A New Protocol for Conditional Disclosure of Secrets and Its Applications

  • Sven Laur
  • Helger Lipmaa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4521)


Many protocols that are based on homomorphic encryption are private only if a client submits inputs from a limited range \(\mathcal{S}\). Conditional disclosure of secrets (CDS) helps to overcome this restriction. In a CDS protocol for a set \(\mathcal{S}\), the client obtains server’s secret if and only if the client’s inputs belong to \(\mathcal{S}\) and thus the server can guard itself against malformed queries. We extend the existing CDS protocols to work over additively homomorphic cryptosystems for every set from NP/ poly. The new construction is modular and easy to apply. As an example, we derive a new oblivious transfer protocol with log-squared communication and a millionaire’s protocol with logarithmic communication. We also implement private, universally verifiable and robust multi-candidate electronic voting so that all voters only transmit an encryption of their vote. The only hardness assumption in all these protocols is that the underlying public-key cryptosystem is IND-CPA secure and the plaintext order does not have small factors.


Conditional disclosure of secrets crypto-computing homomorphic encryption oblivious transfer two-party computation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AIR01]
    Aiello, W., Ishai, Y., Reingold, O.: Priced Oblivious Transfer: How to Sell Digital Goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 119. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. [BGN05]
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF Formulas on Ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)Google Scholar
  3. [BK04]
    Blake, I.F., Kolesnikov, V.: Strong Conditional Oblivious Transfer and Computing on Intervals. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 515–529. Springer, Heidelberg (2004)Google Scholar
  4. [BL88]
    Benaloh, J.C., Leichter, J.: Generalized Secret Sharing and Monotone Functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)Google Scholar
  5. [CGS97]
    Cramer, R.J.F., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)Google Scholar
  6. [Cha04]
    Chang, Y.-C.: Single Database Private Information Retrieval with Logarithmic Communication. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 50–61. Springer, Heidelberg (2004)Google Scholar
  7. [DJ01]
    Damgård, I., Jurik, M.: A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. [Elg85]
    Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4) (1985)Google Scholar
  9. [Fis01]
    Fischlin, M.: A Cost-Effective Pay-Per-Multiplication Comparison Method for Millionaires. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 457. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. [FNP04]
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient Private Matching and Set Intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)Google Scholar
  11. [GIKM00]
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting Data Privacy in Private Information Retrieval Schemes. Journal of Computer and System Sciences 60(3) (2000)Google Scholar
  12. [GLLM04]
    Goethals, B., Laur, S., Lipmaa, H., Mielikäinen, T.: On Private Scalar Product Computation for Privacy-Preserving Data Mining. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 104–120. Springer, Heidelberg (2005)Google Scholar
  13. [GM82]
    Goldwasser, S., Micali, S.: Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information. In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, ACM Press, New York (1982)Google Scholar
  14. [GR05]
    Gentry, C., Ramzan, Z.: Single-Database Private Information Retrieval with Constant Communication Rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)Google Scholar
  15. [Kal05]
    Kalai, Y.T.: Smooth Projective Hashing and Two-Message Oblivious Transfer. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005)Google Scholar
  16. [KS05]
    Kissner, L., Song, D.: Privacy-Preserving Set Operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005)Google Scholar
  17. [LAN02]
    Lipmaa, H., Asokan, N., Niemi, V.: Secure Vickrey Auctions without Threshold Trust. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. [Len87]
    Lenstra Jr., H.W.: Factoring integers with Elliptic Curves. Annals of Mathematics 126(2) (1987)Google Scholar
  19. [Lip05]
    Lipmaa, H.: An Oblivious Transfer Protocol with Log-Squared Communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)Google Scholar
  20. [LLM05]
    Laur, S., Lipmaa, H., Mielikäinen, T.: Private Itemset Support Counting. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 97–111. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. [NP99]
    Naor, M., Pinkas, B.: Oblivious Transfer and Polynomial Evaluation. In: Proceedings of the Thirty-First Annual ACM Symposium on the Theory of Computing, ACM Press, New York (1999)Google Scholar
  22. [Pai99]
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999)Google Scholar
  23. [Ste98]
    Stern, J.P.: A New and Efficient All-Or-Nothing Disclosure of Secrets Protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  24. [SYY99]
    Sander, T., Young, A., Yung, M.: Non-Interactive CryptoComputing For NC1. In: 40th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  25. [WY04]
    Wright, R.N., Yang, Z.: Privacy-Preserving Bayesian Network Structure Computation on Distributed Heterogeneous Data. In: Proceedings of The Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM Press, New York (2004)Google Scholar
  26. [ZD06]
    Zimmermann, P., Dodson, B.: 20 Years of ECM. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 525–542. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. [Zim06b]
    Zimmermann, P.: Optimal Parameters for ECM, Available at as of May 2006

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Sven Laur
    • 1
  • Helger Lipmaa
    • 2
  1. 1.Helsinki University of TechnologyFinland
  2. 2.University College LondonUK

Personalised recommendations