Evaluating 2-DNF formulas on ciphertexts

Dan Boneh, Eu Jin Goh, Kobbi Nissim

Research output: Contribution to journalConference articlepeer-review

949 Scopus citations


Let ψ be a 2-DNF formula on boolean variables x1,...,x n ∈ {0,1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,...,xn. In other words, given the encryption of the bits x1,...,xn, anyone can create the encryption of ψ(x1,...,xn). More generally, we can evaluate quadratic multi-variate polynomials on ciphertexts provided the resulting value falls within a small set. We present a number of applications of the system:. 1. In a database of size n, the total communication in the basic step of the Kushilevitz-Ostrovsky PIR protocol is reduced from √n to 3√n. 2. An efficient election system based on homomorphic encryption where voters do not need to include non-interactive zero knowledge proofs that their ballots are valid. The election system is proved secure without random oracles but still efficient. 3. A protocol for universally verifiable computation.

Original languageEnglish
Pages (from-to)325-341
Number of pages17
JournalLecture Notes in Computer Science
StatePublished - 1 Jan 2005
EventSecond Theory of Cryptography Conference, TCC 2005 - Cambridge, MA, United States
Duration: 10 Feb 200512 Feb 2005

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'Evaluating 2-DNF formulas on ciphertexts'. Together they form a unique fingerprint.

Cite this