On Bringer-Chabanne EPIR Protocol for Polynomial Evaluation (original) (raw)

On the Bringer–Chabanne EPIR protocol for polynomial evaluation

Journal of Mathematical Cryptology, 2012

Extended private information retrieval (EPIR) was defined by [6] at CANS'07 and generalized by [5] at AFRICACRYPT'09. In the generalized setting, EPIR allows a user to evaluate a function on a database block such that the database can learn neither which function has been evaluated nor on which block the function has been evaluated and the user learns no more information on the database blocks except for the expected result. An EPIR protocol for evaluating polynomials over a finite field L was proposed by Bringer and Chabanne in [5]. We show that the protocol does not satisfy the correctness requirement as they have claimed. In particular, we show that it does not give the user the expected result with large probability if one of the coefficients of the polynomial to be evaluated is primitive in L and the others belong to the prime subfield of L.

Сomputationally Efficient Private Information Retrieval Protocol

Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2016

This paper describes a new computationally efficient private information retrieval protocol for one q-ary symbol retrieving. The main advantage of the proposed solution lies in a low computational complexity of information extraction procedure, as well as the constructive simplicity and flexibility in choosing the system parameters. Such results are based on cosets properties. The proposed protocol has communication complexity slightly worse than the best schemes at the moment, which is based on locally decodable codes, but it can be easily built for any parameters of the system, as opposed to codes. In comparison with similar solutions based on polynomials, the proposed method gains in computational complexity, which is important especially for servers which must service multiple requests from multiple users. Keywords private information retrieval protocol, polynomial interpolation, Galois group cosets over the finite fields, Lagrange, locally decodable codes УДК 004.056.5

Secure Multiparty Computation via Oblivious Polynomial Evaluation

Theory and Practice of Cryptography Solutions for Secure Information Systems, 2013

The number of opportunities for cooperative computation has exponentially been increasing with growing interaction via Internet technologies. These computations could occur between almost trusted partners, between partially trusted partners, or even between competitors. Most of the time, the communicating parties may not want to disclose their private data to the other principal while taking the advantage of collaboration, hence concentrating on the results rather than private data values. For performing such computations, one party must know inputs from all the participants; however, if none of the parties can be trusted enough to know all the inputs, privacy will become a primary concern. Hence, the techniques for Secure Multiparty Computation (SMC) are quite relevant and practical to overcome such kind of privacy gaps. The subject of SMC has evolved from earlier solutions of combinational logic circuits to the recent proposals of anonymity-enabled computation. In this chapter, the authors put together the significant research that has been carried out on SMC. They demonstrate the concept by concentrating on a specific technique called Oblivious Polynomial Evaluation (OPE) together with concrete examples. The authors put critical issues and challenges and the level of adaptation achieved before the researchers. They also provide some future research proposals based on the literature survey.

Extended Private Information Retrieval and Its Application in Biometrics Authentications

Lecture Notes in Computer Science, 2007

In this paper we generalize the concept of Private Information Retrieval (PIR) by formalizing a new cryptographic primitive, named Extended Private Information Retrieval (EPIR). Instead of enabling a user to retrieve a bit (or a block) from a database as in the case of PIR, an EPIR protocol enables a user to evaluate a function f which takes a string chosen by the user and a block from the database as input. Like PIR, EPIR can also be considered as a special case of the secure two-party computation problem (and more specifically the oblivious function evaluation problem). We propose two EPIR protocols, one for testing equality and the other for computing Hamming distance. As an important application, we show how to construct strong privacy-preserving biometric-based authentication schemes by employing these EPIR protocols.

Information-theoretically secure oblivious polynomial evaluation in the commodity-based model

International Journal of Information Security, 2014

Oblivious polynomial evaluation (OPE) consists of a two-party protocol where a sender inputs a polynomial p(x), and a receiver inputs a single value x 0 . At the end of the protocol, the sender learns nothing and the receiver learns p(x 0 ). This paper deals with the problem of oblivious polynomial evaluation under an information-theoretic perspective, which is based on recent definitions of Unconditional Security developed by Crépeau et al. [7]. In this paper, we propose an information-theoretic model for oblivious polynomial evaluation relying on pre-distributed data, and prove very general lower bounds on the size of the pre-distributed data, as well as the size of the communications in any protocol. It is demonstrated that these bounds are tight by obtaining a round-optimal OPE protocol, which meets the lower bounds simultaneously. We present a natural generalization to OPE called oblivious linear functional evaluation. Additionally, the proposed model is applied to solving the Oblivious Equality Testing Problem.

Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications

Lecture Notes in Computer Science, 2011

We present a robust secure methodology for computing functions that are represented as multivariate polynomials where parties hold different variables as private inputs. Our generic efficient protocols are fully black-box and employ threshold additive homomorphic encryption. They do not assume honest majority, yet are robust and can detect any misbehavior. We achieve a solution that both, takes advantage of the algebraic structure of the polynomials, and is polynomial-time in all parameters (security parameter, polynomial size, polynomial degree, number of parties). It further exploits a "round table" communication paradigm to reduce the complexity in the number of parties. A large collection of problems are naturally and efficiently represented as multivariate polynomials over a field or a ring: problems from linear algebra, statistics, logic, as well as operations on sets represented as polynomials. In particular, we present a new efficient solution to the multi-party set intersection problem, and a solution for a multi-party variant of the polynomial reconstruction problem.

Cryptonomial: A Framework for Private Time-Series Polynomial Calculations

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2021

In modern times, data collected from multiuser distributed applications must be analyzed on a massive scale to support critical business objectives. While analytics often requires the use of personal data, it may compromise user privacy expectations if this analysis is conducted over plaintext data. Private Stream Aggregation (PSA) allows for the aggregation of time-series data, while still providing strong privacy guarantees, and is significantly more efficient over a network than related techniques (e.g. homomorphic encryption, secure multiparty computation, etc.) due to its asynchronous and efficient protocols. However, PSA protocols face limitations and can only compute basic functions, such as sum, average, etc.. We present Cryptonomial, a framework for converting any PSA scheme amenable to a complex canonical embedding into a secure computation protocol that can compute any function over timeseries data that can be written as a multivariate polynomial, by combining PSA and a Trusted Execution Environment. This design allows us to compute the parallelizable sections of our protocol outside the TEE using advanced hardware, that can take better advantage of parallelism. We show that Cryptonomial inherits the security requirements of PSA, and supports fully malicious security. We simulate our scheme, and show that our techniques enable performance that is orders of magnitude faster than similar work supporting polynomial calculations.

Efficient Protocols for Private Database Queries

Lecture Notes in Computer Science, 2017

We consider the problem of processing private database queries over encrypted data in the cloud. To do this, we propose a protocol for conjunctive query and another for disjunctive query processing using somewhat homomorphic encryption in the semi-honest model. In 2016, Kim et al. [IEEE Trans. on Dependable and Secure Comput.] showed an FHE-based query processing with equality conditions over encrypted data. We improve the performance of processing private conjunctive and disjunctive queries with the low-depth equality circuits than Kim et al.'s circuits. To get the low-depth circuits, we modify the packing methods of Saha and Koshiba [APWConCSE 2016] to support an efficient batch computation for our protocols with a few multiplications. Our implementation shows that our protocols work faster than Kim et al.'s protocols for both conjunctive and disjunctive query processing along with a better security level. We are also able to provide security to both attributes and values appeared in the predicate of the conjunctive and disjunctive queries whereas Kim et al. provided the security to the values only.

Highly Efficient and Reusable Private Function Evaluation with Linear Complexity

IACR Cryptol. ePrint Arch., 2018

Private function evaluation aims to securely compute a function f(x1, . . . , xn) without leaking any information other than what is revealed by the output, where f is a private input of one of the parties (say Party1) and xi is a private input of the i-th party Partyi. In this work, we propose a novel and secure two-party private function evaluation (2PFE) scheme based on the DDH assumption. Our scheme introduces a reusability feature that significantly improves the state-of-the-art. Accordingly, our scheme has two variants, one is utilized in the initial execution of the function f , and the other is utilized in its subsequent evaluations. To the best of our knowledge, this is the first and most efficient 2PFE scheme that enjoys a reusablity feature. Our protocols achieve linear communication and computation complexities and a constant number of rounds which is at most three.

Selective private function evaluation with applications to private statistics

2001

Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client interacts with one or more servers holding copies of a database z = zt,...,z, in order to compute f (z~t,...,z~,,,) , for some function f and indices i = it,...,i,~ chosen by the client. Ideally, the client must learn nothing more about the database than f (zit,..., zi,,~), and the servers should learn nothing.