[PDF] Top 20 Non-Interactive Secure Computation Based on Cut-and-Choose

... two-party computation (2PC) is a very powerful tool that allows two participants to compute any function of their private inputs without revealing any information about the inputs except for the value of the ... See full document

... Being non-interactive and asynchronous requires that all the sessions are invoked together by an honest party, but the adversary is allowed to schedule them adaptively, and base its inputs for later ... See full document

... security derives from the properties of the added ZKPoKs and (in terms of simulability) from the fact that the new elements related with short BitComs do not belong to the output of a honest party. In the RSC technique ... See full document

... Subliminal Channel. Another attack that a malicious receiver could launch is by embedding information about the randomness rand in the ciphertext and sig- natures it generates. Note that even though the token proves that ... See full document

... a non-interactive delegation scheme (as also described in [BHK17]) is that the former only guarantees non-adaptive soundness, namely, soundness is guaranteed only if the prover first chooses the ... See full document

... adaptively secure garbled circuits in the standard model may be plugged into the second construction in order to maintain its low communication and remove the ... See full document

... to cut-and-choose called LEGO. In this approach, cut-and-choose is not done on several circuits, but rather on individual and independent garbled ...the cut-and-choose step, the ... See full document

... construction based on NTRU (Hoffstein et ...is secure in the mali- cious ...an interactive MPC protocol to jointly decrypt the result, verify each other’s participation, and verify F was hon- estly ... See full document

... for secure computation in the concurrent setting, where the adversary controls the scheduling of the messages of different ...rewinding based simulator may need to execute some sessions more than ... See full document

... Multi-input functional encryption. NIMPC can be viewed as a simplified and restricted form of multi- input functional encryption, a generalization of functional encryption [32, 19, 31, 7] that was very recently studied ... See full document

... scheme based on RAN D), R computes 3 exponentiations; to construct the ciphertext, S computes 14 exponentiations and 8 multiplications; to decrypt the ciphertext, if j = 0, R computes 3 exponentiations, 3 modular ... See full document

... a non- succinct (let alone succinct) NISC with malicious security cannot satisfy the standard polynomial- time simulation-based notion of ...of secure computation. Superpolynomial-time ... See full document

... reusable secure in OLE hybrid model. We show that in an OT-based implementation of the rOLE- primitive, a corrupted sender can recover the receiver’s secret input x after polynomially many ... See full document

... of cut and limiting radial depth of cut suggested by figures 4 and 5 is actually true looking at figure ...of cut should be carefully selected together at high machining ... See full document

... on secure two-party computation [OS97, GKK + 11, LO13, GGH + ...for secure computation of RAM programs in the multiparty setting: An aside in the work of Damg˚ ard, Meldgaard, and Nielsen ... See full document

... The first CLS scheme and the security definition of CLS were presented in [AP03]. In 2004, Yum and Lee proposed a generic construction of CLS from an IBS and a standard signature [YL04]. Later Hu et al. [HWZ+07] pointed ... See full document

... for secure multi-party computation [GMW87,Gol04], and a bit-OT protocol with O(1) communication complexity implies secure computation with constant overhead using GMW, and even with active ... See full document

... of messages. Assuming all scheme in table 1 had reached the level of security of the RSA-1024, as shown in table 1, our scheme was better than the other two on the signature length and the bilinear computation in ... See full document

... The data miner applies mining algorithms to the data provided by data collector, and he wishes to extract useful information from data in a privacy-preserving manner. As introduced in Section I-B, PPDM covers two types ... See full document

... considerably cut back the amount of basic image entities, and thanks to the nice separation conserving filtering characteristic, the salient options of the image area unit ... See full document