
Speaker Manoj Prabhakaran Affiliation University of Illinois Host Vinod Vaikuntanathan Duration 01:15:08 Date recorded 29 April 2011 Suppose that a receiver R wishes to publish an encryption of her secret input x so that every sender S, holding an input y, can reveal f(x,y) to R by sending her a single message. This should be done while simultaneously protecting the secrecy of y against a corrupted R and preventing a corrupted S from having an unfair influence on the output of R beyond what is allowed by f . When the parties are semihonest, practical solutions can be based on Yao’s garbled circuit technique. However, for the general problem when the parties, or even S alone, may be malicious, all known polynomialtime solutions are highly inefficient. This is due in part to the fact that known solutions make a nonblackbox use of cryptographic primitives, e.g., for providing noninteractive zero knowledge proofs of statements involving cryptographic computations on secrets. Motivated by the above question, we consider the problem of secure twoparty computation in a model that allows only parallel calls to an ideal oblivious transfer (OT) oracle with no additional interaction. We obtain the following results.
Combining the above results with 2message (parallel) OT protocols in the CRS model, we get the first solutions to the initial motivating question which only make a blackbox use of standard cryptographic primitives. Joint work with Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky and Amit Sahai.
©2011 Microsoft Corporation. All rights reserved.
