One-Round Secure Computation and Secure Autonomous Mobile Agents

Extended Abstract
  • Christian Cachin
  • Jan Camenisch
  • Joe Kilian
  • Joy Müller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1853)


This paper investigates one-round secure computation between two distrusting parties: Alice and Bob each have private inputs to a common function, but only Alice, acting as the receiver, is to learn the output; the protocol is limited to one message from Alice to Bob followed by one message from Bob to Alice. A model in which Bob may be computationally unbounded is investigated, which corresponds to informationtheoretic security for Alice. It is shown that
  1. 1.

    for honest-but-curious behavior and unbounded Bob, any function computable by a polynomial-size circuit can be computed securely assuming the hardness of the decisional Diffie-Hellman problem;

  2. 2.

    for malicious behavior by both (bounded) parties, any function computable by a polynomial-size circuit can be computed securely, in a public-key framework, assuming the hardness of the decisional Diffie-Hellman problem.


The results are applied to secure autonomous mobile agents, which migrate between several distrusting hosts before returning to their originator. A scheme is presented for protecting the agent’s secrets such that only the originator learns the output of the computation.


Secure Computation Encrypt Data Homomorphic Encryption Oblivious Transfer Malicious Behavior 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Abadi and J. Feigenbaum, “Secure circuit evaluation: A protocol based on hiding information from an oracle,” Journal of Cryptology, vol. 2, pp. 1–12, 1990.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    M. Abadi, J. Feigenbaum, and J. Kilian, “On hiding information from an oracle,” Journal of Computer and System Sciences, vol. 39, pp. 21–50, 1989.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    D. Beaver, “Foundations of secure interactive computing,” in Proc. CRYPTO’ 91 (J. Feigenbaum, ed.), LNCS 576, 1992.Google Scholar
  4. 4.
    M. Bellare and S. Micali, “Non-interactive oblivious transfer and applications,” in Proc. CRYPTO’ 89 (G. Brassard, ed.), LNCS435, pp. 547–557, 1990.CrossRefGoogle Scholar
  5. 5.
    M. Ben-Or, S. Goldwasser, and A. Wigderson, “Completeness theorems for non-cryptographic fault-tolerant distributed computation,” in Proc. 20th STOC, pp. 1–10, 1988.Google Scholar
  6. 6.
    M. Blum, P. Feldman, and S. Micali, “Non-interactive zero-knowledge proof systems and its applications,” in Proc. 20th STOC, pp. 103–112, 1988.Google Scholar
  7. 7.
    D. Boneh and R. J. Lipton, “Searching for elements in black box fields and applications,” in Proc. CRYPTO’ 96, LNCS 1109, 1996.Google Scholar
  8. 8.
    G. Brassard, C. Crépeau, and J.-M. Robert, “Information theoretic reductions among disclosure problems,” in Proc. 27th FOCS, 1986.Google Scholar
  9. 9.
    R. Canetti, “Security and composition of multi-party cryptographic protocols,” Journal of Cryptology, vol. 13, no. 1, pp. 143–202, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    R. Canetti, O. Goldreich, S. Goldwasser, and S. Micali, “Resettable zero-knowledge,” in Proc. 32nd STOC, 2000.Google Scholar
  11. 11.
    D. Chaum, I. Damgård, and J. van deGraaf, “Multiparty computations ensuring privacy of each party’s input and correctness of the result,” in Proc. CRYPTO’ 87 (C. Pomerance, ed.), LNCS 293, 1988.Google Scholar
  12. 12.
    R. Cramer, I. Damgård, and B. Schoemakers, “Proofs of partial knowledge and simplified design of witness hiding protocols,” in Proc. CRYPTO’ 94 (Y. G. Desmedt, ed.), LNCS 839, 1994.Google Scholar
  13. 13.
    U. Feige, J. Kilian, and M. Naor, “A minimal model for secure computation (extended abstract),” in Proc. 26th STOC, pp. 554–563, 1994.Google Scholar
  14. 14.
    U. Feige, D. Lapidot, and A. Shamir, “Multiple noninteractive zero knowledge proofs under general assumptions,” SI AM Journal on Computing, vol. 29, no. 1, pp. 1–28, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    J. Feigenbaum and M. Merritt, “Open questions, talk abstracts, and summary of discussions,” in Distributed Computing and Cryptography, AMS, 1991.Google Scholar
  16. 16.
    O. Goldreich, S. Goldwasser, and S. Micali, “How to construct random functions,” Journal of the ACM, vol. 33, pp. 792–807, Oct. 1986.Google Scholar
  17. 17.
    O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game or a completeness theorem for protocols with honest majority,” in Proc. 19th STOC, pp. 218–229, 1987.Google Scholar
  18. 18.
    S. Micali and P. Rogaway, “Secure computation,” in Proc. CRYPTO’ 91 (J. Feigenbaum, ed.), LNCS 576, pp. 392–404, 1992.Google Scholar
  19. 19.
    M. Naor and O. Reingold, “Number-theoretic constructions of efficient pseudorandom functions,” in Proc. 38th FOCS, 1997.Google Scholar
  20. 20.
    R. Ostrovsky, R. Venkatesan, and M. Yung, “Fair games against an all-powerful adversary,” in Advances in Computational Complexity Theory, AMS, 1993.Google Scholar
  21. 21.
    C. Rackoff and D. R. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack,” in Proc. CRYPTO’ 91 (J. Feigenbaum, ed.), LNCS 576, pp. 433–444, 1992.Google Scholar
  22. 22.
    R. L. Rivest, L. Adleman, and M. L. Dertouzos, “On data banks and privacy homomorphisms,” in Foundations of Secure Computation (R. A. DeMillo, D. P. Dobkin, A. K. Jones, and R. J. Lipton, eds.), pp. 169–177, Academic Press, 1978.Google Scholar
  23. 23.
    P. Rogaway, The Round Complexity of Secure Protocols. PhD thesis, MIT, 1991.Google Scholar
  24. 24.
    T. Sander and C. F. Tschudin, “Protecting mobile agents against malicious hosts,” in Mobile Agents and Security (G. Vigna, ed.), LNCS 1419, 1998.CrossRefGoogle Scholar
  25. 25.
    T. Sander, A. Young, and M. Yung, “Non-interactive CryptoComputing for NC1,” in Proc. 40th FOCS, 1999.Google Scholar
  26. 26.
    A. C. Yao, “How to generate and exchange secrets,” in Proc. 27th FOCS, pp. 162–167, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Christian Cachin
    • 1
  • Jan Camenisch
    • 1
  • Joe Kilian
    • 2
  • Joy Müller
    • 1
  1. 1.IBM Zurich Research LaboratoryRüschlikonSwitzerland
  2. 2.NEC Research InstitutePrincetonUSA

Personalised recommendations