TY - GEN
T1 - Foundations of homomorphic secret sharing
AU - Boyle, Elette
AU - Gilboa, Niv
AU - Ishai, Yuval
AU - Lin, Huijia
AU - Tessaro, Stefano
N1 - Funding Information:
† A full version of the paper is available at https://eprint.iacr.org/2017/1248. ‡ E. Boyle was supported by ISF grant 1861/16, AFOSR Award FA9550-17-1-0069, and ERC grants 307952, 742754. § N. Gilboa was supported by ISF grant 1638/15, a grant by the BGU Cyber Center by the European Union’s Horizon 2020 ICT program (Mikelangelo project), and ERC grant 742754. ¶ Y. Ishai was supported by ERC grant 742754, NSF-BSF grant 2015782, BSF grant 2012366, ISF grant 1709/14, DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the DARPA through the ARL under Contract W911NF-15-C-0205. † H. Lin was supported by NSF grants CNS-1528178, CNS-1514526, CNS-1652849 (CAREER), a Hellman Fellowship, the Defense Advanced Research Projects Agency (DARPA) and Army Research O ce (ARO) under Contract No. W911NF-15-C-0236, and a subcontract No. 2017-002 through Galois. S. Tessaro was supported by NSF grants CNS-1553758 (CAREER), CNS-1423566, CNS-1719146, CNS-1528178, and IIS-1528041, and by an Alfred P. Sloan Research Fellowship.
Publisher Copyright:
© Elette Boyle, Niv Gilboa, Yuval Ishai, Huijia Lin, and Stefano Tessaro.
PY - 2018/1/1
Y1 - 2018/1/1
N2 - Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open. We initiate a systematic study of HSS, making the following contributions. A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework. Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer. Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic e ciency features under the Decision Di e Hellman (DDH) assumption. Second, we use HSS to obtain nearly.
AB - Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open. We initiate a systematic study of HSS, making the following contributions. A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework. Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer. Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic e ciency features under the Decision Di e Hellman (DDH) assumption. Second, we use HSS to obtain nearly.
KW - Communication complexity
KW - Cryptography
KW - Homomorphic secret sharing
KW - Secure computation
KW - Worst-case to average case reductions
UR - http://www.scopus.com/inward/record.url?scp=85041647451&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITCS.2018.21
DO - 10.4230/LIPIcs.ITCS.2018.21
M3 - Conference contribution
AN - SCOPUS:85041647451
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 9th Innovations in Theoretical Computer Science, ITCS 2018
A2 - Karlin, Anna R.
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
T2 - 9th Innovations in Theoretical Computer Science, ITCS 2018
Y2 - 11 January 2018 through 14 January 2018
ER -