Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oblivious Transfer and Linear Functions Ivan Damgård, Louis Salvail, Christian Schaffner (BRICS, University of Aarhus, Denmark) Serge Fehr (CWI Amsterdam,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Oblivious Transfer and Linear Functions Ivan Damgård, Louis Salvail, Christian Schaffner (BRICS, University of Aarhus, Denmark) Serge Fehr (CWI Amsterdam,"— Presentation transcript:

1 Oblivious Transfer and Linear Functions Ivan Damgård, Louis Salvail, Christian Schaffner (BRICS, University of Aarhus, Denmark) Serge Fehr (CWI Amsterdam, The Netherlands) CRYPTO 2006, Santa Barbara Wednesday, August 23, 2006

2 2 / 25 Agenda OT and Randomized OT Characterisation of Sender-Security with Linear Functions Application: Universal OT Conclusion

3 3 / 25 1-2 Oblivious Transfer 1 - 2 OT S C S 0 ; S 1 C 2 f 0 ; 1 g [ W i esner s 70, R a b i n 81, E ven G o ld re i c h L empe l 82 K i l i an 88, C r ¶ epeau 89,... ] ² correc t ness: wor k s f or h ones t p l ayers, ² rece i ver-secur i t y: 8 ~ A d i s h ones t sen d ers, ~ A s h ou ld no t l earn C, ² sen d er-secur i t y: 8 ~ B d i s h ones t rece i vers, ~ B s h ou ld no t l earn S 1 ¡ C.

4 4 / 25 ( S C © S C ) © S C S C Randomized 1-2 Oblivious Transfer R an d 1 - 2 OT S 0 ; S 1 C 2 f 0 ; 1 g CS 0 ; S 1 S 0 © S 0 ; S 1 © S 1 S C

5 5 / 25 Definition Rand 1-2 OT R an d 1 - 2 OT C 2 f 0 ; 1 g S 0 ; S 1 S C [ C r ¶ epeau S avv i d es S c h a ® ner W u ll sc hl eger 06 ] P ro t oco l ¦ compu t es R an d 1 - 2 OT secure l y, i f 8 i npu t s C ¦ pro d ucesou t pu t ssuc h t h a t ² correc t ness: I f A an d B h ones t, A ge t s S 0 ; S 1, B ge t s S C. ° ° P S 1 ¡ D VS D D ¡ P unif ¢ P VS D D ° ° = 0 ² rece i ver-secur i t y: 8 ~ A d i s h ones t sen d ersw i t h v i ew U, P UC = P U ¢ P C. ² sen d er-secur i t y: 8 ~ B d i s h ones t rece i versw i t h v i ew V, 9 D 2 f 0 ; 1 g s. t. d ( S 1 ¡ D j VS D D ) = 0.

6 6 / 25 R an d 1 - 2 OT CS C S 0 ; S 1 2 f 0 ; 1 g Sender-Security for Rand OT of Bits 9 D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0 01 0 ½¼ 1 ¼0 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ), ) d ( S 0 © S 1 j V ) = 0 D ? V.

7 7 / 25 Sender-Security for Rand OT of Bits R an d 1 - 2 OT CS C S 0 ; S 1 2 f 0 ; 1 g 01 0 ½¼ 1 ¼0 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) 01 0 ¼¼ 1 00 01 0 ¼0 1 ¼0 S 0 S 1 S 1 S 0 P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) V. 9 D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0, d ( S 0 © S 1 j V ) = 0

8 8 / 25 Sender-Security for Rand OT of Bits V R an d 1 - 2 OT CS C S 0 ; S 1 2 f 0 ; 1 g 01 0 ab 1 cd S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) 01 0 aa 1 cc 01 0 0b-a 1 0 S 0 S 1 S 1 S 0 w l og: b ¸ aa + d = c + b c + ( b ¡ a ) = d ) 9 D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0 d ( S 0 © S 1 j V ) = 0 P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v )

9 9 / 25 Characterisation of Sender-Security ) 8 NDLF ¯ : d ( ¯ ( S 0 ; S 1 ) j V ) · " 9 D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) · ". V R an d 1 - 2 OT CS C S 0 ; S 1 2 f 0 ; 1 g `

