is possible to consider PK as a global reusable set, shared in many systems. "
    [Show abstract] [Hide abstract]
    ABSTRACT: We introduce and formally define polynomial commitment schemes, and provide two efficient constructions. A polynomial commitment scheme allows a committer to commit to a polynomial with a short string that can be used by a verifier to confirm claimed evaluations of the committed polynomial. Although the homomorphic commitment schemes in the literature can be used to achieve this goal, the sizes of their commitments are linear in the degree of the committed polynomial. On the other hand, polynomial commitments in our schemes are of constant size (single elements). The overhead of opening a commitment is also constant; even opening multiple evaluations requires only a constant amount of communication overhead. Therefore, our schemes are useful tools to reduce the communication cost in cryptographic protocols. On that front, we apply our polynomial commitment schemes to four problems in cryptography: verifiable secret sharing, zero-knowledge sets, credentials and content extraction signatures.
    Preview · Article · Jul 2010
Show more