Efficient Cryptographic Protocol Design Based on Distributed El Gamal Encryption

  • Felix Brandt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


We propose a set of primitives based on El Gamal encryption that can be used to construct efficient multiparty computation protocols for certain low-complexity functions. In particular, we show how to privately count the number of true Boolean disjunctions of literals and pairwise exclusive disjunctions of literals. Applications include efficient two-party protocols for computing the Hamming distance of two bitstrings and the greater-than function. The resulting protocols only require 6 rounds of interaction (in the random oracle model) and their communication complexity is \(\mathcal{O}(kQ)\) where k is the length of bit-strings and Q is a security parameter. The protocols are secure against active adversaries but do not provide fairness. Security relies on the decisional Diffie-Hellman assumption and error probability is negligible in Q.


Communication Complexity Discrete Logarithm Homomorphic Encryption Random Oracle Model Secure Multiparty Computation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ACS02]
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [AMP04]
    Aggarwal, G., Mishra, N., Pinkas, B.: Secure computation of the kth-ranked element. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 40–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BF97]
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 425–439. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. [BFKR90]
    Beaver, D., Feigenbaum, J., Kilian, J., Rogaway, P.: Security with low communication overhead. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 62–76. Springer, Heidelberg (1991)Google Scholar
  5. [BGN05]
    Boneh, D., Goh, E., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. [BMR90]
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: Proc. of 22nd STOC, pp. 503–513. ACM Press, New York (1990)Google Scholar
  7. [BST01]
    Boudot, F., Schoenmakers, B., Traoré, J.: A fair and efficient solution to the socialist millionaires’ problem. Discrete Applied Mathematics 111(1-2), 23–36 (2001)MathSciNetCrossRefMATHGoogle Scholar
  8. [CC00]
    Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. [CDN01]
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. [CDS94]
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  11. [CGS97]
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)Google Scholar
  12. [CP92]
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 3.1–3.6. Springer, Heidelberg (1993)Google Scholar
  13. [Dam02]
    Damgård, I.: On Σ-protocols. Lecture Notes, University of Aarhus, Department for Computer Science (2002)Google Scholar
  14. [DDO+01]
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. [DK01]
    Damgård, I., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 152–165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. [El 85]
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  17. [Fis01]
    Fischlin, M.: A cost-effective pay-per-multiplication comparison method for millionaires. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 457–472. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. [FS87]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 186–194. Springer, Heidelberg (1988)Google Scholar
  19. [Gil99]
    Gilboa, N.: Two party RSA key generation. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999)Google Scholar
  20. [GJKR99]
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  21. [GJKR03]
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Applications of Pedersen’s distributed key generation protocol. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 373–390. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proc. of 19th STOC, pp. 218–229. ACM Press, New York (1987)Google Scholar
  23. [GMY04]
    Garay, J., MacKenzie, P., Yang, K.: Efficient and secure multi-party computation with faulty majority and complete fairness (to appear, 2004)Google Scholar
  24. [Gro03]
    Groth, J.: A verifiable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. [IG03]
    Ioannidis, I., Grama, A.: An efficient protocol for Yao’s millionaires’ problem. In: Proc. of 36th Hawaii International Conference on System Sciences (HICSS), pp. 205–210. IEEE Press, Los Alamitos (2003)Google Scholar
  26. [IK00]
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: Proc. of 41st FOCS Symposium, pp. 294–304. IEEE Press, Los Alamitos (2000)Google Scholar
  27. [JJ00]
    Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  28. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proc. of 20th ACM STOC, pp. 20–31. ACM Press, New York (1988)Google Scholar
  29. [KO02]
    Kurosawa, K., Ogata, W.: Bit-slice auction circuit. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 24–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. [Lin01]
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 171–189. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. [LT05]
    Lin, H.-Y., Tzeng, W.-G.: An efficient solution to the Millionaires’ Problem based on homomorphic encryption. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 456–466. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. [NN01]
    Naor, M., Nissim, K.: Communication preserving protocols for secure function evaluation. In: Proc. of 33rd STOC, pp. 590–599. ACM Press, New York (2001)Google Scholar
  33. [NPS99]
    Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: Proc. of 1st ACM Conference on E-Commerce, pp. 129–139. ACM Press, New York (1999)CrossRefGoogle Scholar
  34. [Pai99]
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  35. [PBDL04]
    Peng, K., Boyd, C., Dawson, E., Lee, B.: An efficient and verifiable solution to the millionaire problem. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 51–66. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  36. [Ped91]
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  37. [Sch91]
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)CrossRefMATHGoogle Scholar
  38. [Sch96]
    Schneier, B.: Applied Cryptography, 2nd edn. John Wiley, Chichester (1996)MATHGoogle Scholar
  39. [ST04]
    Schoenmakers, B., Tuyls, P.: Practical two-party computation based on the conditional gate. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 119–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  40. [TY98]
    Tsiounis, Y., Yung, M.: On the security of ElGamal-based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  41. [Yao82]
    Yao, A.C.: Protocols for secure computation. In: Proc. of 23th FOCS Symposium, pp. 160–164. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
  42. [Yao86]
    Yao, A.C.: How to generate and exchange secrets. In: Proc. of 27th FOCS Symposium, pp. 162–167. IEEE Computer Society Press, Los Alamitos (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Felix Brandt
    • 1
  1. 1.Stanford UniversityStanfordUSA

Personalised recommendations