AI帮你理解科学

AI 生成解读视频

AI抽取解析论文重点内容自动生成视频

生成解读视频

AI 溯源

AI解析本论文相关学术脉络

生成溯源树

AI 精读

AI抽取本论文的概要总结

微博一下：

We present unconditionally secure implementations of several cryptographic primitives based on anonymous communication over public channels

Cryptography from Anonymity

Berkeley, CA, (2006): 239-248

引用：133|浏览34

EI WOS

下载 PDF 全文

原文链接

其它链接

dblp.uni-trier.de dl.acm.org academic.microsoft.com

引用

微博一下

关键词

cryptographic contextinsecure channelmultiple userbuilding blockanonymous channel更多(10+)

摘要

There is a vast body of work on implementing anonymous communication. In this paper, we study the possibility of using anonymous communication as a building block, and show that one can leverage on anonymity in a variety of cryptographic contexts. Our results go in two directions. middot Feasibility. We show that anonymous communication o...更多

代码：

数据：

精读

下载 PDF 全文

PPT (上传PPT)

相似论文

引用论文

被引论文

简介

There are many scenarios in which anonymous communication can be implemented at a low cost, either via physical means or by means of special-purpose protocols.
Private anonymous channels, allowing the adversary to learn only messages sent or received by corrupted players.

重点内容

There are many scenarios in which anonymous communication can be implemented at a low cost, either via physical means or by means of special-purpose protocols
We present unconditionally secure implementations of several cryptographic primitives based on anonymous communication over public channels
There is no obvious way to combine the advantages of non-private but anonymous channels and private but non-anonymous channels
We suggest the following direct implementation of PrivAnon based on Anon
(2) If the adversary corrupts only one sender, it cannot violate the privacy or the correct delivery of the message sent by the other sender, nor can it correlate its own message with the other message
Lemma 4.6 establishes the privacy of the protocol for an arbitrary number of clients, with the same amount of noise as that required for the privacy of a single client: Theorem 4.7 If the CR assumption (Definition 4.5) holds with parameters (F (k), c(k), t(k), n(k)), the above anonymous private information retrieval protocol remains computationally private for an arbitrary number of clients, as long as the total amount of noise contributed by uncorrupted clients is at least n(k)

结果

One could assume that the adversary only learns messages received by corrupted players; the authors call such a primitive private-anonymous channel and denote the corresponding functionality by PrivAnon.
The authors show how n ≥ 2 clients can privately compute statistics on their combined inputs by each sending few anonymous messages to a central server.
The authors' protocols only require one-way anonymous communication and are private with respect to an adversary corrupting the server along with an arbitrary number of clients.5 Note that it is impossible to obtain such non-interactive protocols in the standard model, even if one settles for computational privacy.
The authors want to design a protocol in which each client sends a small number of anonymous messages to the server, from which the server can recover the sum of all inputs without learning additional information about the inputs.
The authors use anonymous channels to obtain a PIR protocol which allows a server to handle queries that may originate from many different clients using a nearly optimal amount of communication and computation.
(The security of the protocol will be guaranteed as long as the total number of noise points sent by uncorrupted clients is at least n.) The server replies to each query with an answer sj = qx.
Lemma 4.6 establishes the privacy of the protocol for an arbitrary number of clients, with the same amount of noise as that required for the privacy of a single client: Theorem 4.7 If the CR assumption (Definition 4.5) holds with parameters (F (k), c(k), t(k), n(k)), the above anonymous PIR protocol remains computationally private for an arbitrary number of clients, as long as the total amount of noise contributed by uncorrupted clients is at least n(k).

结论

(A larger value of represents a more conservative assumption.) assuming two-way anonymous communication, there is a one-round PIR protocol involving a single server and multiple clients in which the amortized communication and computation per query are O(t) = O.
(Ideally, the number of users is sufficiently large so that each user receives at most a single element of F for each database in the system.) To access the ith entry in a database x, a user first computes a set of queries as in the above PIR protocol, and fetches the answers by anonymously contacting the users that hold the answers to these queries.

相关工作

A variant of the toy example presented above (for key agreement using anonymity) was suggested by Alpern and Schneider [2]. A similar idea was previously used by Winkler [55] for establishing secure channels in the game of Bridge. Our work, in contrast, achieves key agreement in the presence of malicious parties, a problem that was posed and left open in [2]. The related problem of obtaining key agreement from recipient anonymity, which hides the identity of the receiver rather than that of the sender, was considered in [48]. Pfitzmann and Waidner [49] use a variant of private anonymous communication as an intermediate step for obtaining highly resilient broadcast protocols. Finally, Anonymous communication has also been exploited in the context of practically oriented applications such as voting [13] and electronic cash [53].

