In cryptography, secure multi-party computation is a problem that was initially suggested by Andrew C. Yao in a 1982 paper. In that publication, the millionaire problem was introduced: Alice and Bob are two millionaires who want to find out who is richer without revealing the precise amount of their wealth. Yao proposed a solution allowing Alice and Bob to satisfy their curiosity while respecting the constraints.

PropertyValue
dbpprop:abstract
  • In cryptography, secure multi-party computation is a problem that was initially suggested by Andrew C. Yao in a 1982 paper. In that publication, the millionaire problem was introduced: Alice and Bob are two millionaires who want to find out who is richer without revealing the precise amount of their wealth. Yao proposed a solution allowing Alice and Bob to satisfy their curiosity while respecting the constraints. This problem and result gave way to a generalization called multi-party computation (MPC) protocols. In an MPC, a given number of participants p1, p2, ... , pN each have a private data, respectively d1, d2, ... , dN. The participants want to compute the value of a public function F on N variables at the point (d1, d2, ... , dN). An MPC protocol is dubbed secure if no participant can learn more from the description of the public function and the result of the global calculation than what he/she can learn from his/her own entry — under particular conditions depending on the model used. Like many cryptographic protocols, the security of an MPC protocol can rely on different assumptions: It can be computational (i.e. based on some mathematical problem, like factoring) or unconditional (usually with some probability of error which can be made arbitrarily small). The model in which the scheme is described might assume that participants use a synchronized network (a message sent at a "tick" always arrives at the next "tick"), that a secure and reliable broadcast channel exists, that a secure communication channel exists between every pair of participants (an adversary cannot read, modify or generate messages in the channel), etc. The centrally controlled adversary considered can be passive (only allowed to read the data of a certain number of participants) or active (can corrupt the execution protocol or a certain number of participants). An adversary can be static (chooses its victims before the start of the multi-party computation) or dynamic (can choose its victims during the course of execution of the multiparty computation). Attaining security against a dynamic adversary is often much harder than security against a static adversary. An adversary can be defined as a threshold structure (meaning that it can corrupt or simply read the memory of a number of participants up to some threshold), or be defined as a more complex structure (it can affect certain predefined subsets of participants, modeling different possible collusions). These structures are commonly referred to as adversary structures. The opposite set consisting of the sets of honest parties that can still execute a computational task is related to the concept of access structures. An important primitive in MPC is oblivious transfer. Unconditionally or information-theoretically secure MPC is closely related to the problem of secret sharing, and more specifically verifiable secret sharing (VSS); many secure MPC protocols that protect against active adversaries use VSS. Secure MPC provides solutions to various real-life problems such as distributed voting, private bidding and auctions, sharing of signature or decryption functions, private information retrieval, etc. The first large-scale and practical application of multiparty computation took place in Denmark in January 2008, as described by Bogetoft et al.
  • Das Millionärsproblem wurde 1982 von dem taiwanischen Informatiker Andrew Yao formuliert: Zwei Millionäre möchten wissen, wer reicher ist. Jedoch wollen sie nicht unbeabsichtigt irgendeine weitere Information über ihren gegenseitigen Reichtum herausfinden. Wie können sie ein solches Gespräch führen? Es legte den Grundstein zur Multiparty Computation, welche noch heute ein zentrales Forschungsgebiet der Kryptologie darstellt. Bei dem Problem geht es abstrakt darum, den Abgleich bzw. den Vergleich von Daten zwischen Systemen zu erledigen, ohne die Daten der jeweiligen Systeme offenzulegen. Dies kann zum Beispiel notwendig sein, wenn keine vertrauenswürdige Gegenstelle oder Verbindung garantiert werden kann.
  • В криптографии протокол конфиденциального вычисления (так же безопасное/защищенное/тайное многостороннее вычисление, англ. secure multi-party computation) - криптографический протокол позволяющий нескольким участникам произвести вычисление зависящее от тайных входных данных каждого из них, таким образом, чтобы ни один участник не смог получить никакой информации о чужих тайных входных данных. Впервые задача конфиденциального вычисления была поднята Эндрю Яо в 1982 году в статье . Два миллионера Алиса и Боб хотят выяснить, кто же из них богаче, прт этом они не хотят разглашать точную сумму своего благосостояния. Яо предложил в своей статье оригинальный способ решения этой задачи. Гораздо позже, в 2004 году Йехуда Линделл (Yehuda Lindell) и Бенни Пинкас (Benny Pinkas) предоставили математически строгое доказательство корректности протокола Яо в статье . Задача конфиденциального вычисления тесно связана с задачей разделения секрета.
  • 安全多方计算(Secure Multi-Party Computation)的研究主要是针对无可信第三方的情况下,如何安全地计算一个约定函数的问题. 安全多方计算在电子选举、电子投票、电子拍卖、秘密共享、门限签名等场景中有着重要的作用. 一个安全多方计算协议,如果对于拥有无限计算能力攻击者而言是安全的,则称作是信息论安全的或无条件安全的;如果对于拥有多项式计算能力的攻击者是安全的,则称为是密码学安全的或条件安全的。已有的结果证明了在无条件安全模型下,当且仅当恶意参与者的人数少于总人数的1/3时,安全的方案才存在。而在条件安全模型下,当且仅当恶意参与者的人数少于总人数的一半时,安全的方案才存在。 安全多方计算起源于1982年姚期智的百万富翁问题。后来Oded Goldreich有比较细致系统的论述。
dbpprop:hasPhotoCollection
dbpprop:reference
rdf:type
rdfs:comment
  • In cryptography, secure multi-party computation is a problem that was initially suggested by Andrew C. Yao in a 1982 paper. In that publication, the millionaire problem was introduced: Alice and Bob are two millionaires who want to find out who is richer without revealing the precise amount of their wealth. Yao proposed a solution allowing Alice and Bob to satisfy their curiosity while respecting the constraints.
  • Das Millionärsproblem wurde 1982 von dem taiwanischen Informatiker Andrew Yao formuliert: Zwei Millionäre möchten wissen, wer reicher ist. Jedoch wollen sie nicht unbeabsichtigt irgendeine weitere Information über ihren gegenseitigen Reichtum herausfinden. Wie können sie ein solches Gespräch führen? Es legte den Grundstein zur Multiparty Computation, welche noch heute ein zentrales Forschungsgebiet der Kryptologie darstellt. Bei dem Problem geht es abstrakt darum, den Abgleich bzw.
  • В криптографии протокол конфиденциального вычисления (так же безопасное/защищенное/тайное многостороннее вычисление, англ.
  • 安全多方计算(Secure Multi-Party Computation)的研究主要是针对无可信第三方的情况下,如何安全地计算一个约定函数的问题. 安全多方计算在电子选举、电子投票、电子拍卖、秘密共享、门限签名等场景中有着重要的作用.
rdfs:label
  • Secure multi-party computation
  • Yaos Millionärsproblem
  • Протокол конфиденциального вычисления
  • 安全多方计算
owl:sameAs
skos:subject
foaf:page
is dbpprop:redirect of
is owl:sameAs of