Efficient Cryptographic Protocol Design Based on Distributed El Gamal Encryption

We propose a set of primitives based on El Gamal encryption that can be used to construct efficient multiparty computation protocols for certain low-complexity functions. In particular, we show how to privately count the number of true Boolean disjunctions of literals and pairwise exclusive disjunctions of literals. Applications include efficient two-party protocols for computing the Hamming distance of two bitstrings and the greater-than function. The resulting protocols only require 6 rounds of interaction (in the random oracle model) and their communication complexity is O(kQ) where k is the length of bit-strings and Q is a security parameter. The protocols are secure against active adversaries but do not provide fairness. Security relies on the decisional Diffie-Hellman assumption and error probability is negligible in Q.

[1]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[2]  Moni Naor,et al.  Communication preserving protocols for secure function evaluation , 2001, STOC '01.

[3]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[4]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[5]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[6]  Juan A. Garay,et al.  Efficient and Secure Multi-Party Computation with Faulty Majority and Complete Fairness , 2004, IACR Cryptol. ePrint Arch..

[7]  Jacques Traoré,et al.  A fair and efficient solution to the socialist millionaires' problem , 2001, Discret. Appl. Math..

[8]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[9]  Feng Hao,et al.  A 2-Round Anonymous Veto Protocol , 2009, Security Protocols Workshop.

[10]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[11]  Hugo Krawczyk,et al.  Secure Applications of Pedersen's Distributed Key Generation Protocol , 2003, CT-RSA.

[12]  Benny Pinkas,et al.  Secure Computation of the k th-Ranked Element , 2004, EUROCRYPT.

[13]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[14]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[15]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[16]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[17]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[18]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[19]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[20]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[21]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[22]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[23]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[24]  Kaoru Kurosawa,et al.  Bit-Slice Auction Circuit , 2002, ESORICS.

[25]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[26]  Ananth Grama,et al.  An efficient protocol for Yao's millionaires' problem , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[27]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[28]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[29]  Pim Tuyls,et al.  Practical Two-Party Computation Based on the Conditional Gate , 2004, ASIACRYPT.

[30]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[31]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[32]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[33]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[34]  Marc Fischlin,et al.  A Cost-Effective Pay-Per-Multiplication Comparison Method for Millionaires , 2001, CT-RSA.

[35]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[36]  Wen-Guey Tzeng,et al.  An Efficient Solution to the Millionaires' Problem Based on Homomorphic Encryption , 2005, ACNS.

[37]  Byoungcheon Lee,et al.  An Efficient and Verifiable Solution to the Millionaire Problem , 2004, ICISC.

[38]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.

[39]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[40]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[41]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[42]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[43]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[44]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.