Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [multiparty-computation]

Multi-party computation (MPC) allows a set of parties, each with a private input, to securely and jointly perform any computation over their inputs.

Multi-party computation (MPC) allows a set of parties, each with a private input, to securely and jointly perform any computation over their inputs. Secure multi-party computation — also known as *"secure computation or "multi-party computation (MPC)" — is a subfield of cryptography. The goal of this field is to create methods that enable parties to jointly compute a function over their inputs, while at the same time keeping these inputs private.

556 questions
22
votes
1 answer

What are the roles of the simulator in simulation based proofs

I'm trying to better understand simulation based proofs in the UC model - but the guidelines to construct a simulator confuse me. To my understanding, the simulator is activated in two ways: Outbound: S simulates the real world adv. A and as such,…
Indcca
  • 221
  • 1
  • 3
21
votes
3 answers

Why can't the commitment schemes have both information theoretic hiding and binding properties?

The commitment schemes like Pedersen's or Hash based, either have information theoretic hiding and computational binding or computational hiding and information theoretic binding. So can we ever get both information theoretic hiding and binding? Is…
7sujit
  • 583
  • 4
  • 9
18
votes
2 answers

Why use a 1-2 Oblivious Transfer instead of a 1 out of n Oblivious Transfer?

When initiating an oblivious transfer, why would someone use a 1-2 oblivious transfer rather than going for an 1 out of n oblivious transfer? Perhaps a slight time overhead for the extra message encrypts, but with everything as fast as it is these…
Jeremy L
  • 283
  • 1
  • 6
17
votes
1 answer

Salary Negotiation Problem

Imagine Alice is applying for a new job. Alice has an idea of the minimum salary that she is willing to accept—let's call this value A. Bob, the hiring manager for a company that Alice is applying to, also has a number in mind: the maximum…
Robert Quattlebaum
  • 534
  • 3
  • 9
15
votes
4 answers

Why is Shamir Secret Sharing not secure against active adversaries out-of-the-box?

This linear secret sharing scheme allows us to share a secret between n parties, such that only an honest majority can reconstruct it. I understand that – because I do not allow the user to certify the authenticity of the shares nor the value they…
DaWNFoRCe
  • 892
  • 7
  • 17
13
votes
2 answers

Secure degree reduction for Shamir's secret sharing

I understand the basic Shamir Secret Sharing protocol, and when two shares are multiplied, the degree of the polynomial increases. I've seen in a number of papers a reference to a degree reduction protocol that can be performed to securely reduce…
user3225551
  • 153
  • 4
12
votes
3 answers

Examples of protocols that are insecure when run concurrently

I was reading Canetti00 Universally Composable security paper. The first page of introduction says that there are some MPC protocols and Zero knowledge protocols that are insecure under concurrent composition. I don't see why protocols might break…
satya
  • 1,484
  • 10
  • 32
12
votes
2 answers

How can we distribute Shamir's secret sharing scheme shares without a dealer?

Let's say $k$ users have shares to a $(k,n)$ secret sharing scheme, and they want to issue new shares. How can they do this without collecting the shares together? In particular, no set of $k-1$ users (including the new users) should be able to…
Christopher King
  • 839
  • 5
  • 20
12
votes
2 answers

What does "circuits" mean in Cryptography?

I am not a hardcore cryptographer so this might be a really stupid question. I am looking through some papers in homomorphic encryption and discovered they describe computation as "circuits", why do they use this particular term? Isn't algorithm a…
Boyu Fang
  • 457
  • 1
  • 5
  • 13
11
votes
2 answers

Real world use cases of Multi-Party Computation

Most of the research papers give imaginary applications of multi-party computation. Either they talk about Yao's millionares' problem or two or more corporates willing to compute some intrustion detection stuff collectively on their private data…
sashank
  • 6,234
  • 4
  • 36
  • 68
11
votes
0 answers

Share Conversion between Different Finite Fields

Let us have any linear secret sharing scheme (LSSS) that works on some field $Z_{p}$, where p is some prime or a power of a prime e.g., Shamir Secret Sharing, Additive secret Sharing. The problem at hand is simple, for any secret shared value in…
DaWNFoRCe
  • 892
  • 7
  • 17
11
votes
2 answers

Shared secret: Generating Random Permutation

-- or: How to Play Poker Without a Dealer I know this question is long but it's a really interesting theoretical problem about shared secrets and multi-party computation. General Problem: "Shared Random Generation" Consider the following scenario:…
leemes
  • 213
  • 1
  • 7
9
votes
5 answers

Is it possible to find the product of two numbers without knowing the two numbers?

I'm doing a thought experiment: Alice chooses a number $a$ and Bob $b$. They send $A(a)$ and $B(b)$ to Charlie. He performs $C(A(a), B(b))$ and gets $ab$. Do there exist not easily reversible functions $A, B, C$ for which the above is true? I'm a…
Dominik Teiml
  • 191
  • 3
9
votes
4 answers

What math makes it safe to offer a stolen-password check service?

The database provider HIBP has 4 billion stolen passwords, and wishes to offer an API for websites to use during new-user signup (and password change) operations, so they can refuse to allow users to select a password that is known to have already…
Anon Coward
  • 63
  • 5
9
votes
1 answer

What are the ways to generate Beaver triples for multiplication gate?

So to speed up the function evaluation we use beaver trick, to generate raw data in the offline phase and use them in the online phase to get the output share for the multiplication gate. So what are the methods to generate these raw data i.e.…
7sujit
  • 583
  • 4
  • 9
1
2 3
36 37