# [Busec] BUsec today: Omer Paneth (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Wed Feb 12 06:35:39 EST 2014

At seminar today, Omer Paneth will talk about his new STOC paper on
extractable one-way functions (Wed 10am).  This is a preview of talk he
will be giving at NYC Crypto Day.

The following week, we have a talk by Gilad Asherov about fairness in
two-party computation; Gilad's seminar will start a bit earlier than usual
(9:30am Wed).

Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec
How to get to BU from MIT: The CT2 bus or MIT's "Boston Daytime Shuttle"
http://web.mit.edu/facilities/transportation/shuttles/daytime_boston.html

**********

***********
On the Existence of Extractable One-Way Functions
Omer Paneth, BU.
Wed, February 12, 10am - 11am
MCS137

A function f is extractable if it is possible to algorithmically "extract,"
from any adversarial program that outputs a value y in the image of f, a
preimage of y. When combined with hardness properties such as one-wayness
or collision-resistance, extractability has proven to be a powerful tool.
However, so far, extractability has not been explicitly shown. Instead, it
has only been considered as a non-standard knowledge assumption on certain
functions. We make two headways in the study of the existence of
extractable one-way functions (EOWFs). On the negative side, we show that
if there exist indistinguishability obfuscators for a certain class of
circuits then there do not exist EOWFs where extraction works for any
adversarial program with auxiliary-input of unbounded polynomial length. On
the positive side, for programs with bounded auxiliary-input (and unbounded
polynomial running time), we give the first construction of EOWFs with an
explicit extraction procedure, based on relatively standard assumptions
(e.g., sub-exponential hardness of Learning with Errors). We then use these
functions to construct the first 2-message zero-knowledge arguments and
3-message zero-knowledge arguments of knowledge, against the same class of
adversarial verifiers, from essentially the same assumptions.

Joint work with Nir Bitansky, Ran Canetti and Alon Rosen.

****

Towards Characterizing Complete Fairness in Secure Two-Party Computation.
Gilad Asharov. Bar Ilan University.
Wed, February 19, 9:30am - 11:00am
MCS137

The well known impossibility result of Cleve (STOC 1986) implies that in
general it is impossible to securely compute a function with complete
fairness without an honest majority. Since then, the accepted belief has
been that nothing non-trivial can be computed with complete fairness in the
two party setting. The surprising work of Gordon, Hazay, Katz and Lindell
(STOC 2008) shows that this belief is false, and that there exist some
non-trivial (deterministic, finite-domain) boolean functions that can be
computed fairly. This raises the fundamental question of characterizing
complete fairness in secure two-party computation.

In this work we show that not only that some or few functions can be
computed fairly, but rather an enormous amount of functions can be computed
with complete fairness. In fact, almost all boolean functions with distinct
domain sizes can be computed with complete fairness (for instance, more
than $99.999\%$ of the boolean functions with domain sizes $31 \times 30$).
The class of functions that is shown to be possible includes also rather
involved and highly non-trivial tasks, such as set-membership, evaluation
of a private (Boolean) function and private matchmaking. In addition, we
demonstrate that fairness is not restricted to the class of symmetric
boolean functions where both parties get the same output, which is the only
known feasibility result. Specifically, we show that fairness is also
possible for asymmetric boolean functions where the output of the parties
is not necessarily the same. Moreover, we consider the class of functions
with non-binary output, and show that fairness is possible for any finite
range.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20140212/5d2c3d33/attachment.html>