How to Generate and Exchange Secrets (Extended Abstract)

Andrew Chi-chih Yao
DOI: https://doi.org/10.1109/sfcs.1986.25
1986-01-01
Abstract:In this paper we introduce a new tool for controlling the knowl­ edge transfer process in cryptographic protocol design. It is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature. -- -_.- Specifically, we show how two parties A and B can interactively generate a random integer N =p' q such that its secret, i.e., the prime factors (p, q), is hidden from either party individually but is recoverab~~ jointly if desired. This can be utilized to give a protocol for two parties with private values i and j to compute any polynomially computable functions f(i,j) and g(i,j) with minimal knowledge transfer and a strong fairness property. As a special case, A and B can exchange a pair of secrets SA, SB, e.g. the factorizatio~ of an integer and a Hamiltonian circuit in a graph, in such a way that SA becomes computable by Bwhen and only when SB becomes computable by A. All these results are proved assuming only that the problem of factoring large intergers is computationally intractable. Abstract
What problem does this paper attempt to address?