scispace - formally typeset
Search or ask a question
Author

Moni Naor

Other affiliations: IBM, Stanford University, University of California, Berkeley  ...read more
Bio: Moni Naor is an academic researcher from Weizmann Institute of Science. The author has contributed to research in topics: Encryption & Cryptography. The author has an hindex of 102, co-authored 338 publications receiving 47090 citations. Previous affiliations of Moni Naor include IBM & Stanford University.


Papers
More filters
Proceedings ArticleDOI
01 Sep 1991
TL;DR: The notion of program checking is extended to include programs that alter their environment, in particular, programs that store and retrieve data from memory, where n is the size of the structure.
Abstract: The notion of program checking is extended to include programs that alter their environment, in particular, programs that store and retrieve data from memory. The model considered allows the checker a small amount of reliable memory. The checker is presented with a sequence of requests (online) to a data structure which must reside in a large but unreliable memory. The data structure is viewed as being controlled by an adversary. The checker is to perform each operation in the input sequence using its reliable memory and the unreliable data structure so that any error in the operation of the structure will be detected by the checker with high probability. Checkers for various data structures are presented. Lower bounds of log n on the amount of reliable memory needed by these checkers, where n is the size of the structure, are proved. >

124 citations

Proceedings ArticleDOI
01 Jul 1996
TL;DR: This paper introduces digital signets, a new technique for protecting digital content from illegal redistribution and motivates the study of the previously unexamined class of incompressible functions, analysis of which adds a cryptographic twist to communication complexity.
Abstract: The problem of protecting digital content software, video, documents, music, etc. – from illegal redistribution by an authorized user, is the focus of considerable industrial and academic effort. In the absence of special-purpose tamperproof hardware, the problem has no cryptographically secure solution: once a legitimate user has purchased the cent ent, the user, by definition, has access to the material and can therefore capture it and redistribute it. A number of techniques have been suggested or are currently employed to make redistribution either inconvenient or traceable. In this paper we introduce digital signets, a new technique for protecting digital content from illegal redistribution. The work motivates the study of the previously unexamined class of incompressible functions, analysis of which adds a cryptographic twist to communication complexity.

122 citations

Proceedings ArticleDOI
20 Nov 1994
TL;DR: This work presents four novel constructions of quorum system, all featuring optimal or near optimal load, and high availability, and explains how these desirable properties of the constructions translate into improvements of any protocol using them.
Abstract: A quorum system is a collection of sets (quorums) every two of which have a nonempty intersection. Quorum systems have been used for a number of applications in the area of distributed systems. We investigate the load, capacity and availability of quorum systems. We present four novel constructions of quorum system, all featuring optimal or near optimal load, and high availability. These desirable properties of the constructions translate into improvements of any protocol using them: a low work load on the processors and a high resilience to processor failures. The best construction, based on paths in a grid, has a load of O(1//spl radic/n), and a failure probability of exp(-O(/spl radic/n)) when the elements fail with probability p >

117 citations

Proceedings ArticleDOI
21 Oct 2006
TL;DR: The study of compression that preserves the solution to an instance of a problem rather than preserving the instance itself is initiated, and a new classification of NP is given with respect to compression, which forms a stratification of NP that is called the VC hierarchy.
Abstract: We initiate the study of compression that preserves the solution to an instance of a problem rather than preserving the instance itself Our focus is on the compressibility of NP decision problems We consider NP problems that have long instances but relatively short witnesses The question is, can one efficiently compress an instance and store a shorter representation that maintains the information of whether the original input is in the language or not We want the length of the compressed instance to be polynomial in the length of the witness rather than the length of original input Such compression enables to succinctly store instances until a future setting will allow solving them, either via a technological or algorithmic breakthrough or simply until enough time has elapsed We give a new classification of NP with respect to compression This classification forms a stratification of NP that we call the VC hierarchy The hierarchy is based on a new type of reduction called W-reduction and there are compression-complete problems for each class Our motivation for studying this issue stems from the vast cryptographic implications compressibility has For example, we say that SAT is compressible if there exists a polynomial p(middot, middot) so that given a formula consisting of m clauses over n variables it is possible to come up with an equivalent (wrt satisfiability) formula of size at most p(n, log m) Then given a compression algorithm for SAT we provide a construction of collision resistant hash functions from any one-way function This task was shown to be impossible via black-box reductions (D Simon, 1998), and indeed the construction presented is inherently non-black-box Another application of SAT compressibility is a cryptanalytic result concerning the limitation of everlasting security in the bounded storage model when mixed with (time) complexity based cryptography In addition, we study an approach to constructing an oblivious transfer protocol from any one-way function This approach is based on compression for SAT that also has a property that we call witness retrievability However, we mange to prove severe limitations on the ability to achieve witness retrievable compression of SAT

115 citations

Book ChapterDOI
14 Aug 2005
TL;DR: The paradox, compressing an incompressible table, is resolved by embedding a time/space tradeoff into the process for constructing the table from its representation, and a compact representation for the table is designed.
Abstract: We investigate methods for providing easy-to-check proofs of computational effort. Originally intended for discouraging spam, the concept has wide applicability as a method for controlling denial of service attacks. Dwork, Goldberg, and Naor proposed a specific memory-bound function for this purpose and proved an asymptotically tight amortized lower bound on the number of memory accesses any polynomial time bounded adversary must make. Their function requires a large random table which, crucially, cannot be compressed. We answer an open question of Dwork et al. by designing a compact representation for the table. The paradox, compressing an incompressible table, is resolved by embedding a time/space tradeoff into the process for constructing the table from its representation.

112 citations


Cited by
More filters
Journal ArticleDOI

[...]

08 Dec 2001-BMJ
TL;DR: There is, I think, something ethereal about i —the square root of minus one, which seems an odd beast at that time—an intruder hovering on the edge of reality.
Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

33,785 citations

Book
01 Jan 1996
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

13,597 citations

Patent
30 Sep 2010
TL;DR: In this article, the authors proposed a secure content distribution method for a configurable general-purpose electronic commercial transaction/distribution control system, which includes a process for encapsulating digital information in one or more digital containers, a process of encrypting at least a portion of digital information, a protocol for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container, and a process that delivering one or multiple digital containers to a digital information user.
Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

7,643 citations

Proceedings ArticleDOI
22 Jan 2006
TL;DR: Some of the major results in random graphs and some of the more challenging open problems are reviewed, including those related to the WWW.
Abstract: We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

7,116 citations

Book ChapterDOI
19 Aug 2001
TL;DR: This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.
Abstract: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.

7,083 citations