**
Cryptography with One−Way Communication
**

*
Sanjam Garg,
Yuval Ishai,
Eyal Kushilevitz,
Rafail Ostrovsky,
Amit Sahai
*

**
Abstract:
**

There is a large body of work on using noisy communication channels for realizing diffrent cryptographic tasks.
In particular, it is known that secure message transmission cn be achieved unconditionally using only * one−way*communication from the sender to the receiver. In contrast, known solutions for moregeneral secure computation tasks inherently require interaction, even when the entire input originates from the sender.

We initiate a general study of cryptographic protocols over noisy channels in a setting where only one party speaks. In this setting, we show that the landscape of what a channel is useful for is much richer. Concretely, we obtain the following results.

**
−Relationships Between Channels**. The binary erasure channel (BEC) and the binary symmetric channel (BSC), which are known to be securely reducible to each other in the interactive setting,turn out to be qualitatively diffrent in the setting of one−way communication.
In particular,a BEC cannot be implemented from BSC, and while the erasure probability of a BEC can be manipulated in both directions, the crossover probability of a BSC can only be manipulated in one direction.

**
−Zeros−Knowledge Proofs and Secure Computation of Deterministic Functions**. One−way communication over BEC is sufficient for securely realizing any deterministic(possibly reactive) functionality which takes its inputs from a sender and delivers its outputs to a receiver. This provides the first Truly non−interactive solutions to the problem of zero−knowledge proofs.

**
−Secure Computaion of Randomized Functions**.One−way communication over BEC or BSC *cannot*be used for realizing general randomized functionalities which take input from a sender and deliver output to a receiver.
On the other hand, one −way communication over other natural channels, such as bursty erasure channels, can be used to realize such functionalities. This type of protocols can be used for distributing certified ceryptographic keys without revealing the keys to the certification authority.

**comment:**
CRYOPTO 2015 PP:191−208

Fetch PDF file of the paper

Back to Publications List |