Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries

Lindell, Yehuda

doi:10.1007/s00145-015-9198-0

Cited by 74 publications

(113 citation statements)

References 27 publications

Supporting

Mentioning

111

Contrasting

Unclassified

Order By: Relevance

“…We do so by applying the cut-and-choose technique and exploiting the blinding properties of RSA. (We follow the blueprint of Lindell's recent work [33]. Roughly, a malicious party can only cheat if all of the "opened" values are correct and all of the "hidden" ones are incorrect.…”

Section: B Our (Stand-alone) Rsa-puzzle-solver Protocolmentioning

confidence: 99%

TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub

Heilman

Alshenibr²,

Baldimtsi

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

194

131

View full text Add to dashboard Cite

This paper presents TumbleBit, a new unidirectional unlinkable payment hub that is fully compatible with today's Bitcoin protocol. TumbleBit allows parties to make fast, anonymous, off-blockchain payments through an untrusted intermediary called the Tumbler. TumbleBit's anonymity properties are similar to classic Chaumian eCash: no one, not even the Tumbler, can link a payment from its payer to its payee. Every payment made via TumbleBit is backed by bitcoins, and comes with a guarantee that Tumbler can neither violate anonymity, nor steal bitcoins, nor "print money" by issuing payments to itself. We prove the security of TumbleBit using the real/ideal world paradigm and the random oracle model. Security follows from the standard RSA assumption and ECDSA unforgeability. We implement TumbleBit, mix payments from 800 users and show that TumbleBit's offblockchain payments can complete in seconds.

show abstract

Section: B Our (Stand-alone) Rsa-puzzle-solver Protocolmentioning

confidence: 99%

TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub

Heilman

Alshenibr²,

Baldimtsi

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

194

131

View full text Add to dashboard Cite

show abstract

“…Applications and practical instantiations of Yao's garbled circuits can be found in [13,29,32,56]. Much work has been going on recently related to optimizations and better security for garbled circuits that can be found in [22,33,34,48,49,[51][52][53]71].…”

Section: Related Workmentioning

confidence: 99%

My Genome Belongs to Me: Controlling Third Party Computation on Genomic Data

Deuber

Egger

Fech

et al. 2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

An individual’s genetic information is possibly the most valuable personal information. While knowledge of a person’s DNA sequence can facilitate the diagnosis of several heritable diseases and allow personalized treatment, its exposure comes with significant threats to the patient’s privacy. Currently known solutions for privacy-respecting computation require the owner of the DNA to either be heavily involved in the execution of a cryptographic protocol or to completely outsource the access control to a third party. This motivates the demand for cryptographic protocols which enable computation over encrypted genomic data while keeping the owner of the genome in full control. We envision a scenario where data owners can exercise arbitrary and dynamic access policies, depending on the intended use of the analysis results and on the credentials of who is conducting the analysis. At the same time, data owners are not required to maintain a local copy of their entire genetic data and do not need to exhaust their computational resources in an expensive cryptographic protocol. In this work, we present METIS, a system that assists the computation over encrypted data stored in the cloud while leaving the decision on admissible computations to the data owner. It is based on garbled circuits and supports any polynomially-computable function. A critical feature of our system is that the data owner is free from computational overload and her communication complexity is independent of the size of the input data and only linear in the size of the circuit’s output. We demonstrate the practicality of our approach with an implementation and an evaluation of several functions over real datasets.

show abstract

“…The technique of cut-and-choose has been regarded as a useful basic block to construct the two-party protocols against malicious adversaries, and formalized and proven secure by Lindell and Pinkas [24]. A number of cut-and-choose oblivious transfer protocols [25,26,23,16] have focused on reducing the concrete overhead of the cut-and-choose approach. Kolesnikov and Kumaresan [19] proposed an efficient cut-and-choose OT scheme and its variants with small concrete communication overhead in an OT-hybrid model.…”

Section: Other Related Workmentioning

confidence: 99%