#### Filter Results:

- Full text PDF available (52)

#### Publication Year

2000

2017

- This year (1)
- Last 5 years (21)
- Last 10 years (40)

#### Publication Type

#### Co-author

#### Journals and Conferences

Learn More

- Thomas Holenstein, Robin KÃ¼nzler, Stefano Tessaro
- STOC
- 2011

We consider the cryptographic problem of constructing an invertible random permutation from a public random function (i.e., which can be accessed by the adversary). This goal is formalized by the notion of indifferentiability of Maurer et al. (TCC 2004). This is the natural extension to the public setting of the well-studied problem of building randomâ€¦ (More)

Consider a game where a referee chooses (x,y) according to a publicly known distribution, sends x to Alice, and y to Bob. Without communicating with each other, Alice responds with a value a and Bob responds with a value b. Alice and Bob jointly win if a publicly known predicate Q(x,y,a,b) is satisfied. Assume that the maximum probability that Alice and Bobâ€¦ (More)

- Thomas Holenstein
- STOC
- 2004

Assume that Alice and Bob, given an authentic channel, have a protocol where they end up with a bit S<inf>A</inf> and S<inf>B</inf>, respectively, such that with probability 1+ε/2 these bits are equal. Further assume that conditioned on the event S<inf>A</inf> =n S<inf>B</inf> no polynomial time bounded algorithm can predict the bit better than withâ€¦ (More)

- Thomas Holenstein
- Theory of Computing
- 2007

Consider a game where a refereed chooses (x,y) according to a publiclyknown distribution P<sub>X</sub>Y, sends x to Alice, and y to Bob. Withoutcommunicating with each other, Alice responds with a value "a" and Bobresponds with a value "b". Alice and Bob jointly win if a publiclyknown predicate Q(x,y,a,b) holds. Let such a game be given and assume that theâ€¦ (More)

- Iftach Haitner, Thomas Holenstein
- IACR Cryptology ePrint Archive
- 2008

We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results that hold both in the private and in the public key settings: â€“ Let H be the family of poly(n)-wise independent hash-functions. There exists no fully-black-boxâ€¦ (More)

- Thomas Holenstein
- TCC
- 2006

In a seminal paper, HÌŠastad, Impagliazzo, Levin, and Luby showed that pseudorandom generators exist if and only if one-way functions exist. The construction they propose to obtain a pseudorandom generator from an n-bit one-way function uses O(n) random bits in the input (which is the most important complexity measure of such a construction). In this work weâ€¦ (More)

It is well-known that <i>n</i> players, connected only by pairwise secure channels, can achieve Byzantine agreement only if the number <i>t</i> of cheaters satisfies <i>t</i> < <i>n</i>/3, even with respect to computational security. However, for many applications it is sufficient to achieve <i>detectable broadcast.</i> With this primitive, broadcast isâ€¦ (More)

- Thomas Holenstein, Renato Renner
- CRYPTO
- 2005

Secret-key agreement between two parties Alice and Bob, connected by an insecure channel, can be realized in an informationtheoretic sense if the parties share many independent pairs of correlated and partially secure bits. We study the special case where only one-way communication from Alice to Bob is allowed and where, for each of the bit pairs, with aâ€¦ (More)

- Thomas Holenstein, Renato Renner
- IEEE Transactions on Information Theory
- 2011

Smooth entropies characterize basic information-theoretic properties of random variables, such as the number of bits required to store them or the amount of uniform randomness that can be extracted from them (possibly with respect to side information). In this paper, explicit and almost tight bounds on the smooth entropies of n-fold product distributions,â€¦ (More)

- Liad Blumrosen, Thomas Holenstein
- EC
- 2008

The design of optimal auctions focuses on ways to negotiate with the bidders for eliciting relevant information that they hold. Sometimes, however, decisions should be made very quickly, and the auctioneer cannot allow a costly iterative procedure of negotiation or waiting for bidders to determine their exact valuation. One solution that has been used inâ€¦ (More)