Encryption Switching Protocols

  • Geoffroy Couteau
  • Thomas Peters
  • David Pointcheval
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9814)

Abstract

We formally define the primitive of encryption switching protocol (ESP), allowing to switch between two encryption schemes. Intuitively, this two-party protocol converts given ciphertexts from one scheme into ciphertexts of the same messages under the other scheme, for any polynomial number of switches, in any direction. Although ESP is a special kind of two-party computation protocol, it turns out that ESP implies general two-party computation (2-PC) under natural conditions. In particular, our new paradigm is tailored to the evaluation of functions over rings. Indeed, assuming the compatibility of two additively and multiplicatively homomorphic encryption schemes, switching ciphertexts makes it possible to efficiently reconcile the two internal laws. Since no such pair of public-key encryption schemes appeared in the literature, except for the non-interactive case of fully homomorphic encryption which still remains prohibitive in practice, we build the first multiplicatively homomorphic ElGamal-like encryption scheme over \((\mathbb {Z}_n,\times )\) as a complement to the Paillier encryption scheme over \((\mathbb {Z}_n,+)\), where n is a strong RSA modulus. Eventually, we also instantiate secure ESPs between the two schemes, in front of malicious adversaries. This enhancement relies on a new technique called refreshable twin ciphertext pool, which we show being of independent interest. We additionally prove this is enough to argue the security of our general 2-PC protocol against malicious adversaries.

Notes

Acknowledgments

We thank Fabrice Ben Hamouda for the fruitful discussions on the ElGamal variant. This work was supported in part by the European Research Council under the European Community’s Seventh Framework Programme (FP7/2007-2013 Grant Agreement no. 339563 – CryptoCloud). The second author is supported by the F.R.S-FNRS as a postdoctoral researcher.

References

  1. 1.
    Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer extensions with security for malicious adversaries. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 673–701. Springer, Heidelberg (2015)Google Scholar
  2. 2.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263–280. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Camenisch, J.L., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Couteau, G., Peters, T., Pointcheval, D.: Encryption switching protocols. Cryptology ePrint Archive, Report 2015/990 (2015). http://eprint.iacr.org/2015/990
  7. 7.
    Dachman-Soled, D., Malkin, T., Raykova, M., Yung, M.: Efficient robust private set intersection. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 125–142. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Damgård, I.B., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Damgård, I.B., Jurik, M.: Client/server tradeoffs for online elections. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 125–140. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Damgård, I.B., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Damgård, I., Zakarias, S.: Constant-overhead secure computation of Boolean circuits using preprocessing. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 621–641. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Demmler, D., Schneider, T., Zohner, M.: ABY-a framework for efficient mixed-protocol secure two-party computation. In: Network and Distributed System Security, NDSS (2015)Google Scholar
  14. 14.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Tran. Inf. Theory 31, 469–472 (1985)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Frederiksen, T.K., Nielsen, J.B., Orlandi, C.: Privacy-free garbled circuits with applications to efficient zero-knowledge. Cryptology ePrint Archive, Report 2014/598 (2014). http://eprint.iacr.org/2014/598
  16. 16.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    Gavin, G., Minier, M.: Oblivious multi-variate polynomial evaluation. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 430–442. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) 41st ACM STOC, pp. 169–178. ACM Press, May/June 2009Google Scholar
  19. 19.
    Gentry, C., Halevi, S., Jutla, C., Raykova, M.: Private database access with HE-over-ORAM architecture. Cryptology ePrint Archive, Report 2014/345 (2014). http://eprint.iacr.org/2014/345
  20. 20.
    Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T.: Efficient RSA key generation and threshold paillier in the two-party setting. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 313–331. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Henecka, W., Kögl, S., Sadeghi, A.R., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 2010, pp. 451–462. ACM Press, October 2010Google Scholar
  22. 22.
    Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS 2012. The Internet Society, February 2012Google Scholar
  23. 23.
    Jawurek, M., Kerschbaum, F., Orlandi, C.: Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. Cryptology ePrint Archive, Report 2013/073 (2013). http://eprint.iacr.org/2013/073
  24. 24.
    Kiayias, A., Tsiounis, Y., Yung, M.: Group encryption. Cryptology ePrint Archive, Report 2007/015 (2007). http://eprint.iacr.org/2007/015
  25. 25.
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Kranakis, E.: Primality and Cryptography. Wiley, Hoboken (1986)CrossRefMATHGoogle Scholar
  27. 27.
    Lim, H.W., Tople, S., Saxena, P., Chang, E.C.: Faster secure arithmetic computation using switchable homomorphic encryption. Cryptology ePrint Archive, Report 2014/539 (2014). http://eprint.iacr.org/2014/539
  28. 28.
    Lindell, Y., Pinkas, B.: Secure two-party computation via cut-and-choose oblivious transfer. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 329–346. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  29. 29.
    Lipmaa, H.: On diophantine complexity and statistical zero-knowledge arguments. Cryptology ePrint Archive, Report 2003/105 (2003). http://eprint.iacr.org/2003/105
  30. 30.
    Lipmaa, H., Toft, T.: Secure equality and greater-than tests with sublinear online complexity. In: Fomin, F.V., Freivalds, R., Kwiatkowska, M., Peleg, D. (eds.) ICALP 2013, Part II. LNCS, vol. 7966, pp. 645–656. Springer, Heidelberg (2013)Google Scholar
  31. 31.
    Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35, 1254–1281 (2006)MathSciNetCrossRefMATHGoogle Scholar
  32. 32.
    Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  33. 33.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  34. 34.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  35. 35.
    Ranellucci, S., Tapp, A., Zakarias, R.W.: Efficient generic zero-knowledge proofs from commitments. Cryptology ePrint Archive, Report 2014/934 (2014). http://eprint.iacr.org/2014/934
  36. 36.
    Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 688–689. Springer, Heidelberg (1990)Google Scholar
  37. 37.
    Solovay, R., Strassen, V.: A fast monte-carlo test for primality. SIAM J. Comput. 6(1), 84–85 (1977)MathSciNetCrossRefMATHGoogle Scholar
  38. 38.
    Stadler, M.A.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996)Google Scholar
  39. 39.
    Tassa, T., Jarrous, A., Ben-Ya’akov, Y.: Oblivious evaluation of multivariate polynomials. J. Math. Cryptol. 7, 1–29 (2013)MathSciNetCrossRefMATHGoogle Scholar
  40. 40.
    Tople, S., Shinde, S., Chen, Z., Saxena, P.: AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 1297–1310. ACM Press, November 2013Google Scholar
  41. 41.
    Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, October 1986Google Scholar
  42. 42.
    Ye, Q., Wang, H., Pieprzyk, J., Zhang, X.-M.: Efficient disjointness tests for private datasets. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 155–169. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  43. 43.
    Yu, C.-H., Yang, B.-Y.: Probabilistically correct secure arithmetic computation for modular conversion, zero test, comparison, MOD and exponentiation. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 426–444. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Geoffroy Couteau
    • 1
  • Thomas Peters
    • 2
  • David Pointcheval
    • 1
  1. 1.ENS, CNRS, INRIA, PSL Research UniversityParisFrance
  2. 2.UCLouvain, ICTEAMLouvain-la-NeuveBelgium

Personalised recommendations