基金

Supported in part by IBM Faculty Award, Intel equipment grant, NSF Cybertrust grant No 0430254, Xerox Award and grant 2002354 from the U.S.-Israel Binational Science Foundation

引用论文

Anonymity bibliography. http://www.freehaven.net/anonbib/
B. Alpern and F. B. Schneider. Key exchange Using ‘Keyless Cryptography’. Information Processing Letters Vol. 16, pages 79-81, 1983.
A. Beimel, Y. Ishai, E. Kushilevitz, and J. F. Raymond. Breaking the O(n1/(2k−1)) Barrier for InformationTheoretic Private Information Retrieval. In Proc. 43rd FOCS, pages 261–270, 2002.
A. Beimel, Y. Ishai, and T. Malkin. Reducing the servers’ computation in private information retrieval: PIR with preprocessing. Journal of Cryptology, 17(2), pages 125–151, 200Earlier version in CRYPTO 2000.
A. Beimel and T. Malkin. A Quantitative Approach to Reductions in Secure Computation. In Proc. of 1st TCC, pages 238-257, 2004.
C. H. Bennett, G. Brassard, and J. M. Robert. Privacy Amplification by Public Discussion. SIAM J. Comput. 17(2): 210-229 (1988).
R. Berman, A. Fiat, and A. Ta-Shma. Provable Unlinkability against Traffic Analysis. In Proc. of 8th Financial Cryptography, pages 266-280, 2004.
D. Bleichenbacher, A. Kiayias, and M. Yung. Decoding of Interleaved Reed Solomon Codes over Noisy Data. In Proc. of ICALP 2003, pages 97-108.
D. Bleichenbacher and P. Q. Nguyen. Noisy Polynomial Interpolation and Noisy Chinese Remaindering. In Proc. of EUROCRYPT 2000, pages 53-69.
C. Cachin, S. Micali, and M. Stadler. Computationally private information retrieval with polylogarithmic communication. In Proc. of EUROCRYPT ’99, pages 402–414.
R. Canetti. Security and composition of multiparty cryptographic protocols. In J. of Cryptology, 13(1), 2000.
D. Chaum. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Commun. ACM, Vol. 24(2), pages 84-88, 1981. Also: UC Berkeley M.Sc. Thesis, 1979.
D. Chaum. Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA. In Proc. EUROCRYPT 1988, pages 177-182.
S. Chawla, C. Dwork, F. McSherry, A. Smith, and H. Wee. Toward Privacy in Public Databases. In Proc. of 2nd TCC, pages 363–385, 2005.
B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. J. of the ACM, 45:965–981, 1998. Earlier version in FOCS ’95.
B. Chor and E. Kushilevitz. A Zero-One Law for Boolean Privacy. SIAM J. Discrete Math 4(1): 36-47, 1991. Earlier version in STOC ’89.
D. Coppersmith and M. Sudan. Reconstructing curves in three (and higher) dimensional space from noisy data. In Proc. of 35th STOC, pages 136-142, 2003.
R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin. Efficient Multiparty Computations Secure Against an Adaptive Adversary. In Proc. EUROCRYPT 1999, pages 311-326.
I. Dinur and K. Nissim. Revealing information while preserving privacy. In Proc. of 22nd PODS, pp. 202-210, 2003.
U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. of 26th STOC, pages 554-563, 1994.
J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R. Wright. Secure Multiparty Computation of Approximations. In Proc. 28th ICALP, pages 927-938, 2001.
M. J. Fischer and R. N. Wright. Multiparty Secret Key Exchange Using a Random Deal of Cards. In Proc. CRYPTO 1991, pages 141-155.
M. Fitzi, J. Garay, U. Maurer, and R. Ostrovsky. Minimal Complete Primitives for Secure Multi-party Computation. In Proc. Crypto 2001, pages 80-100.
M. Fitzi and U. Maurer. From partial consistency to global broadcast. In Proc. 32nd STOC, pages 494-503, 2000.
M. Fitzi, S. Wolf, and J. Wullschleger. Pseudo-signatures, Broadcast, and Multi-party Computation from Correlated Randomness. In Proc. CRYPTO 2004, pages 562-578.
C. Gentry and Z. Ramzan. Single-Database Private Information Retrieval with Constant Communication Rate. In Proc. 32nd ICALP, pages 803-815, 2005.
O. Goldreich. Foundations of Cryptography: Basic Applications. Cambridge University Press, 2004.
V. Guruswami and F. Parvaresh. Personal communication.
