翻訳と辞書
Words near each other
・ Obomkpa
・ Obong Okon Ita
・ Oblivion law
・ Oblivion moss
・ Oblivion Records
・ Oblivion Train
・ Oblivion with Bells
・ Oblivion, Nebraska
・ Oblivion, Nebraska (film)
・ Oblivion, POV & Some Trivia
・ Oblivious
・ Oblivious (Aztec Camera song)
・ Oblivious (film)
・ Oblivious (song)
・ Oblivious (U.S. game show)
Oblivious transfer
・ Oblivsky
・ Oblivsky District
・ Obliwice
・ Obliwice railway station
・ Oblix
・ Oblička Sena
・ Obliźniak
・ Obljaj
・ Oblo Brdo
・ Oblo language
・ Oblog
・ Obloke
・ Oblomov
・ Oblon


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

Oblivious transfer : ウィキペディア英語版
Oblivious transfer
In cryptography, an oblivious transfer protocol (often abbreviated OT) is a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred.
The first form of oblivious transfer was introduced in 1981 by Michael O. Rabin. In this form, the sender sends a message to the receiver with probability 1/2, while the sender remains oblivious as to whether or not the receiver received the message. Rabin's oblivious transfer scheme is based on the RSA cryptosystem. A more useful form of oblivious transfer called 1-2 oblivious transfer or "1 out of 2 oblivious transfer," was developed later by Shimon Even, Oded Goldreich, and Abraham Lempel, in order to build protocols for secure multiparty computation. It is generalized to "1 out of n oblivious transfer" where the user gets exactly one database element without the server getting to know which element was queried, and without the user knowing anything about the other elements that were not retrieved. The latter notion of oblivious transfer is a strengthening of private information retrieval, in which the database is not kept private.
Claude Crépeau showed that Rabin's oblivious transfer is equivalent to 1-2 oblivious transfer.
Further work has revealed oblivious transfer to be a fundamental and important problem in cryptography. It is considered one of the critical problems in the field, because of the importance of the applications that can be built based on it. In particular, it is complete for secure multiparty computation: that is, given an implementation of oblivious transfer it is possible
to securely evaluate any polynomial time computable function without any additional primitive.
==Rabin's oblivious transfer protocol==

In Rabin's oblivious transfer protocol, the sender generates an RSA public modulus ''N''=''pq'' where ''p'' and ''q'' are large prime numbers, and an exponent ''e'' relatively prime to (''p''-1)(''q''-1). The sender encrypts the message ''m'' as ''m''''e'' mod ''N''.
# The sender sends ''N'', ''e'', and ''m''''e'' mod ''N'' to the receiver.
# The receiver picks a random ''x'' modulo ''N'' and sends ''x''2 mod ''N'' to the sender. Note that gcd(''x,N'')=1 with overwhelming probability, which ensures that there are 4 square roots of ''x''2 mod ''N''.
# The sender finds a square root ''y'' of ''x''2 mod ''N'' and sends ''y'' to the receiver.
If the receiver finds ''y'' is neither ''x'' nor -''x'' modulo ''N'', the receiver will be able to factor ''N'' and therefore decrypt ''m''''e'' to recover ''m'' (see Rabin encryption for more details). However, if ''y'' is ''x'' or -''x'' mod ''N'', the receiver will have no information about ''m'' beyond the encryption of it. Since every quadratic residue modulo ''N'' has four square roots, the probability that the receiver learns ''m'' is 1/2.

抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「Oblivious transfer」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.