Evaluating 2-DNF Formulas on Ciphertexts

  • Dan Boneh
  • Eu-Jin Goh
  • Kobbi Nissim
Conference paper

DOI: 10.1007/978-3-540-30576-7_18

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)
Cite this paper as:
Boneh D., Goh EJ., Nissim K. (2005) Evaluating 2-DNF Formulas on Ciphertexts. In: Kilian J. (eds) Theory of Cryptography. TCC 2005. Lecture Notes in Computer Science, vol 3378. Springer, Berlin, Heidelberg


Let ψ be a 2-DNF formula on boolean variables x1,...,xn ∈ {0,1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,...,xn. In other words, given the encryption of the bits x1,...,xn, anyone can create the encryption of ψ(x1,...,xn). More generally, we can evaluate quadratic multi-variate polynomials on ciphertexts provided the resulting value falls within a small set. We present a number of applications of the system:

  1. 1

    In a database of size n, the total communication in the basic step of the Kushilevitz-Ostrovsky PIR protocol is reduced from \(\sqrt{n}\) to \(\sqrt[3]{n}\).

  2. 2

    An efficient election system based on homomorphic encryption where voters do not need to include non-interactive zero knowledge proofs that their ballots are valid. The election system is proved secure without random oracles but still efficient.

  3. 3

    A protocol for universally verifiable computation.


Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Dan Boneh
    • 1
  • Eu-Jin Goh
    • 1
  • Kobbi Nissim
    • 2
  1. 1.Computer Science DepartmentStanford UniversityStanfordUSA
  2. 2.Department of Computer ScienceBen-Gurion UniversityBeer-ShevaIsrael

Personalised recommendations