Content deleted Content added
BlauerBaum (talk | contribs) mNo edit summary |
Citation bot (talk | contribs) Alter: title, template type. Add: chapter-url, chapter. Removed or converted URL. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Abductive | #UCB_webform 591/3850 |
||
Line 6:
== History ==
Special purpose protocols for specific tasks started in the late 1970s.<ref>A. Shamir, R. Rivest, and L. Adleman, "Mental Poker", Technical Report LCS/TR-125, Massachusetts Institute of Technology, April 1979.</ref> Later, secure computation was formally introduced as [[secure two-party computation]] (2PC) in 1982 (for the so-called [[Yao's Millionaires' Problem|Millionaires' Problem]], a specific problem which is a Boolean predicate), and in generality (for any feasible computation) in 1986 by [[Andrew Yao]].<ref name="Yao">Andrew C. Yao, [http://www.cs.wisc.edu/areas/sec/yao1982-ocr.pdf Protocols for secure computations] (extended abstract)</ref><ref>Andrew Chi-Chih Yao:How to Generate and Exchange Secrets (Extended Abstract). FOCS 1986: 162-167 [https://ieeexplore.ieee.org/document/4568207]</ref> The area is also referred to as Secure Function Evaluation (SFE). The two party case was followed by a generalization to the multi-party by Oded Goldreich, Silvio Micali, and Avi Wigderson. The computation is based on secret sharing of all the inputs and zero-knowledge proofs for a potentially malicious case, where the majority of honest players in the malicious adversary case assure that bad behavior is detected and the computation continues with the dishonest person eliminated or his input revealed. This work suggested the very basic general scheme to be followed by essentially all future multi-party protocols for secure computing.<ref name="goldreich_87">Oded Goldreich, Silvio Micali, Avi Wigderson:How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. STOC 1987: 218-229 [http://dl.acm.org/citation.cfm?doid=28395.28420]</ref> This work introduced an approach, known as GMW paradigm, for compiling a multi-party computation protocol which is secure against semi-honest adversaries to a protocol that is secure against malicious adversaries. This work was followed by the first robust secure protocol which tolerates faulty behavior graciously without revealing anyone's output via a work which invented for this purpose the often used `share of shares idea'<ref>[[Zvi Galil]], Stuart Haber, Moti Yung: Cryptographic Computation: Secure Fault-Tolerant Protocols and the Public-Key Model. CRYPTO 1987: 135-155
[https://link.springer.com/chapter/10.1007%2F3-540-48184-2_10]</ref> and a protocol that allows one of the parties to hide its input unconditionally.<ref>[[David Chaum]], [[Ivan Damgård]], Jeroen van de Graaf: Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result. 87-119 [https://link.springer.com/chapter/10.1007%2F3-540-48184-2_7]</ref> The GMW paradigm was considered to be inefficient for years because of huge overheads that it brings to the base protocol. However, it is shown that it is possible to achieve efficient protocols,<ref name=":0">{{Cite
The next question to solve was the case of secure communication channels where the point-to-point communication is not available to the adversary; in this case it was shown that solutions can be achieved with up to 1/3 of the parties being misbehaving and malicious, and the solutions apply no cryptographic tools (since secure communication is available).<ref name="CCD">{{cite journal|author1=D. Chaum, C. Crepeau |author2=I. Damgard |name-list-style=amp |title=Multiparty unconditionally secure protocols|journal=Stoc 1988}}</ref><ref>Michael Ben-Or, Shafi Goldwasser, Avi Wigderson:
| |||