Cryptography Reference
In-Depth Information
We stress the general nature of these constructions and view them as plausibility results
asserting that a host of cryptographic problems are solvable, assuming the existence of
trapdoor permutations. As discussed in the case of zero-knowledge proofs, the value
of these general results is in allowing one to easily infer that the problem he/she faces
is solvable in principle (as typically it is easy to cast problems within this framework).
However, we do not recommend using (in practice) the solutions derived by these
general results; one should rather focus on the specifics of the problem at hand and
solve it using techniques and/or insights available from these general results.
12
Analogous plausibility results have been obtained in a variety of models. In particular,
we mention secure computations in the private-channels model [27, 51] and in the
presence of mobile adversaries [182].
B.3.3. Some Suggestions
B.3.3.1. Suggestions for Further Reading
A draft of a manuscript that is intended to cover this surveyed material is available
online from [98]. The draft provides an exposition of the basic definitions and results,
as well as detailed proofs for the latter. More refined discussions of definitional issues
can be found in [11, 12, 44, 45, 122, 165]; our advice is to start with [45].
B.3.3.2. Suggestions for Teaching
This area is very complex, and so we suggest that one merely present
sketches
of some
definitions and constructions. Specifically, we suggest picking one of the two settings
(i.e., computation with honest majority or two-party computation) and sketching the
definition and the construction. Our own choice would be the two-party case; alas, the
definition (allowing abort) is more complicated (but this is more than compensated for
by simpler notation and a simpler construction that relies on relatively fewer ideas). We
suggest emphasizing the definitional approach (i.e., “emulating a trusted party” as simu-
lation of any adversary operating in the real model by an ideal-model adversary) and pre-
senting the main ideas underlying the construction (while possibly skipping a few). We
believe that the draft available online from [98] provides sufficient details for all of these.
12
For example, although Threshold Cryptography (cf., [62, 87]) is merely a special case of multi-party com-
putation, it is indeed beneficial to focus on its specifics.
