The polynomial-time hierarchy and sparse oracles
Journal of the ACM (JACM)
The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Encrypting problem instances: Or ... can you take advantage of someone without having to trust him?
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Does co-NP have short interactive proofs?
Information Processing Letters
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Speeding up secret computations with insecure auxiliary devices
CRYPTO '88 Proceedings on Advances in cryptology
CRYPTO '89 Proceedings on Advances in cryptology
Witness-based cryptographic program checking and robust function sharing
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
On zero-knowledge proofs (extended abstract): “from membership to decision”
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Scalable security and accounting services for content-based publish/subscribe systems
Proceedings of the 2005 ACM symposium on Applied computing
Securely outsourcing linear algebra computations
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
From secrecy to soundness: efficient verification via secure computation
ICALP'10 Proceedings of the 37th international colloquium conference on Automata, languages and programming
Efficiency tradeoffs for malicious two-party computation
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
| Hi-index | 0.00 |
We consider the problem of computing with encrypted data. Player A wishes to know the value ƒ(x) for some x but lacks the power to compute it. Player B has the power to compute ƒ and is willing to send ƒ(y) to A if she sends him y, for any y. Informally, an encryption scheme for the problem ƒ is a method by which A, using her inferior resources, can transform the cleartext instance x into an encrypted instance y, obtain ƒ(y) from B, and infer ƒ(x) from ƒ(y) in such a way that B cannot infer x from y. When such an encryption scheme exists, we say that ƒ is encryptable.The framework defined in this paper enables us to prove precise statements about what an encrypted instance hides and what it leaks, in an information-theoretic sense. Our definitions are cast in the language of probability theory and do not involve assumptions such as the intractability of factoring or the existence of one-way functions. We use our framework to describe encryption schemes for some natural problems in NP ⋒ CoNP.We also consider the following generalization of encryption schemes. Player A, who is limited to probabilistic polynomial time, wishes to guess the value ƒ(x) with probability at least 1/2 + 1/|x|c of being correct, for some constant c. Player B can compute any function and generate arbitrary probability distributions. Players A and B can interact for a polynomial number of rounds by sending polynomial-sized messages. We prove a strong negative result: there is no such generalized encryption scheme for SAT that leaks no more than the size of x (unless the polynomial hierarchy collapses at the second level).