Completeness theorems for non-cryptographic fault-tolerant distributed computation

@inproceedings{BenOr1988CompletenessTF,
  title={Completeness theorems for non-cryptographic fault-tolerant distributed computation},
  author={Michael Ben-Or and Shafi Goldwasser and Avi Wigderson},
  booktitle={Symposium on the Theory of Computing},
  year={1988}
}
Every function of <italic>n</italic> inputs can be efficiently computed by a complete network of <italic>n</italic> processors in such a way that:<list><item>If no faults occur, no set of size <italic>t</italic> < <italic>n</italic>/2 of players gets any additional information (other than the function value), </item><item>Even if Byzantine faults are allowed, no set of size <italic>t</italic> < <italic>n</italic>/3 can either disrupt the computation or get additional information. </item></list… 
View on ACM
dl.acm.org
2,402 Citations
Highly Influential Citations
200
Background Citations
808
Methods Citations
418
Results Citations
39

2,402 Citations

A zero-one law for Boolean privacy

An interesting “zero-one” law for private distributed computation of Boolean functions is derived, which implies that for Boolean functions, the strong and the weak notions of privacy are equivalent.

Communication complexity of secure computation (extended abstract)

This paper begins the investigation of the communication complexity of unconditionally secure multi-party computation, and its relation with various fault-tolerance models, and presents upper and lower bounds on communication, as well as tradeoffs among resources.

Communication preserving protocols for secure function evaluation

This work proposes a new methodology for designing secure protocols, utilizing the communication complexity tree (or branching program) representation of f, and exemplifies a protocol for the Millionaires problem, which is more efficient than previously known ones in either communication or computation.

Randomized View Reconciliation in Permissionless Distributed Systems

This paper proposes a novel view reconciliation protocol whose time complexity is only <inline-formula> <tex-math notation="LaTeX">$\Theta ({\ln N}/{\ln \ln N})$ </tex- maths> time complexity, and aggressively exploit randomization.

Simple and efficient asynchronous byzantine agreement with optimal resilience

This work presents a new ABA protocol which achieves a huge gain in communication complexity in comparison to the ABA of [5], while keeping all other properties in place.

(Server-Aided) Two-Party Multiplication of Encrypted Shares Using (k, n) Threshold Secret Sharing With N ≥ k Servers

Two-party computation allows two clients to jointly compute an arbitrary function of their inputs without revealing these inputs to each other by implementing a different functionality, where each share is first encrypted with a different random number before being sent to a server.

Mutual search

A search problem called “mutual search” where k agents, arbitrarily distributed over n sites, are required to locate one another by posing queries of the form “Anybody at site i?” is introduced.

Non-cryptographic fault-tolerant computing in constant number of rounds of interaction

Any function can be evaluated in a constant number of rounds, using messages of size proportional to the size of a constant-depth, unbounded-fanin circuit describing the function, and a means to simulate unbounded fanin multiplicative (or AND) gates using constant rounds is provided.

Brief announcement: breaking the O(nm) bit barrier, secure multiparty computation with a static adversary

A Nash equilibrium protocol is described that solves SMPC and requires each player to send Õ(⁄<i>n</i>+<i-m</i><i-mn</i>) messages and perform €(â‚n, m) computations to compute any function <i>f</i, where <i*m> is the size of a circuit to compute <i-i>.

Fault-tolerant computation in the full information model

It is proved for these protocols that for most functions, the influence of any t dishonest players on the outcome of the protocol is the minimum one possible (up to polylogarithmic factors).
...

References

SHOWING 1-10 OF 15 REFERENCES

How to share a secret

  • A. Shamir
  • Computer Science, Mathematics
    CACM
  • 1979
This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.

Polynomial algorithms for multiple processor agreement

It is proved that no matter what kind of information is exchanged, there is no way to reach agreement with fewer than t+1 rounds of exchange, where t is the upper bound on the number of faults.

Reaching Agreement in the Presence of Faults

It is shown that the problem is solvable for, and only for, n ≥ 3m + 1, where m is the number of faulty processors and n is the total number and this weaker assumption can be approximated in practice using cryptographic methods.

Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.

How to Generate and Exchange Secrets (Extended Abstract)

  • A. Yao
  • Computer Science, Mathematics
    FOCS
  • 1986
A new tool for controlling the knowledge transfer process in cryptographic protocol design is introduced and it is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature.

How to play ANY mental game

We present a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no

How to generate and exchange secrets

  • A. Yao
  • Computer Science, Mathematics
    27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
  • 1986
It is shown how two parties A and B can interactively generate a random integer N = p¿q such that its secret, i.e., the prime factors, is hidden from either party individually but is recoverable jointly if desired.

New Directions in Cryptography

This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

Error-Correcting Codes

Review of 'Error-Correcting Codes, 2nd edn.' (Peterson, W. W., and Weldon, E. J., Jr.; 1972)

  • J. Massey
  • Computer Science
    IEEE Trans. Inf. Theory
  • 1973