V. Guruswami and A. Rudra. Explicit Capacity-Achieving List-Decodable Codes. In Proc. 38th STOC, pp. 1-10, 2006.
V. Guruswami, and M. Sudan. Improved decoding of Reed-Solomon and algebraic-geometry codes. IEEE Transactions on Information Theory, Vol. 45(6), pages 1757-1767, 1999. Earlier version in FOCS ’98.
D. Harnik, M. Naor, O. Reingold, and A. Rosen. Completeness in two-party secure computation: a computational view. In Proc. 36th STOC, pages 252-261, 2004.
R. Impagliazzo and M. Naor. Efficient Cryptographic Schemes Provably as Secure as Subset Sum. J. Cryptology 9(4), pages 199-216, 1996. Earlier version in FOCS ’89.
R. Impagliazzo and D. Zuckerman. How to Recycle Random Bits. In Proc. 30th FOCS, pages 248-253, 1989.
Y. Ishai and E. Kushilevitz. Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials. In Proc. 29th ICALP, pages 244-256, 2002.
Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai. Batch codes and their applications. In Proc. 36th STOC, pages 373-382, 2004.
Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai. Cryptography from Anonymity. In Proc. FOCS 2006.
A. Kiayias and M. Yung. Secure Games with Polynomial Expressions. In Proc. 28th ICALP, pages 939-950, 2001.
A. Kiayias and M. Yung. Cryptographic Hardness based on the Decoding of Reed-Solomon Codes with Applications. ECCC Technical Report #017, 2002.
J. Kilian. Founding cryptography on oblivious transfer. In Proc. 20th STOC, pages 20–31, 1988.
J. Kilian, E. Kushilevitz, S. Micali, and R. Ostrovsky: Reducibility and Completeness in Private Computations. SIAM J. Comput. 29(4): 1189-1208 (2000).
E. Kushilevitz and R. Ostrovsky. Replication is not needed: single database, computationally-private information retrieval. In Proc. 38th FOCS, pages 364-373, 1997.
H. Lipmaa. An Oblivious Transfer Protocol with Log-Squared Communication. In Proc. ISC 2005, pages Information Theory 39(3): 733-742, 1993.
[44] T. Moran and M. Naor. Basing cryptographic protocols on tamper-evident Seals. In Proc. of 32nd ICALP, pages
[45] M. Naor and B. Pinkas. Oblivious polynomial evaluation. SIAM J. Comput. 35(5), pages 1254-1281, 2006.
[46] N. Nisan and D. Zuckerman. Randomness is Linear in Space. J. Comput. Syst. Sci., Vol. 52(1), pages 43-52, 1996. Earlier version in STOC ’93.
[47] F. Parvaresh and A. Vardy. Correcting Errors Beyond the Guruswami-Sudan Radius in Polynomial Time. In Proc. 46th FOCS, pages, 285-294, 2005.
[48] A. Pfitzmann and M. Waidner. Networks without user observability – design options. In Proc. Eurocrypt ’85, pages 245-253, 1986. Revision in: Computers and Security 6/2 (1987) 158-166.
[49] B. Pfitzmann and M. Waidner. Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3. IBM Research Report RZ 2882 (#90830), IBM Research Division, Zurich, 1996.
[50] T. Rabin and M. Ben-Or. Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. In Proc. 21st STOC, pages 73–85, 1989.
Issues in Anonymity and Unobservability, LNCS 2009, pages 10-29, 2001.
[52] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for Web Transactions. ACM Trans. Inf. Syst. Secur., 1(1), pages 66-92, 1998.
[53] D. R. Simon. Anonymous Communication and Anonymous Cash. In Proc. CRYPTO 1996, pages 61-73.
[54] P. L. Vora. Information Theory and the Security of Binary Data Perturbation. In Proc. Indocrypt 2004, pages
[56] A. C. Yao. How to generate and exchange secrets. In Proc. 27th FOCS, pages 162–167, 1986. For instance, consider the following generalization of the simple key agreement protocol described in the Introduction. Instead of posting a single message on the bulletin board, each player posts m random and independent messages. (To prevent the adversary from linking different messages sent by the same player, the timing of the messages is randomly spread within some fixed time interval.) As a result, both players learn a random subset S ⊆ {1, 2,..., 2m} of size m, consisting of the positions of messages posted by A.