TY - GEN
T1 - Homomorphic secret sharing
T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
AU - Boyle, Elette
AU - Couteau, Geoffroy
AU - Gilboa, Niv
AU - Ishai, Yuval
AU - Orrù, Michele
N1 - Publisher Copyright: © 2017 author(s).
PY - 2017/10/30
Y1 - 2017/10/30
N2 - We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0, x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm Eval such that for any function (or "program") P from a given class it holds that Eval(x0, P)+Eval(x1, P) = P (x). Boyle et al. show how to construct an HSS scheme for branching programs, with an inverse polynomial error, using discrete-log type assumptions such as DDH. We make two types of contributions. Optimizations. We introduce new optimizations that speed up the previous optimized implementation of Boyle et al. by more than a factor of 30, significantly reduce the share size, and reduce the rate of leakage induced by selective failure. Applications. Our optimizations are motivated by the observation that there are natural application scenarios in which HSS is useful even when applied to simple computations on short inputs. We demonstrate the practical feasibility of our HSS implementation in the context of such applications.
AB - We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0, x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm Eval such that for any function (or "program") P from a given class it holds that Eval(x0, P)+Eval(x1, P) = P (x). Boyle et al. show how to construct an HSS scheme for branching programs, with an inverse polynomial error, using discrete-log type assumptions such as DDH. We make two types of contributions. Optimizations. We introduce new optimizations that speed up the previous optimized implementation of Boyle et al. by more than a factor of 30, significantly reduce the share size, and reduce the rate of leakage induced by selective failure. Applications. Our optimizations are motivated by the observation that there are natural application scenarios in which HSS is useful even when applied to simple computations on short inputs. We demonstrate the practical feasibility of our HSS implementation in the context of such applications.
KW - Homomorphic Encryption
KW - Homomorphic Secret Sharing
KW - Private Information Retrieval
KW - Secure Computation
UR - http://www.scopus.com/inward/record.url?scp=85037841741&partnerID=8YFLogxK
U2 - https://doi.org/10.1145/3133956.3134107
DO - https://doi.org/10.1145/3133956.3134107
M3 - Conference contribution
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 2105
EP - 2122
BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 30 October 2017 through 3 November 2017
ER -