Joint Encryption and Message-Efficient Secure Computation
It is easy to encrypt using the public keys of any subset of parties, such that it is hard to decrypt without the cooperation of every party in the subset.
It is easy for any private key holder to give a “witness” of its contribution to the decryption (e.g., for parallel decryption).
It is “blindable”: From an encrypted bit it is easy for anyone to compute a uniformly random encryption of the same bit.
It is “xor-homomorphic”: Prom two encrypted bits it is easy for anyone to compute an encryption of their xor.
It is “compact”: The size of an encryption does not depend on the number of participants.
Using this joint encryption scheme as a tool, we show how to reduce the message complexity of secure computation versus a passive adversary (gossiping faults).
KeywordsEncryption Scheme Quadratic Residue Message Complexity Boolean Circuit Quadratic Character
- 2.D. Chaum, I. Damgård, and J. van de Graaf, “Multiparty computations ensuring privacy of each party’s input and correctness of the result,” Crypto 1987, 87–119.Google Scholar
- 3.Y. Desmedt, “Society and group oriented cryptography: A new concept,” Crypto 1987, 120–127.Google Scholar
- 4.Y. Desmedt and Y. Frankel, “Threshold cryptosystems,” Crypto 1989, 307–315.Google Scholar
- 7.Z. Galil, S. Haber, and M. Yung, “Cryptographic computation: secure fault-tolerant protocols and the public-key model,” Crypto 1987, 135–155.Google Scholar
- 8.O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game,” STOC 1987, 218–229.Google Scholar
- 9.O. Goldreich and R. Vainish, “How to solve any protocol problem — an efficiency improvement,” Crypto 1987, 73–86.Google Scholar
- 12.S. Micali, “Fair public-key cryptosystems,” Crypto 1992, 3.11–3.24 (pre-proceedings abstracts).Google Scholar
- 13.S. Micali and P. Rogaway, “Secure Computation,” Crypto 1991, 392–404.Google Scholar
- 14.A. Yao, “How to generate and exchange secrets,” FOCS 1986, 162–167.Google Scholar