Efficient Cryptographic Protocol Design Based on Distributed El Gamal Encryption

  • Felix Brandt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)

Abstract

We propose a set of primitives based on El Gamal encryption that can be used to construct efficient multiparty computation protocols for certain low-complexity functions. In particular, we show how to privately count the number of true Boolean disjunctions of literals and pairwise exclusive disjunctions of literals. Applications include efficient two-party protocols for computing the Hamming distance of two bitstrings and the greater-than function. The resulting protocols only require 6 rounds of interaction (in the random oracle model) and their communication complexity is \(\mathcal{O}(kQ)\) where k is the length of bit-strings and Q is a security parameter. The protocols are secure against active adversaries but do not provide fairness. Security relies on the decisional Diffie-Hellman assumption and error probability is negligible in Q.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ACS02]
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [AMP04]
    Aggarwal, G., Mishra, N., Pinkas, B.: Secure computation of the kth-ranked element. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 40–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BF97]
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 425–439. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. [BFKR90]
    Beaver, D., Feigenbaum, J., Kilian, J., Rogaway, P.: Security with low communication overhead. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 62–76. Springer, Heidelberg (1991)Google Scholar
  5. [BGN05]
    Boneh, D., Goh, E., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. [BMR90]
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: Proc. of 22nd STOC, pp. 503–513. ACM Press, New York (1990)Google Scholar
  7. [BST01]
    Boudot, F., Schoenmakers, B., Traoré, J.: A fair and efficient solution to the socialist millionaires’ problem. Discrete Applied Mathematics 111(1-2), 23–36 (2001)MathSciNetCrossRefMATHGoogle Scholar
  8. [CC00]
    Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. [CDN01]
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. [CDS94]
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  11. [CGS97]
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)Google Scholar
  12. [CP92]
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 3.1–3.6. Springer, Heidelberg (1993)Google Scholar
  13. [Dam02]
    Damgård, I.: On Σ-protocols. Lecture Notes, University of Aarhus, Department for Computer Science (2002)Google Scholar
  14. [DDO+01]
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. [DK01]
    Damgård, I., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 152–165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. [El 85]
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  17. [Fis01]
    Fischlin, M.: A cost-effective pay-per-multiplication comparison method for millionaires. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 457–472. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. [FS87]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 186–194. Springer, Heidelberg (1988)Google Scholar
  19. [Gil99]
    Gilboa, N.: Two party RSA key generation. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999)Google Scholar
  20. [GJKR99]
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  21. [GJKR03]
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Applications of Pedersen’s distributed key generation protocol. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 373–390. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proc. of 19th STOC, pp. 218–229. ACM Press, New York (1987)Google Scholar
  23. [GMY04]
    Garay, J., MacKenzie, P., Yang, K.: Efficient and secure multi-party computation with faulty majority and complete fairness (to appear, 2004)Google Scholar
  24. [Gro03]
    Groth, J.: A verifiable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. [IG03]
    Ioannidis, I., Grama, A.: An efficient protocol for Yao’s millionaires’ problem. In: Proc. of 36th Hawaii International Conference on System Sciences (HICSS), pp. 205–210. IEEE Press, Los Alamitos (2003)Google Scholar
  26. [IK00]
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: Proc. of 41st FOCS Symposium, pp. 294–304. IEEE Press, Los Alamitos (2000)Google Scholar
  27. [JJ00]
    Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  28. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proc. of 20th ACM STOC, pp. 20–31. ACM Press, New York (1988)Google Scholar
  29. [KO02]
    Kurosawa, K., Ogata, W.: Bit-slice auction circuit. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 24–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. [Lin01]
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 171–189. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. [LT05]
    Lin, H.-Y., Tzeng, W.-G.: An efficient solution to the Millionaires’ Problem based on homomorphic encryption. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 456–466. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. [NN01]
    Naor, M., Nissim, K.: Communication preserving protocols for secure function evaluation. In: Proc. of 33rd STOC, pp. 590–599. ACM Press, New York (2001)Google Scholar
  33. [NPS99]
    Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: Proc. of 1st ACM Conference on E-Commerce, pp. 129–139. ACM Press, New York (1999)CrossRefGoogle Scholar
  34. [Pai99]
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  35. [PBDL04]
    Peng, K., Boyd, C., Dawson, E., Lee, B.: An efficient and verifiable solution to the millionaire problem. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 51–66. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  36. [Ped91]
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  37. [Sch91]
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)CrossRefMATHGoogle Scholar
  38. [Sch96]
    Schneier, B.: Applied Cryptography, 2nd edn. John Wiley, Chichester (1996)MATHGoogle Scholar
  39. [ST04]
    Schoenmakers, B., Tuyls, P.: Practical two-party computation based on the conditional gate. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 119–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  40. [TY98]
    Tsiounis, Y., Yung, M.: On the security of ElGamal-based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  41. [Yao82]
    Yao, A.C.: Protocols for secure computation. In: Proc. of 23th FOCS Symposium, pp. 160–164. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
  42. [Yao86]
    Yao, A.C.: How to generate and exchange secrets. In: Proc. of 27th FOCS Symposium, pp. 162–167. IEEE Computer Society Press, Los Alamitos (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Felix Brandt
    • 1
  1. 1.Stanford UniversityStanfordUSA

Personalised recommendations