Computational Two-Party Correlation: A Dichotomy for Key-Agreement Protocols

Haitner, Iftach; Nissim, Kobbi; Omri, Eran; Shaltiel, Ronen; Silbak, Jad

doi:10.1109/focs.2018.00022

Cited by 8 publications

(4 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Goyal, Khurana, Mironov, Pandey, and Sahai [17] showed that the existence of an accurate enough CDP protocol for the XOR function implies the existence of an oblivious transfer protocol. Haitner, Nissim, Omri, Shaltiel, and Silbak [24] showed that any non-trivial ε-CDP two-party protocol for the XOR functionality, implies an (infinitely-often) key agreement protocol. Recently, Haitner, Mazor, Shaltiel, and Silbak [23] improved the results of [17,24], showing that any non-trivial CDP two-party protocol for XOR implies oblivious transfer.…”

Section: Additional Related Work On Computational Differential Privacymentioning

confidence: 99%

“…Haitner, Nissim, Omri, Shaltiel, and Silbak [24] showed that any non-trivial ε-CDP two-party protocol for the XOR functionality, implies an (infinitely-often) key agreement protocol. Recently, Haitner, Mazor, Shaltiel, and Silbak [23] improved the results of [17,24], showing that any non-trivial CDP two-party protocol for XOR implies oblivious transfer.…”

Section: Additional Related Work On Computational Differential Privacymentioning

confidence: 99%

“…In a two-party protocol Π with oracle access to a protocol Ψ, denoted Π Ψ , the parties make use of the next-message function of Ψ. 24 In a two-party protocol Π 24 The function that on a partial view of one of the parties, returns its next message.…”

Section: Two-party Protocolsmentioning

confidence: 99%

See 2 more Smart Citations

On the Complexity of Two-Party Differential Privacy

Haitner¹,

Mazor²,

Silbak³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

In distributed differential privacy, the parties perform analysis over their joint data while preserving the privacy for both datasets. Interestingly, for a few fundamental two-party functions such as inner product and Hamming distance, the accuracy of the distributed solution lags way behind what is achievable in the client-server setting. McGregor, Mironov, Pitassi, Reingold, Talwar, and Vadhan [FOCS '10] proved that this gap is inherent, showing upper bounds on the accuracy of (any) distributed solution for these functions. These limitations can be bypassed when settling for computational differential privacy, where the data is differentially private only in the eyes of a computationally bounded observer, using public-key cryptography primitives.We prove that the use of public-key cryptography is necessary for bypassing the limitation of McGregor et al., showing that a non-trivial solution for the inner-product, or the Hamming distance, implies the existence of a key-agreement protocol. Our bound implies a combinatorial proof for the fact that non-Boolean inner product of independent (strong) Santha-Vazirani sources is a good condenser. We obtain our main result by showing that the inner-product of a (single, strong) SV source with a uniformly random seed is a good condenser, even when the seed and source are dependent.

show abstract

Section: Additional Related Work On Computational Differential Privacymentioning

confidence: 99%

Section: Additional Related Work On Computational Differential Privacymentioning

confidence: 99%

See 1 more Smart Citation

On the Complexity of Two-Party Differential Privacy

Haitner¹,

Mazor²,

Silbak³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Related Works on Infinitely-Often Primitives. The work of [28] builds infinitely-often key agreement based on 2-party protocols which are correlated in a non trivial way. The work of [38] builds infinitely often one-way functions from the existence of a constant-round weak coin-flipping protocol.…”

Section: Parameters Definitionmentioning

confidence: 99%

Non-interactive Zero-Knowledge in Pairing-Free Groups from Weaker Assumptions

Couteau¹,

Katsumata²,

Ursu³

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We provide two new constructions of non-interactive zero-knowledge arguments (NIZKs) for NP from discrete-logarithm-style assumptions over cyclic groups, without relying on pairings. A previous construction from (Canetti et al., Eurocrypt'18) achieves such NIZKs under the assumption that no efficient adversary can break the key-dependent message (KDM) security of (additive) ElGamal with respect to all (even inefficient) functions over groups of size 2 λ , with probability better than poly(λ)/2 λ . This is an extremely strong, non-falsifiable assumption. In particular, even mild (polynomial) improvements over the current best known attacks on the discrete logarithm problem would already contradict this assumption. (Canetti et al. STOC'19) describe how to improve the assumption to rely only on KDM security with respect to efficient functions while additionally assuming public-key encryption schemes, therefore obtaining an assumption that is (in spirit) falsifiable. Our first construction improves this state of affairs. We provide a construction of NIZKs for NP under the CDH assumption together with the assumption that no efficient adversary can break the key-dependent message one-wayness of ElGamal with respect to efficient functions over groups of size 2 λ , with probability better than poly(λ)/2 cλ (denoted 2 −cλ -OW-KDM), for a constant c = 3/4. Unlike the previous assumption, our assumption leaves an exponential gap between the best known attack and the required security guarantee. Our second construction is interested in the case where CDH does not hold. Namely, as a second contribution, we construct an infinitely often NIZK argument system for NP (where soundness and zero-knowledge are only guaranteed to hold for infinitely many security parameters), under the assumption that CDH is easy together with the 2 −cλ -OW-KDM security of ElGamal with c = 28/29 + o(1) and the existence of low-depth pseudorandom generators (PRG). Combining our two results, we obtain a construction of (infinitely-often) NIZKs for NP under the 2 −cλ -OW-KDM security of ElGamal with c = 28/29 + o(1) and the existence of low-depth PRG, independently of whether CDH holds. To our knowledge, since neither OW-KDM security of ElGamal nor low-depth PRGs are known to imply public key encryption, this provides the first construction of NIZKs from concrete and falsifiable Minicrypt-style assumptions.

show abstract

Black-Box Use of One-Way Functions is Useless for Optimal Fair Coin-Tossing

Maji

Wang

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Computational Two-Party Correlation: A Dichotomy for Key-Agreement Protocols

Cited by 8 publications

References 34 publications

On the Complexity of Two-Party Differential Privacy

On the Complexity of Two-Party Differential Privacy

Non-interactive Zero-Knowledge in Pairing-Free Groups from Weaker Assumptions

Black-Box Use of One-Way Functions is Useless for Optimal Fair Coin-Tossing

Contact Info

Product

Resources

About