Practical and Secure Solutions for Integer Comparison

IACR Cryptol. ePrint Arch., 2021

In this paper, we propose a new protocol for secure integer comparison which consists of parties having each a private integer. The goal of the computation is to compare both integers securely and reveal to the parties a single bit that tells which integer is larger. Nothing more should be revealed. To achieve a low communication overhead, this can be done by using homomorphic encryption (HE). Our protocol relies on binary decision trees that is a special case of branching programs and can be implemented using HE. We assume a client-server setting where each party holds one of the integers, the client also holds the private key of a homomorphic encryption scheme and the evaluation is done by the server. In this setting, our protocol outperforms the original DGK protocol of Damgård et al. and reduces the running time by at least 45%. In the case where both inputs are encrypted, our scheme reduces the running time of a variant of DGK by 63%.

Lecture Notes in Computer Science, 2001

We introduce a new approach to multiparty computation (MPC) basing it on homomorphic threshold crypto-systems. We show that given keys for any sufficiently efficient system of this type, general MPC protocols for n parties can be devised which are secure against an active adversary that corrupts any minority of the parties. The total number of bits broadcast is O(nk|C|), where k is the security parameter and |C| is the size of a (Boolean) circuit computing the function to be securely evaluated. An earlier proposal by Franklin and Haber with the same complexity was only secure for passive adversaries, while all earlier protocols with active security had complexity at least quadratic in n. We give two examples of threshold cryptosystems that can support our construction and lead to the claimed complexities.

Financial Cryptography and Data Security, 2021

Secure comparison has been a fundamental challenge in privacypreserving computation, since its inception as Yao's millionaires' problem (FOCS 1982). In this work, we present a novel construction for general nparty private comparison, secure against an active adversary, in the dishonest majority setting. For the case of comparisons over fields, our protocol is more efficient than the best prior work (edaBits: Crypto 2020), with "1.5ˆbetter throughput in most adversarial settings, over 2.3ˆbetter throughput in particular in the passive, honest majority setting, and lower communication. Our comparisons crucially eliminate the need for bounded inputs as well as the need for statistical security that prior works require. An important consequence of removing this "slack" (a gap between the bit-length of the input and the MPC representation) is that multi-party computation (MPC) protocols can be run in a field of smaller size, reducing the overhead incurred by privacy-preserving computations. We achieve this novel construction using the commutative nature of addition over rings and fields. This makes the protocol both simple to implement and highly efficient and we provide an implementation in MP-SPDZ (CCS 2020).

2009

Secure Multiparty Computation (SMC) has gained tremendous importance with the growth of the Internet and E-commerce, where mutually untrusted parties need to jointly compute a function of their private inputs. However, SMC protocols usually have very high computational complexities, rendering them practically unusable. In this paper, we tackle the problem of comparing two input values in a secure distributed fashion. We propose efficient secure comparison protocols for both the homomorphic encryption and secret sharing schemes. We also give experimental results to show their practical relevance.

Journal of emerging technologies and innovative research, 2019

Now a days, with data mining computation being performed by cloud servers it is a problem to securely determining whether x>y, given two input values x, y, which are held as private inputs by two parties, respectively. The output which is result of comparison becomes known to both parties. In this paper we consider a variant of comparison problem in which the inputs x, y are encrypted and the actual values are not known to the parties. Our solution deals with single comparison; however, in many applications, we encounter situations where it is necessary to make multiple comparisons to find the maximum among several encrypted data, so we make a modification to our protocol to solve the multiple comparisons problem. Such a secure comparison is an important building block for applications like privacy preserving data mining and secure business. Also our protocols can be performed in constant rounds and do not use general circuit evaluation techniques so they are more efficient than circuit based ones but not general. Implementation is easy and fast.

Lecture Notes in Computer Science, 2012

We propose a general multiparty computation protocol secure against an active adversary corrupting up to n − 1 of the n players. The protocol may be used to compute securely arithmetic circuits over any finite field F p k. Our protocol consists of a preprocessing phase that is both independent of the function to be computed and of the inputs, and a much more efficient online phase where the actual computation takes place. The online phase is unconditionally secure and has total computational (and communication) complexity linear in n, the number of players, where earlier work was quadratic in n. Moreover, the work done by each player is only a small constant factor larger than what one would need to compute the circuit in the clear. We show this is optimal for computation in large fields. In practice, for 3 players, a secure 64-bit multiplication can be done in 0.05 ms. Our preprocessing is based on a somewhat homomorphic cryptosystem. We extend a scheme by Brakerski et al., so that we can perform distributed decryption and handle many values in parallel in one ciphertext. The computational complexity of our preprocessing phase is dominated by the public-key operations, we need O(n 2 /s) operations per secure multiplication where s is a parameter that increases with the security parameter of the cryptosystem. Earlier work in this model needed Ω(n 2) operations. In practice, the preprocessing prepares a secure 64-bit multiplication for 3 players in about 13 ms.

Lecture Notes in Computer Science, 2008

The universally composable cryptographic library by Backes, Pfitzmann and Waidner provides Dolev-Yao-like, but cryptographically sound abstractions to common cryptographic primitives like encryptions and signatures. The library has been used to give the correctness proofs of various protocols; while the arguments in such proofs are similar to the ones done with the Dolev-Yao model that has been researched for a couple of decades already, the conclusions that such arguments provide are cryptographically sound. Various interesting protocols, for example e-voting, make extensive use of primitives that the library currently does not provide. The library can certainly be extended, and in this paper we provide one such extensionwe add threshold homomorphic encryption to the universally composable cryptographic library and demonstrate its usefulness by (re)proving the security of a well-known e-voting protocol.

