CASTAGNOS, Guilhem; IMBERT, Laurent; LAGUILLAUMIE, Fabien

doi:10.1007/978-3-319-63688-7_9

Métadonnées

Afficher la notice complète

Licence d’utilisation du document

CASTAGNOS, Guilhem
Lithe and fast algorithmic number theory [LFANT]

IMBERT, Laurent
Exact Computing [ECO]

LAGUILLAUMIE, Fabien
Arithmetic and Computing [ARIC]

Langue

Communication dans un congrès

Ce document a été publié dans

37th International Cryptology Conference, 37th International Cryptology Conference, CRYPTO 2017, 2017-08-20, Santa Barbara. 2017, vol. LNCS, n° 10401, p. 255-287

Résumé en anglais

At CRYPTO 2016, Couteau, Peters and Pointcheval introduced a new primitive called encryption switching protocols, allowing to switch ciphertexts between two encryption schemes. If such an ESP is built with two schemes that are respectively additively and multiplica-tively homomorphic, it naturally gives rise to a secure 2-party computation protocol. It is thus perfectly suited for evaluating functions, such as multivariate polynomials, given as arithmetic circuits. Couteau et al. built an ESP to switch between Elgamal and Paillier encryptions which do not naturally fit well together. Consequently, they had to design a clever variant of Elgamal over Z/nZ with a costly shared decryption. In this paper, we first present a conceptually simple generic construction for encryption switching protocols. We then give an efficient instantiation of our generic approach that uses two well-suited protocols, namely a variant of Elgamal in Z/pZ and the Castagnos-Laguillaumie encryption which is additively homomorphic over Z/pZ. Among other advantages, this allows to perform all computations modulo a prime p instead of an RSA modulus. Overall, our solution leads to significant reductions in the number of rounds as well as the number of bits exchanged by the parties during the interactive protocols. We also show how to extend its security to the malicious setting.< Réduire

Mots clés en anglais

Malicious adversary

Homomorphic encryption

Encryption switching protocols

Two-party computation

URI

https://oskar-bordeaux.fr/handle/20.500.12278/193566

DOI

http://dx.doi.org/10.1007/978-3-319-63688-7_9

Project ANR

AppLicAtions de la MalléaBIlité en Cryptographie - ANR-16-CE39-0006

Origine

Importé de hal

Unités de recherche

Institut de Mathématiques de Bordeaux (IMB) - UMR 5251