scispace - formally typeset
Search or ask a question
Author

Moni Naor

Other affiliations: IBM, Stanford University, University of California, Berkeley  ...read more
Bio: Moni Naor is an academic researcher from Weizmann Institute of Science. The author has contributed to research in topics: Encryption & Cryptography. The author has an hindex of 102, co-authored 338 publications receiving 47090 citations. Previous affiliations of Moni Naor include IBM & Stanford University.


Papers
More filters
Journal ArticleDOI
TL;DR: A general lower bound on the amortized communication complexity of any function £f in terms of its communication complexity $C(f) is given: for every function $f$ the amortsize communication complexity is $\Omega \left (\sqrt{C( f) - \log n \right)$.
Abstract: In this work we study the direct-sum problem with respect to communication complexity: Consider a relation $f$ defined over $\{0,1\}^{n} \times \{0,1\}^{n}$. Can the communication complexity of simultaneously computing $f$ on $\cal l$ instances $(x_1,y_1),\ldots,(x_{\cal l},y_{\cal l})$ be smaller than the communication complexity of computing $f$ on the $\cal l$ instances, separately? Let the amortized communication complexity of $f$ be the communication complexity of simultaneously computing $f$ on $\cal l$ instances, divided by $\cal l$. We study the properties of the amortized communication complexity. We show that the amortized communication complexity of a relation can be smaller than its communication complexity. More precisely, we present a partial function whose (deterministic) communication complexity is $\Theta(\log n)$ and its amortized (deterministic) communication complexity is $O(1)$. Similarly, for randomized protocols, we present a function whose randomized communication complexity is $\Theta(\log n)$ and its amortized randomized communication complexity is $O(1)$. We also give a general lower bound on the amortized communication complexity of any function $f$ in terms of its communication complexity $C(f)$: for every function $f$ the amortized communication complexity of $f$ is $\Omega \left (\sqrt{C(f)} - \log n \right)$.

129 citations

Journal ArticleDOI
30 Oct 1989
TL;DR: The general form of the case for which the method of conditional probabilities can be applied in the parallel context is given and the reason why this form does not lend itself to parallelization is discussed.
Abstract: A method is provided for converting randomized parallel algorithms into deterministic parallel algorithms. The approach is based on a parallel implementation of the method of conditional probabilities. Results obtained by applying the method to the set balancing problem, lattice approximation, edge-coloring graphs, random sampling, and combinatorial constructions are presented. The general form in which the method of conditional probabilities is applied sequentially is described. The reason why this form does not lend itself to parallelization are discussed. The general form of the case for which the method of conditional probabilities can be applied in the parallel context is given. >

126 citations

Proceedings ArticleDOI
27 Oct 2008
TL;DR: A traitor tracing system where ciphertext size is "constant," namely independent of the number of users in the system and the collusion bound, based on recent constructions for fingerprinting codes.
Abstract: A traitor tracing system enables a publisher to trace a pirate decryption box to one of the secret keys used to create the box We present a traitor tracing system where ciphertext size is "constant," namely independent of the number of users in the system and the collusion bound A ciphertext in our system consists of only two elements where the length of each element depends only on the security parameter The down side is that private-key size is quadratic in the collusion bound Our construction is based on recent constructions for fingerprinting codes

125 citations

Journal ArticleDOI
TL;DR: Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture side-channel attacks as mentioned in this paper, such attacks exploit various forms of unintended i...
Abstract: Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture side-channel attacks. Such attacks exploit various forms of unintended i...

125 citations

01 Jan 2002
TL;DR: This model is surprisingly powerful: every function f can be securely computed in this fashion, and if the messages are required to be of polynomial size, then it exhibits an efficient protocol for any function f computable in nondeterministic logspace.
Abstract: We consider a minimal scenario for secure computation: Parties A and B have private inputs x and y and a shared random string r. A and B are each allowed to send a single message to a third party C, from which C is to learn the value of f(x, y) for some function f , but nothing else. We show that this model is surprisingly powerful: every function f can be securely computed in this fashion. If the messages are required to be of polynomial size, then we exhibit an efficient protocol for any function f computable in nondeterministic logspace. Using a computational notion of security, we exhibit efficient protocols for any polynomial-time computable function f , assuming the existence of one-way functions. The above results generalize to the case where there are more than two parties with private inputs. The minimalistic nature of our model makes it easy to transform positive results achieved in our model to other more general models of secure computation. It also gives hope for lowerbound proofs. We give an alternative characterization of our model in terms of graph embeddings, and use this to show that for most Boolean functions on {0, 1} × {0, 1}, the need to hide just one of the input bits from C requires a communication overhead of n bits.

124 citations


Cited by
More filters
Journal ArticleDOI

[...]

08 Dec 2001-BMJ
TL;DR: There is, I think, something ethereal about i —the square root of minus one, which seems an odd beast at that time—an intruder hovering on the edge of reality.
Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

33,785 citations

Book
01 Jan 1996
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

13,597 citations

Patent
30 Sep 2010
TL;DR: In this article, the authors proposed a secure content distribution method for a configurable general-purpose electronic commercial transaction/distribution control system, which includes a process for encapsulating digital information in one or more digital containers, a process of encrypting at least a portion of digital information, a protocol for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container, and a process that delivering one or multiple digital containers to a digital information user.
Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

7,643 citations

Proceedings ArticleDOI
22 Jan 2006
TL;DR: Some of the major results in random graphs and some of the more challenging open problems are reviewed, including those related to the WWW.
Abstract: We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

7,116 citations

Book ChapterDOI
19 Aug 2001
TL;DR: This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.
Abstract: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.

7,083 citations