Semi-Homomorphic Encryption and Multiparty Computation

An additively-homomorphic encryption scheme enables us to compute linear functions of an encrypted input by manipulating only the ciphertexts. We define the relaxed notion of a semi-homomorphic encryption scheme, where the plaintext can be recovered as long as the computed function does not increase the size of the input "too much". We show that a number of existing cryptosystems are captured by our relaxed notion. In particular, we give examples of semi-homomorphic encryption schemes based on lattices, subset sum and factoring. We then demonstrate how semi-homomorphic encryption schemes allow us to construct an efficient multiparty computation protocol for arithmetic circuits, UC-secure against a dishonest majority. The protocol consists of a preprocessing phase and an online phase. Neither the inputs nor the function to be computed have to be known during preprocessing. Moreover, the online phase is extremely efficient as it requires no cryptographic operations: the parties only need to exchange additive shares and verify information theoretic MACs. Our contribution is therefore twofold: from a theoretical point of view, we can base multiparty computation on a variety of different assumptions, while on the practical side we offer a protocol with better efficiency than any previous solution.

[1]  Ivan Damgård,et al.  Threshold Decryption and Zero-Knowledge Proofs for Lattice-Based Cryptosystems , 2010, TCC.

[2]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 2004, Journal of Cryptology.

[3]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[4]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[5]  Ivan Damgård,et al.  Multiparty Computation for Dishonest Majority: from Passive to Active Security at Low Cost , 2010, IACR Cryptol. ePrint Arch..

[6]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[7]  Ivan Damgård,et al.  A correction to 'efficient and secure comparison for on-line auctions' , 2009, Int. J. Appl. Cryptogr..

[8]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[9]  Abraham D. Flaxman,et al.  Solving Medium-Density Subset Sum Problems in Expected Polynomial Time , 2005, STACS.

[10]  Craig Gentry,et al.  A Simple BGN-Type Cryptosystem from LWE , 2010, EUROCRYPT.

[11]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[12]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[13]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[14]  Vadim Lyubashevsky,et al.  The Parity Problem in the Presence of Noise, Decoding Random Linear Codes, and the Subset Sum Problem , 2005, APPROX-RANDOM.

[15]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[16]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[17]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[18]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[19]  Gil Segev,et al.  Public-Key Cryptographic Primitives Provably as Secure as Subset Sum , 2010, TCC.

[20]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[21]  Andrew Shallue,et al.  An Improved Multi-set Algorithm for the Dense Subset Sum Problem , 2008, ANTS.

[22]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[23]  Ivan Damgård,et al.  On the Amortized Complexity of Zero-Knowledge Protocols , 2009, CRYPTO.

[24]  Yuval Ishai,et al.  How Many Oblivious Transfers Are Needed for Secure Multiparty Computation? , 2007, CRYPTO.

[25]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[26]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[27]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[28]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[29]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[30]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[31]  Jeffrey C. Lagarias,et al.  Solving low density subset sum problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[32]  Alan M. Frieze,et al.  On the Lagarias-Odlyzko Algorithm for the Subset Sum Problem , 1986, SIAM J. Comput..