10 10 / 25 Characterisation of Sender-Security 8 NDLF ¯ : d ( ¯ ( S 0 ; S 1 ) j V ) · " = 2 2 ` + 1 ) 9 D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) · ". T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) · " = 2 2 ` + 1 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) · ". R an d 1 - 2 OT CS C V. S 0 ; S 1 2 f 0 ; 1 g `

11 11 / 25 Proof for, perfect case ` = 2 00011011 00 abcd 01 efgh 10 ijkl 11 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0. P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v )

12 12 / 25 Proof for, perfect case ` = 2 00011011 00 abcd 01 efgh 10 ijkl 11 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) b + e = a + f P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

13 13 / 25 Proof for, perfect case ` = 2 00011011 00 abcd 01 efgh 10 ijkl 11 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) b + e = a + f c + e = a + g P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

14 14 / 25 Proof for, perfect case ` = 2 00011011 00 abcd 01 efgh 10 ijkl 11 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) b + e = a + f c + e = a + g d + e = a + h P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

15 15 / 25 S 1 Proof for, perfect case ` = 2 00011011 00 abcd 01 efgh 10 ijkl 11 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 P S 0 S 1 V ( ¢ ; ¢ ; v ) b + e = a + f c + e = a + g d + e = a + h d + m = a + p d + i = a + l c + i = a + k c + m = a + o b + i = a + j b + m = a + n + + ¡ + + ¡ + ¡ ¡ b + d + e + g + j + l + m + o = a + c + f + h + i + k + n + p P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

16 16 / 25 S 1 Proof for, perfect case ` = 2 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 P S 0 S 1 V ( ¢ ; ¢ ; v ) b + e = a + f c + e = a + g d + e = a + h d + m = a + p d + i = a + l c + i = a + k c + m = a + o b + i = a + j b + m = a + n + + ¡ + + ¡ + ¡ ¡ b + d + e + g + j + l + m + o = a + c + f + h + i + k + n + p P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0. 00101101010 abcd 0101 efgh 1010 ijkl 1 mnop ¯ ( s 0 ; s 1 ) : = s 2 0 © s 2 1

17 17 / 25 b + e = a + f c + e = a + g d + e = a + h d + m = a + p d + i = a + l c + i = a + k c + m = a + o b + i = a + j b + m = a + n + + ¡ + + ¡ + ¡ ¡ Proof for, perfect case ` = 2 0010110101 0 abcd 0101 efgh 1010 ijkl 1 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) ¯ ( s 0 ; s 1 ) : = s 2 0 © s 2 1 ¯ ( s 0 ; s 1 ) = 1 ¯ ( s 0 ; s 1 ) = 0 ¯ ( s 0 ; s 1 ) = 1 ¯ ( s 0 ; s 1 ) = 0 b + d + e + g + j + l + m + o = a + c + f + h + i + k + n + p P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

18 18 / 25 b + e = a + f c + e = a + g d + e = a + h d + m = a + p d + i = a + l c + i = a + k c + m = a + o b + i = a + j b + m = a + n Proof for, perfect case ` = 2 0010110101 0 abcd 0101 efgh 1010 ijkl 1 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) ¯ ( s 0 ; s 1 ) = 1 ¯ ( s 0 ; s 1 ) = 0 b + d + e + g + j + l + m + o = a + c + f + h + i + k + n + p b + d + f + h + i + k + m + o = a + c + e + g + j + l + n + p ¯ ( s 0 ; s 1 ) : = s 1 0 © s 2 1 P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

19 19 / 25 b + e = a + f c + e = a + g d + e = a + h d + m = a + p d + i = a + l c + i = a + k c + m = a + o b + i = a + j b + m = a + n Proof for, perfect case ` = 2 0010110101 0 abcd 0101 efgh 1010 ijkl 1 mnop 00011011 00 aaaa 01 eeee 10 iiii 11 mmmm 00011011 00 0b-ac-ad-a 01 0b-ac-ad-a 10 0b-ac-ad-a 11 0b-ac-ad-a S 1 S 0 S 0 S 1 S 0 S 1 P S 0 S 1 V ( ¢ ; ¢ ; v ) b + d + e + g + j + l + m + o = a + c + f + h + i + k + n + p 8 < : 8 < : b + d + f + h + i + k + m + o = a + c + e + g + j + l + n + p... P S 0 S 1 DV ( ¢ ; ¢ ; 0 ; v ) P S 0 S 1 DV ( ¢ ; ¢ ; 1 ; v ) T h eorem: I ff ora ll NDLF ¯, d ( ¯ ( S 0 ; S 1 ) j V ) = 0 h o ld s, t h en t h ereex i s t s D 2 f 0 ; 1 g suc h t h a t d ( S 1 ¡ D j VS D D ) = 0.

