Invertible Polynomial Representation for Private Set Operations

  • Jung Hee CheonEmail author
  • Hyunsook Hong
  • Hyung Tae Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8565)


In many private set operations, a set is represented by a polynomial over a ring \(\mathbb {Z}_\sigma \) for a composite integer \(\sigma \), where \(\mathbb {Z}_\sigma \) is the message space of some additive homomorphic encryption. While it is useful for implementing set operations with polynomial additions and multiplications, it has a limitation that it is hard to recover a set from a polynomial due to the hardness of polynomial factorization over \(\mathbb {Z}_\sigma \).

We propose a new representation of a set by a polynomial over \(\mathbb {Z}_\sigma \), in which \(\sigma \) is a composite integer with known factorization but a corresponding set can be efficiently recovered from a polynomial except negligible probability. Since \(\mathbb {Z}_\sigma [x]\) is not a unique factorization domain, a polynomial may be written as a product of linear factors in several ways. To exclude irrelevant linear factors, we introduce a special encoding function which supports early abort strategy. Our representation can be efficiently inverted by computing all the linear factors of a polynomial in \(\mathbb {Z}_\sigma [x]\) whose roots locate in the image of the encoding function.

As an application of our representation, we obtain a constant-round private set union protocol. Our construction improves the complexity than the previous without honest majority.


Polynomial representation Polynomial factorization Root finding Privacy-preserving set union 



We thank Jae Hong Seo for helpful comments on our preliminary works and anonymous reviewers for their valuable comments. This work was supported by the IT R&D program of MSIP/KEIT. [No. 10047212, Development of homomorphic encryption supporting arithmetics on ciphertexts of size less than 1kB and its applications].


  1. 1.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Simon, J. (ed.) ACM Symposium on Theory of Computing (STOC), pp. 1–10. ACM (1988)Google Scholar
  2. 2.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Cheon, J.H., Hong, H., Lee, H.T.: Invertible polynomial representation for set operations. Cryptology ePrint Archive, Report 2012/526 (2012).
  4. 4.
    De Cristofaro, E., Kim, J., Tsudik, G.: Linear-complexity private set intersection protocols secure in malicious model. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 213–231. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 143–159. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Fouque, P.-A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 90–104. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Frikken, K.B.: Privacy-preserving set union. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 237–252. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A.V. (ed.) ACM Symposium on Theory of Computing (STOC), pp. 218–229. ACM (1987)Google Scholar
  10. 10.
    Hong, J., Kim, J.W., Kim, J., Park, K., Cheon, J.H.: Constant-round privacy preserving multiset union. Bull. Korean Math. Soc. 50(6), 1799–1816 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Jarecki, S., Liu, X.: Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Kuhn, F., Struik, R.: Random walks revisited: extensions of pollard’s rho algorithm for computing multiple discrete logarithms. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 212–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Lee, H.T.: Polynomial Factorization and Its Applications. Ph.D. thesis, Seoul National University, February 2013Google Scholar
  15. 15.
    Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: Gong, L., Reiter, M.K. (eds.) ACM Conference on Computer and Communications Security (ACM CCS), pp. 59–66. ACM (1998)Google Scholar
  16. 16.
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Sang, Y., Shen, H.: Efficient and secure protocols for privacy-preserving set operations. ACM Trans. Inf. Syst. Secur. 13(1), 9:1–9:35 (2009)CrossRefGoogle Scholar
  19. 19.
    Seo, J.H., Cheon, J.H., Katz, J.: Constant-round multi-party private set union using reversed Laurent series. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 398–412. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Shamir, A.: On the generation of multivariate polynomials which are hard to factor. In: Kosaraju, S.R., Johnson, D.S., Aggarwal, A. (eds.) ACM Symposium on Theory of Computing (STOC), pp. 796–804. ACM (1993)Google Scholar
  21. 21.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Umans, C.: Fast polynomial factorization and modular composition in small characteristic. In: Dwork, C. (ed.) ACM Symposium on Theory of Computing (STOC), pp. 481–490. ACM (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jung Hee Cheon
    • 1
    Email author
  • Hyunsook Hong
    • 1
  • Hyung Tae Lee
    • 1
  1. 1.CHRI and Department of Mathematical SciencesSeoul National UniversitySeoulKorea

Personalised recommendations