STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Multiparty unconditionally secure protocols
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Founding crytpography on oblivious transfer
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Verifiable secret sharing and multiparty protocols with honest majority
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Communications of the ACM
Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin
SFCS '83 Proceedings of the 24th Annual Symposium on Foundations of Computer Science
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Detectable byzantine agreement secure against faulty majorities
Proceedings of the twenty-first annual symposium on Principles of distributed computing
Fair Computation of General Functions in Presence of Immoral Majority
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Hi-index | 0.00 |
We address the problem of performing a multiparty computation when more than half of the processors are cooperating Byzantine faults. We show how to compute any boolean function of n inputs distributively, preserving the privacy of inputs held by nonfaulty processors, and ensuring that faulty processors obtain the function value "if and only if" the nonfaulty processors do. If the nonfaulty processors do not obtain the correct function value, they detect cheating with high probabihty. Our solution is based on a new type of verifiable secret sharing in which the secret is revealed not all at once but in small increments. This slow-revealing process ensures that all processors discover the secret at roughly the same time. Our solution assumes the existence of an oblivious transfer protocol and uses broadcast channels. We do not require that the processors have equal computing power.