The Rise of Paillier: Homomorphic Secret Sharing and Public-Key Silent OT

We describe a simple method for solving the distributed discrete logarithm problem in Paillier groups, allowing two parties to locally convert multiplicative shares of a secret (in the exponent) into additive shares. Our algorithm is perfectly correct, unlike previous methods with an inverse polynomial error probability. We obtain the following applications and further results. – Homomorphic secret sharing. We construct homomorphic secret sharing for branching programs with negligible correctness error and supporting exponentially large plaintexts, with security based on the decisional composite residuosity (DCR) assumption. – Correlated pseudorandomness. Pseudorandom correlation functions (PCFs), recently introduced by Boyle et al. (FOCS 2020), allow two parties to obtain a practically unbounded quantity of correlated randomness, given a pair of short, correlated keys. We construct PCFs for the oblivious transfer (OT) and vector oblivious linear evaluation (VOLE) correlations, based on the quadratic residuosity (QR) or DCR assumptions, respectively. We also construct a pseudorandom correlation generator (for producing a bounded number of samples, all at once) for general degree-2 correlations including OLE, based on a combination of (DCR or QR) and the learning parity with noise assumptions. – Public-key silent OT/VOLE. We upgrade our PCF constructions to have a public-key setup, where after independently posting a public key, each party can locally derive its PCF key. This allows completely silent generation of an arbitrary amount of OTs or VOLEs, without any interaction beyond a PKI, based on QR, DCR, a CRS and a random oracle. The public-key setup is based on a novel non-interactive vector OLE protocol, which can be seen as a variant of the Bellare-Micali oblivious transfer protocol.

[1]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[2]  Itai Dinur,et al.  An Optimal Distributed Discrete Log Protocol with Applications to Homomorphic Secret Sharing , 2018, Journal of Cryptology.

[3]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[4]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[5]  Rosario Gennaro,et al.  Homomorphic Secret Sharing from Paillier Encryption , 2017, ProvSec.

[6]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[7]  Yuval Ishai,et al.  Foundations of Homomorphic Secret Sharing , 2018, ITCS.

[8]  Frank Wang,et al.  Splinter: Practical Private Queries on Public Data , 2017, NSDI.

[9]  Yuval Ishai,et al.  Two-Round MPC: Information-Theoretic and Black-Box , 2018, IACR Cryptol. ePrint Arch..

[10]  Elette Boyle,et al.  Homomorphic Secret Sharing from Lattices Without FHE , 2019, IACR Cryptol. ePrint Arch..

[11]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[12]  Yuval Ishai,et al.  Group-Based Secure Computation: Optimizing Rounds, Communication, and Computation , 2017, EUROCRYPT.

[13]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[14]  Ron Rothblum,et al.  Spooky Encryption and Its Applications , 2016, CRYPTO.

[15]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[16]  Yuval Ishai,et al.  Correlated Pseudorandom Functions from Variable-Density LPN , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[17]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[18]  Yuval Ishai,et al.  Homomorphic Secret Sharing: Optimizations and Applications , 2017, CCS.

[19]  Richard Cleve,et al.  Towards optimal simulations of formulas by bounded-width programs , 1990, STOC '90.

[20]  Yvo Desmedt,et al.  A Generalization and a Variant of Two Threshold Cryptosystems Based on Factoring , 2007, ISC.

[21]  Jonathan Katz,et al.  Threshold Cryptosystems Based on Factoring , 2002, ASIACRYPT.

[22]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators: Silent OT Extension and More , 2019, IACR Cryptol. ePrint Arch..

[23]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[24]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[25]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators from Ring-LPN , 2020, CRYPTO.

[26]  Yuval Ishai,et al.  Cryptography with Constant Input Locality , 2007, Journal of Cryptology.

[27]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[28]  Yuval Ishai,et al.  Breaking the Circuit Size Barrier for Secure Computation Under DDH , 2016, CRYPTO.

[29]  Ivan Damgård,et al.  The Theory and Implementation of an Electronic Voting System , 2003, Secure Electronic Voting.

[30]  Emmanuel Bresson,et al.  A Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and Its Applications , 2003, ASIACRYPT.

[31]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..