[PDF] Top 20 Non-Interactive Secure Computation from One-Way Functions

... adversary from gaining undue advantage by reset- ting the stateless token that it receives from the honest ...adversary from resetting the token and changing its input in each interaction with the ... See full document

... queries from Goldman Sachs – indeed, Goldman Sachs should learn nothing at all except that the client performed an authorized ...in one session, a client can only learn the answer to a single query of a ... See full document

... only one round of interaction, we require that all the randomness used for the second message of the OT queries for circuit gc i , is also derived from the PRF key seed i ... See full document

... trapdoor one-way permutation (in construction of TE) and the latter uses a one-way permutation (in construction of ...computationally secure (trapdoor) one-way ...hash ... See full document

... use. From a result shown in [GLP + 15], we can obtain a constant-round κ-robust one-one CCA-secure commitment scheme from one-way functions for every constant κ ∈ N ... See full document

... The scheme described above works only for a single evaluation of f . To ac- commodate multiple evaluations of f , Gennaro et al. propose the use of fully homomorphic encryption (FHE) in the following way. The ... See full document

... public-coin) interactive proof systems into non-interactive argument ...systems. One such formal result is stated in Theorem ...exponentially secure one-way ... See full document

... on one-way ...to secure function evaluation (SFE) starting with Yao’s work, but also in parallel cryptography [AIK04, AIK05], verifiable computation [GGP10, AIK10], software protection [GKR08, ... See full document

... when one compares in detail the two physical devices. Indeed, PUFs are non-programmable and thus provide unpredictability ...protected from physical attacks and thus the functionalities that they ... See full document

... knowledge from an adver- sary is to run it on multiple related inputs to deduce what it “knows” from the resulting ...limited. One main limitation of rewinding-based extraction is that it requires ... See full document

... differs from previous works such as [KRR14], which focused on general transformations obtained by applying any PIR scheme to any PCP with strong enough soundness properties (see ... See full document

... our non generic transformation shows that, using structural properties of the original schemes, it is possible to achieve CCA-security even at lower costs and surprisingly without a lot of additional ...universal ... See full document

... Our rNISC/OLE protocol is information-theoretic and does not rely on any cryptographic as- sumptions. Its complexity is polynomial in the size of an arithmetic branching program being computed. This is sufficient to ... See full document

... of one-way functions, we believe our results are an important step towards proving hardness results for simpler families of ...for non-interactive differential privacy from ... See full document

... candidate non-succinct NISC protocols for use in our main ...constructed from just a notion of “weak oblivious transfer” (see Appendix ...onto one-way function, which cannot necessarily be ... See full document

... However, one could easily adapt the above definitions to capture statistical security and computational ...obfuscation from the ...results from [4] apply and one can only hope to get general ... See full document

... as one of the goals of using PUFs is to avoid reliance on trusted ...for secure computation in the malicious-PUF model under additional, number-theoretic ... See full document

... The goal of program obfuscation is to transform a given program (say described as a boolean circuit) into another “scrambled” circuit which is functionally equivalent by “hiding” its implementation details (making it ... See full document

... efficiently from various computational assumptions (such as the DDH [13], `-Linear [31], DCR [13], or QR [13] ...mildly secure NIKE scheme into one that satisfies a stronger form of security (dubbed ... See full document

... trapdoor functions were created as a building block for IND-CCA secure encryption, lossy encryption was initially created to help prove security against an active adversary in the Multiparty Compu- tation ... See full document