Practical Two-Party Computation Based on the Conditional Gate

  • Berry Schoenmakers
  • Pim Tuyls
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3329)


We present new results in the framework of secure multiparty computation based on homomorphic threshold cryptosystems. We introduce the conditional gate as a special type of multiplication gate that can be realized in a surprisingly simple and efficient way using just standard homomorphic threshold ElGamal encryption. As addition gates are essentially for free, the conditional gate not only allows for building a circuit for any function, but actually yields efficient circuits for a wide range of tasks.


Multiplication Gate Elementary Gate Secure Multiparty Computation Round Complexity ElGamal Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ACS02]
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [BST01]
    Boudot, F., Schoenmakers, B., Traoré, J.: A fair and effcient solution to the socialist millionaires’ problem. Discrete Applied Mathematics 111(1–2), 23–36 (2001); Special issue on Coding and CryptologyzbMATHCrossRefMathSciNetGoogle Scholar
  3. [Cac99]
    Cachin, C.: Efficient private bidding and auctions with an oblivious third party. In: 6th ACM Conference on Computer and Communications Security, pp. 120–127. ACM Press, New York (1999)CrossRefGoogle Scholar
  4. [CDN01]
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [CDS94]
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  6. [CS02]
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. [DJ03]
    Damgård, I., Jurik, M.: A length-flexible threshold cryptosystem with applications. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 350–364. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. [DN03]
    Damgård, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. [FH96]
    Franklin, M., Haber, S.: Joint encryption and message-efficient secure computation. Journal of Cryptology 9(4), 217–232 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  10. [Fis01]
    Fischlin, M.: A cost-effective pay-per-multiplication comparison method for millionaires. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 457–471. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. [Gil99]
    Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999)Google Scholar
  12. [GJKR99]
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  13. [GJKR03]
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure applications of Pedersen’s distributed key generation protocol. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 373–390. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. [GM84]
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  15. [GMY04a]
    Garay, G., MacKenzie, P., Yang, K.: Efficient and universally composable committed oblivious transfer and applications. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 297–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. [GMY04b]
    Garay, J., MacKenzie, P., Yang, K.: Efficient and secure multi-party computation with faulty majority and complete fairness (2004) (submitted), Available at
  17. [Gro03]
    Groth, J.: A verifable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. [IG03]
    Ioannidis, I., Grama, A.: An efficient protocol for Yao’s millionaires’ problem. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS 2003), 6 pages. IEEE, Los Alamitos (2003)Google Scholar
  19. [JJ00]
    Juels, A., Jakobsson, M.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. [JY96]
    Jakobsson, M., Yung, M.: Proving without knowing: On oblivious, agnostic and blindfolded provers. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 186–200. Springer, Heidelberg (1996)Google Scholar
  21. [KMO01]
    Katz, J., Myers, S., Ostrovsky, R.: Cryptographic counters and applications to electronic voting. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 78–92. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. [KO02]
    Kurosawa, K., Ogata, W.: Bit-slice auction circuit. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 24–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. [MNPS04]
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay—a secure two-party computation system. In: Proceedings of Usenix Security 2004, August 9–13 (2004) (to appear)Google Scholar
  24. [NN01]
    Naor, M., Nissim, K.: Communication complexity and secure function evaluation. In: Mixer II, NEC Research Institute, Princeton, New Jersey. DIMACS Mixer Series, October 9 (2001)Google Scholar
  25. [Ped91]
    Pedersen, T.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  26. [Pin03]
    Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. [Yao82]
    Yao, A.: Protocols for secure computations. In: Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS 1982), pp. 160–164. IEEE Computer Society, Los Alamitos (1982)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Berry Schoenmakers
    • 1
  • Pim Tuyls
    • 2
  1. 1.Dept. of Mathematics and Computing ScienceTU EindhovenEindhovenThe Netherlands
  2. 2.Philips Research LabsEindhovenThe Netherlands

Personalised recommendations