Homomorphic Secret Sharing from Paillier Encryption

A recent breakthrough by Boyle et al. [7] demonstrated secure function evaluation protocols for branching programs, where the communication complexity is sublinear in the size of the circuit (indeed just linear in the size of the inputs, and polynomial in the security parameter). Their result is based on the Decisional Diffie-Hellman assumption (DDH), using (variants of) the ElGamal cryptosystem. In this work, we extend their result to show a construction based on the circular security of the Paillier encryption scheme. We also offer a few optimizations to the scheme, including an alternative to the “Las Vegas”-style share conversion protocols of [7, 9] which directly checks the correctness of the computation. This allows us to reduce the number of required repetitions to achieve a desired overall error bound by a constant fraction for typical cases, and for large programs, reduces the total computation cost.

[1]  Daniel Wichs,et al.  Obfuscating Compute-and-Compare Programs under LWE , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[2]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[3]  Chris Peikert,et al.  Three's Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE , 2016, CRYPTO.

[4]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[5]  Yuval Ishai,et al.  Computationally Private Randomizing Polynomials and Their Applications , 2005, Computational Complexity Conference.

[6]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[7]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[8]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[9]  Yuval Ishai,et al.  Group-Based Secure Computation: Optimizing Rounds, Communication, and Computation , 2017, EUROCRYPT.

[10]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[11]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[12]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[13]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[14]  David Cash,et al.  Cryptographic Agility and Its Relation to Circular Encryption , 2010, EUROCRYPT.

[15]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[16]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[17]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[18]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.

[19]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[20]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[21]  Ron Rothblum,et al.  On the Circular Security of Bit-Encryption , 2013, TCC.

[22]  Yuval Ishai,et al.  Breaking the Circuit Size Barrier for Secure Computation Under DDH , 2016, CRYPTO.

[23]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[24]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[25]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[26]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[27]  Mads J. Jurik,et al.  Extensions to the Paillier Cryptosystem with Applications to Cryptological Protocols , 2003 .

[28]  Allison Bishop,et al.  New Circular Security Counterexamples from Decision Linear and Learning with Errors , 2015, ASIACRYPT.

[29]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[30]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[31]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[32]  Craig Gentry,et al.  Fully Homomorphic Encryption without Squashing Using Depth-3 Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[33]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[34]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[35]  Claudio Orlandi,et al.  Obfuscation ==> (IND-CPA Security =/=> Circular Security) , 2013, IACR Cryptol. ePrint Arch..

[36]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[37]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[38]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[39]  Brent Waters,et al.  Separating IND-CPA and Circular Security for Unbounded Length Key Cycles , 2017, Public Key Cryptography.

[40]  Ivan Damgård,et al.  A Length-Flexible Threshold Cryptosystem with Applications , 2003, ACISP.

[41]  Matthew Green,et al.  New Definitions and Separations for Circular Security , 2012, Public Key Cryptography.

[42]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[43]  Brent Waters,et al.  Circular Security Separations for Arbitrary Length Cycles from LWE , 2016, CRYPTO.

[44]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[45]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[46]  Moon Sung Lee,et al.  On the sparse subset sum problem from Gentry-Halevi's implementation of fully homomorphic encryption , 2011, IACR Cryptol. ePrint Arch..