20 20 / 25 Agenda OT and Randomized OT Characterisation of Sender-Security with Linear Functions Application: Universal OT Conclusion

21 21 / 25 Application: Universal OT R an d 1 - 2 OT S C C 2 f 0 ; 1 g U n i versa l OT X 2 f 0 ; 1 g 2 n P Y j X * S 0 ; S 1 Y. [ C ac h i n 98 ] H 1 ( X j Y ) ¸ n

22 22 / 25 X 0 ; X 1 2 f 0 ; 1 g n 0 1 1 1 0 1 Reduction: Protocol S 0 ; S 1 ran d om S 1 = ? S 0 UOT C = 0 F 0 ; F 1 ² correc t ness: I f A an d B h ones t, A ge t s S 0 ; S 1, B ge t s S C. Y = X C 0 1 1 ? ? ? X 1 X 0 F 0 2 R F F 1 2 R F ² rece i ver-secur i t y: 8 ~ A d i s h ones t sen d ersw i t h v i ew U, P UC = P U ¢ P C. H 1 ( X j Y ) ¸ n 8 < : 9 = ;

23 23 / 25 Reduction: Problem ran d om UOT S 0 ; S 1 F 0 ; F 1 F 0 2 R F F 1 2 R F Y. sen d er-secur i t y: 9 D s. t. d ( S 1 ¡ D j VDS D ) · " S D S 1 ¡ D = ? P Y j X 0 X 1 ¢ ¢ ¢ ¢ x 6 = x 0 ) F ( x ) ; F ( x 0 ) i n- d epen d en t an d un i f orm. X 0 2 f 0 ; 1 g n F 0 2 R F S 0 2 f 0 ; 1 g ` H 1 ( X 0 j V ) b i g ) d ( S 0 j VF ) sma ll P r i vacy A mp li¯ ca t i on X 0 ; X 1 2 f 0 ; 1 g n 0 1 0 1 X 1 X 0 9 = ; 8 < : H 1 ( X 0 X 1 j Y ) ¸ n

24 24 / 25 Reduction: Problem ran d om UOT S 0 ; S 1 F 0 ; F 1 F 0 2 R F F 1 2 R F Y. sen d er-secur i t y: 9 D s. t. d ( S 1 ¡ D j VDS D ) · " S D S 1 ¡ D = ? P Y j X 0 X 1 ¢ ¢ ¢ ¢ X 0 2 f 0 ; 1 g n F 0 2 R F S 0 2 f 0 ; 1 g ` X 0 ; X 1 2 f 0 ; 1 g n 0 1 0 1 X 1 X 0 9 = ; 8 < : T h eorem: 8 NDLF ¯ : d ( ¯ ( S 0 ; S 1 ) j V ) sma ll ) ¯ ( S 0 ; S 1 ) 2 f 0 ; 1 g X 1 2 f 0 ; 1 g n F 1 2 R F S 1 2 f 0 ; 1 g ` O b serve: T h ec l ass F ¯ : = f ¯ ( F 0 ( ¢ ) ; F 1 ( ¢ )) j F 0 2 F ; F 1 2 F g i s s t rong l y t wo-un i versa l. H 1 ( X 0 X 1 j V ) b i g ) d ( ¯ ( S 0 ; S 1 ) j V ) sma ll H 1 ( X 0 j V ) b i g P r i vacy A mp li¯ ca t i on ) d ( S 0 j VF ) sma ll PA H 1 ( X 0 X 1 j Y ) ¸ n

25 25 / 25 Conclusion Characterisation of sender-privacy: A protocol for Rand-OT is secure against a cheating receiver, iff he gets no information about any non-degenerate linear function. Observation: NDLF compose well with strongly two-universal hash functions. yields powerful technique: Enough min-entropy suffices to get an OT via (strongly) two-universal hashing, also works in quantum settings. Reductions: Simpler analyses of reductions from String-OT to weaker primitives, better parameters.

