TY - GEN
T1 - Foundations of homomorphic secret sharing
AU - Boyle, Elette
AU - Gilboa, Niv
AU - Ishai, Yuval
AU - Lin, Huijia
AU - Tessaro, Stefano
N1 - Publisher Copyright:
© Elette Boyle, Niv Gilboa, Yuval Ishai, Huijia Lin, and Stefano Tessaro.
PY - 2018/1/1
Y1 - 2018/1/1
N2 - Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open. We initiate a systematic study of HSS, making the following contributions. A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework. Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer. Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic e ciency features under the Decision Di e Hellman (DDH) assumption. Second, we use HSS to obtain nearly.
AB - Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open. We initiate a systematic study of HSS, making the following contributions. A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework. Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer. Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic e ciency features under the Decision Di e Hellman (DDH) assumption. Second, we use HSS to obtain nearly.
KW - Communication complexity
KW - Cryptography
KW - Homomorphic secret sharing
KW - Secure computation
KW - Worst-case to average case reductions
UR - http://www.scopus.com/inward/record.url?scp=85041647451&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITCS.2018.21
DO - 10.4230/LIPIcs.ITCS.2018.21
M3 - Conference contribution
AN - SCOPUS:85041647451
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 9th Innovations in Theoretical Computer Science, ITCS 2018
A2 - Karlin, Anna R.
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
T2 - 9th Innovations in Theoretical Computer Science, ITCS 2018
Y2 - 11 January 2018 through 14 January 2018
ER -