International Journal of Applied Cryptography, 2014

When processing data in the encrypted domain, homomorphic encryption can be used to enable linear operations on encrypted data. Integer division of encrypted data however requires an additional protocol between the client and the server and will be relatively expensive. We present new solutions for dividing encrypted data in the semi-honest model using homomorphic encryption and additive blinding, having low computational and communication complexity. In most of our protocols we assume the divisor is publicly known. The division result is not only computed exactly, but may also be approximated leading to further improved performance. The idea of approximating the result of an integer division is extended to similar results for secure comparison, secure minimum, and secure maximum in the client-server model, yielding new efficient protocols with demonstrated application in biometrics. The exact minimum protocol is shown to outperform existing approaches. . He is also affiliated as a Senior Researcher with the Multimedia Signal Processing group of Delft University of Technology, and has specialised in applications of cryptography. This paper is a revised and expanded version of a paper entitled 'Encrypted integer division' presented at IEEE Workshop on Information Forensics and Security, Seattle, December 2010.

Lecture Notes in Computer Science, 2017

In this article, a new oblivious transfer (OT) protocol, secure in the presence of erasure-free one-sided active adaptive adversaries is presented. The new bit OT protocol achieves better communication complexity than the existing bit OT protocol in this setting. The new bit OT protocol requires fewer number of public key encryption operations than the existing bit OT protocol in this setting. As a building block, a new two-party lossy threshold homomorphic public key cryptosystem is designed. It is secure in the same adversary model. It is of independent interest. Definition 2. (Lossy Threshold PKE Scheme Secure against Erasure-Free One-Sided Active Adaptive Adversaries) A lossy threshold PKE scheme secure against erasure-free one-sided active adaptive adversaries for the set of parties P = {P 1 , P 2 }, and security parameter n, is a 4-tuple (K, KG, E, Π DEC) having the following properties. Key Space: The key space K is a family of finite sets (pk, sk 1 , sk 2). pk is the public key and sk i is the secret key share of P i. Let M pk denote the message space for public key pk. Key Generation: There exists a probabilistic polynomial-time key generation algorithm KG, which, on input (1 n , mode), generates public output pk and a list {vk, vk 1 , vk 2 } of verification keys, and secret output sk i for P i , where (pk, sk 1 , sk 2) ∈ K. By setting mode to zero and one, key in lossy mode and injective mode can be generated, respectively. vk is called the verification key, vk i is called the verification key of P i. Encryption: There exists a probabilistic polynomial-time encryption algorithm E, which, on input pk, m ∈ M pk , r $ ← coins(E), outputs an encryption c = E pk (m, r) of m. Decryption: There exists a two-party decryption protocol Π DEC secure against erasure-free one-sided active adaptive adversaries. On common public input (c, pk, vk, vk 1 , vk 2), and secret input sk i for each P i , i ∈ {1, 2}, where sk i is the secret key share of P i for the public key pk (as generated by KG), and c is an encrypted message, Π DEC returns a message m, or the symbol ⊥ denoting a decryption failure, as a common public output.

IEEE Journal of Selected Topics in Signal Processing, 2015

Due to high complexity, comparison protocols with secret inputs have been a bottleneck in the design of privacypreserving cryptographic protocols. Different solutions based on homomorphic encryption, garbled circuits and secret sharing techniques have been proposed over the last few years, each claiming high efficiency. Unfortunately, a fair comparison of existing protocols in terms of run-time, bandwidth requirement and round complexity has been lacking so far. In this paper, we analyse the state-of-the-art comparison protocols for a twoparty setting in the semi-honest security protocol. We analyse their performances in three stages, namely initialization, preprocessing and online computation, by implementing them on a single platform. The results of our experiments provide a clear insight for the research community into the advantages and disadvantages of the various techniques. This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication.

Theory of Cryptography, 2006

We propose a method for compiling a class of Σ-protocols (3-move public-coin protocols) into non-interactive zero-knowledge arguments. The method is based on homomorphic encryption and does not use random oracles. It only requires that a private/public key pair is set up for the verifier. The method applies to all known discrete-log based Σ-protocols. As applications, we obtain non-interactive threshold RSA without random oracles, and non-interactive zero-knowledge for NP more efficiently than by previous methods. Research conducted while visiting BRICS.

Mathematical and Computer Modelling, 2013

This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a Proof Certificate standard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline.

2019

This dissertation includes four contributions concerning secure multiparty computation. The first contribution is a new lossy threshold encryption scheme. This is the first encryption scheme that is both a lossy and a threshold encryption scheme. The second contribution is a new oblivious transfer protocol secure against erasure-free one-sided active adaptive adversaries. The third contribution is a new two-party computation protocol for the evaluation of boolean circuits that is secure against erasure-free one-sided active adaptive adversaries. As a building block of this protocol, a new cut-and-choose oblivious transfer protocol is designed. The fourth contribution is a new multiparty computation protocol for the evaluation of arithmetic circuits that is secure against covert adversaries. Protocols that are part of the second, third and fourth contributions improve the communication complexity, the number of public key encryption operations and the number of exponentiation operati...

Lecture Notes in Computer Science, 2006

We consider the problem of comparing two encrypted numbers and its extension-transferring one of the two secrets, depending on the result of comparison. We show how to efficiently apply our solutions to practical settings, such as auctions with the semi-honest auctioneer, proxy selling, etc. We propose a new primitive, Conditional Encrypted Mapping, which captures common security properties of one round protocols in a variety of settings, which may be of independent interest.