26 Thank you

27 27 / 25 PA : d ( F ( X ) |{z} ¯ ( S 0 ; S 1 ) j F ; V = v |{z} V ) · 2 ¡ 1 2 ¡ H 1 ( X j V = v ) ¡ 1 ¢ The Bottom Line Bob Alice 011001010110 v i ew V = v. S 0 ; S 1 2 f 0 ; 1 g ` X 2 f 0 ; 1 g n · " ¢ 2 ¡ 2 ` ¡ 1 9 C 0 s. t. d ( S 1 ¡ C 0 j VC 0 S C 0 ) · " F 2 R F ¯ : = f ¯ ( F 0 ( ¢ ) ; F 1 ( ¢ )) j F 0 2 F 0 ; F 1 2 F 1 g 101, 001 F 0 ; F 1 H 1 ( X j V = v ) ¸ ®n F 0 2 R F F 1 2 R F

28 28 / 25 Privacy Amplification (PA) 011001010110101001 X 2 f 0 ; 1 g n x 6 = x 0 ) F ( x ) ; F ( x 0 ) i n d epen d en t an d un i - f orm. F ( X ) 2 f 0 ; 1 g ` F ( X ) = ? v i ew V = v. T h m: d ( F ( X ) j F ; V = v ) · 2 ¡ 1 2 ¡ H 1 ( X j V = v ) ¡ ` ¢ F 2 R F. [ I mpag l i azzo L ev i n L u b y 89, H º as t a d ILL 99, B enne tt B rassar d C r ¶ epeau M aurer 95, R enner 06 ]

Download ppt "Oblivious Transfer and Linear Functions Ivan Damgård, Louis Salvail, Christian Schaffner (BRICS, University of Aarhus, Denmark) Serge Fehr (CWI Amsterdam,"

Similar presentations

What time is it Now?.

What time is it Now?.
On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
Conditional Probabilities over Probabilistic and Nondeterministic Systems M. E. Andrés and P. van Rossum Radboud Universiteit Nijmegen, The Netherlands.

Conditional Probabilities over Probabilistic and Nondeterministic Systems M. E. Andrés and P. van Rossum Radboud Universiteit Nijmegen, The Netherlands.
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (ETH Zürich,

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (ETH Zürich,
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.
Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner www.wisdom.weizmann.ac.il/~iftachh WEIZMANN INSTITUTE.

Implementing Oblivious Transfer Using a Collection of Dense Trapdoor Permutations Iftach Haitner WEIZMANN INSTITUTE.
Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,

Christian Schaffner CWI Amsterdam, Netherlands Position-Based Quantum Cryptography: Impossibility and Constructions Seminar Eindhoven, Netherlands Wednesday,
Rigorous Analyses of Simple Diversity Mechanisms Tobias Friedrich Nils Hebbinghaus Frank Neumann Max-Planck-Institut für Informatik Saarbrücken.

Rigorous Analyses of Simple Diversity Mechanisms Tobias Friedrich Nils Hebbinghaus Frank Neumann Max-Planck-Institut für Informatik Saarbrücken.
Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.
Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Miguel E. Andrés Radboud University, The Netherlands Significant Diagnostic Counterexamples in Probabilistic Model Checking Pedro D’Argenio Famaf, Argentina.

Miguel E. Andrés Radboud University, The Netherlands Significant Diagnostic Counterexamples in Probabilistic Model Checking Pedro D’Argenio Famaf, Argentina.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Row 1 Row 6 Row 5 Row 2 Row 7 Row 3 Row 8 Row 4 Row 9 Row 10 Row 11.

Row 1 Row 6 Row 5 Row 2 Row 7 Row 3 Row 8 Row 4 Row 9 Row 10 Row 11.
1 Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold.

1 Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold.
A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.

A Tight High-Order Entropic Quantum Uncertainty Relation with Applications Serge Fehr, Christian Schaffner (CWI Amsterdam, NL) Renato Renner (University.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
Non-interactive and Reusable Non-malleable Commitments Ivan Damgård, BRICS, Aarhus University Jens Groth, Cryptomathic A/S.

Non-interactive and Reusable Non-malleable Commitments Ivan Damgård, BRICS, Aarhus University Jens Groth, Cryptomathic A/S.

Similar presentations

Ads by Google