Verifiable Rotation of Homomorphic Encryptions

Hoogh, Sebastiaan de; Schoenmakers, Berry; Škorić, Boris; Villegas, José

doi:10.1007/978-3-642-00468-1_22

Cited by 6 publications

(4 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, encryption schemes with IND-CCA security are not flexible enough to be used in these scenarios. The primitive of homomorphic encryption enables blind transformations on plaintexts via (possibly different) algebraic operations on ciphertexts [16,6]. Depending upon the specific viewpoint, this is either a positive or a negative attribute of a cryptosystem.…”

Section: Homomorphic Encryptionmentioning

confidence: 99%

Discrete logarithm based additively homomorphic encryption and secure data aggregation

Wang

Pan

et al. 2011

Information Sciences

View full text Add to dashboard Cite

Section: Homomorphic Encryptionmentioning

confidence: 99%

Discrete logarithm based additively homomorphic encryption and secure data aggregation

Wang

Pan

et al. 2011

Information Sciences

View full text Add to dashboard Cite

“…12 in Appendix C. Efficient instantiations of the corresponding ZKPs are known. For example, one can use the technique of verifiable rotation of HE ciphertexts [18] to instantiate the second statement.…”

Section: Upgrading the Sub-protocolsmentioning

confidence: 99%

Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation

Jack

Tai

Zhao

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Decision trees are popular machine-learning classification models due to their simplicity and effectiveness. Tai et al. (ESORICS '17) propose a privacy-preserving decision-tree evaluation protocol purely based on additive homomorphic encryption, without introducing dummy nodes for hiding the tree structure, but it runs a secure comparison for each decision node, resulting in linear complexity. Later protocols (DBSEC '18, PETS '19) achieve sublinear (client-side) complexity, yet the server-side path evaluation requires oblivious transfer among 2 d real and dummy nodes even for a sparse tree of depth d to hide the tree structure. This paper aims for the best of both worlds and hence the most lightweight protocol to date. Our complete-tree protocol can be easily extended to the sparse-tree setting and the reusable outsourcing setting: a model owner (resp. client) can outsource the decision tree (resp. attributes) to two non-colluding servers for classifications. The outsourced extension supports multi-client joint evaluation, which is the first of its kind without using multikey fully-homomorphic encryption (TDSC '19). We also extend our protocol for achieving privacy against malicious adversaries. Our experiments compare in various network settings our offline and online communication costs and the online computation time with the prior sublinear protocol of Tueno et al. (PETS '19) and O(1)-round linear protocols of Kiss et al. (PETS '19), which can be seen as garbled circuit variants of Tai et al.'s. Our protocols are shown to be desirable for IoT-like scenarios with weak clients and big-data scenarios with high-dimensional feature vectors.

show abstract

“…Furukawa and Sako [FS01] used a commitment to a permutation matrix and Neff [Nef01] used unique factorisation of polynomials to prove a shuffle of ElGamal ciphertexts with improved efficiency. Efficient arguments and proofs have also been devised in the case that the shuffle is restricted to a subset of permutations [RW04,dHSŠV09]. Generic techniques may be used to further optimise the above proofs, including pre-computation of re-encryption factors, fixed base and multi-exponentiation and batch proof techniques [BGR98] and PRGs for challenge generation.…”

Section: Improving the Efficiency And Robustness Of Mixnetsmentioning

confidence: 99%

Efficiently Shuffling in Public

Parampalli

Ramchen

Teague

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We revisit shuffling in public [AW07a], a scheme which allows a shuffle to be precomputed. We show how to obfuscate a Paillier shuffle with O(N log 3.5 N) exponentiations, leading to a very robust and efficient mixnet: when distributed over O(N) nodes the mixnet achieves mixing in polylogarithmic time, independent of the level of privacy or verifiability required. Our construction involves the use of layered Paillier applied to permutation networks. With an appropriate network the shuffle may be confined to a particular subset of permutations, for example to rotations. While it is possible that the mixnet may produce biased output, we show that certain networks lead to an acceptable bias-efficiency tradeoff.

show abstract

Verifiable Rotation of Homomorphic Encryptions

Cited by 6 publications

References 26 publications

Discrete logarithm based additively homomorphic encryption and secure data aggregation

Discrete logarithm based additively homomorphic encryption and secure data aggregation

Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation

Efficiently Shuffling in Public

Contact Info

Product

Resources

About