How to construct random functions
Journal of the ACM (JACM)
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Non-interactive oblivious transfer and applications
CRYPTO '89 Proceedings on Advances in cryptology
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Privacy preserving auctions and mechanism design
Proceedings of the 1st ACM conference on Electronic commerce
Efficient oblivious transfer protocols
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Gradual and Verifiable Release of a Secret
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Fair secure two-party computation
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Public-key steganography with active attacks
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Upper and lower bounds on black-box steganography
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Practical Secure Evaluation of Semi-private Functions
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
On the round complexity of covert computation
Proceedings of the forty-second ACM symposium on Theory of computing
SILENTKNOCK: practical, provably undetectable authentication
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
We introduce covert two-party computation, a stronger notion of security than standard secure two-party computation. Like standard secure two-party computation, covert two-party computation allows Alice and Bob, with secret inputs xA and xB respectively, to compute a function f(xA,xB) without leaking any additional information about their inputs. In addition, covert two-party computation guarantees that even the existence of a computation is hidden from all protocol participants unless the value of the function mandates otherwise. This allows the construction of protocols that return f(xA,xB) only when it equals a certain value of interest (such as "Yes, we are romantically interested in each other") but for which neither party can determine whether the other even ran the protocol whenever f(xA,xB) is not a value of interest. Since existing techniques for secure function evaluation always reveal that both parties participate in the computation, covert computation requires the introduction of new techniques based on provably secure steganography. We introduce security definitions for covert two-party computation and show that this surprising notion can be achieved by a protocol given the Decisional Diffie-Hellman assumption in the "honest but curious" model. Using this protocol as a subroutine, we present another protocol which is fair and secure against malicious adversaries in the Random Oracle Model --- unlike most other protocols against malicious adversaries, this protocol does not rely on zero-knowledge proofs (or similar cut-and-choose techniques), because they inherently reveal that a computation took place. We remark that all our protocols are of comparable efficiency to protocols for standard secure two-party computation.