[PDF] Top 20 Reusable Non-Interactive Secure Computation

... In Section 4.3 we show that there is no UC secure rNISC/OT protocol for genearl zero-knowledge proof functionality (Figure 4). Suppose such protocol exists. This means the sender can prove statements x ∈ L just by ... See full document

... a non-interactive delegation scheme (as also described in [BHK17]) is that the former only guarantees non-adaptive soundness, namely, soundness is guaranteed only if the prover first chooses the ... See full document

... Can we satisfy these requirements? While well-known two-party computation protocols (e.g., [Yao86, GMW87]) offer remarkably powerful simulation-based security guarantees, these guarantees hold only in the ... See full document

... two-party computation and lead to particularly efficient protocols for arithmetic circuits in terms of interaction and ...outsource computation on sensitive data to cloud providers. Our interactive ... See full document

... It is instructive to take a closer look at the notion of effective degree and see how it relates to existing notions. Recall that effective degree essentially allows the parties to apply arbitrary local- preprocessing of ... See full document

... One of our conceptual contributions is showing that public-verifiability is possible even if the query- encryption is semantically secure. We overcome the above difficulty by utilizing a specific query- encryption ... See full document

... maliciously secure two-party computation based on garbled circuits are often extremely ...highly non-trivial to modify these protocols and reason about what new security guarantees ... See full document

... is secure in the mali- cious ...an interactive MPC protocol to jointly decrypt the result, verify each other’s participation, and verify F was hon- estly computed by the ...protocol, interactive ... See full document

... How to circumvent the NIKE lower bound. However, similar to previous works, Bader et al. assume that any secret key (or, more generally, problem solution) output by R can be used to solve corresponding challenges posed ... See full document

... security derives from the properties of the added ZKPoKs and (in terms of simulability) from the fact that the new elements related with short BitComs do not belong to the output of a honest party. In the RSC technique ... See full document

... multiparty computation because the adversary learns non-trivial information from calls to the trusted ...a non-interactive perfectly binding commit- ment scheme (Appendix ...k-robust ... See full document

... Verifiable Computation, we also have information-theoretic protocols which are secure against any (possibly computationally unbounded) ...is non-interactive (while [GKR08,GR18] requires Ω(1) ... See full document

... a secure computation that implements the algorithm and is run between any pair of people who suspect that they might be ...for secure computation requires the participants to coordinate a time ... See full document

... Additionally, we also use the following advanced primitives that were recently constructed based on one way functions: resettable zero knowledge argument of knowledge and resettably sound zero knowledge arguments. ... See full document

... Applications. Our main motivating application is for scenarios involving secure computations without interaction, such as the one described above. While in the motivating discussion we assumed the parties to be ... See full document

... of computation from one party to an- other; that is, using delegation, the sender can compute both the correct result of some (possibly expensive) computation on a receiver’s input and a (short) proof which ... See full document

... verifier’s computation and overall communication grows with poly(|x|, λ, log(T )), where λ is the security parameter and T is the verification time for checking that x ∈ L (given ...of ... See full document

... optimizing secure realizations of commonly used op- ...in secure implementation of a comparison operation (be it based on garbled circuits, homomorphic encryption, or secret sharing techniques) leads to a ... See full document

... There have been many attempts to develop tools that support verified implementations. Many of these tools support proofs in the symbolic model of cryptography. There are some notable ex- ceptions, however. For instance, ... See full document

... Since the client-side computational logic needs to process secret values (e.g., the original index), their cost cannot be ignored as in traditional ORAMs designed merely for out- sourcing storage. On the contrary, the ... See full document