TY - GEN

T1 - Homomorphic secret sharing

T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017

AU - Boyle, Elette

AU - Couteau, Geoffroy

AU - Gilboa, Niv

AU - Ishai, Yuval

AU - Orrù, Michele

N1 - Funding Information:
First author supported by ISF grant 1861/16, AFOSR Award FA9550-17-1-0069, and ERC grant 307952.
Publisher Copyright:
© 2017 author(s).

PY - 2017/10/30

Y1 - 2017/10/30

N2 - We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0, x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm Eval such that for any function (or "program") P from a given class it holds that Eval(x0, P)+Eval(x1, P) = P (x). Boyle et al. show how to construct an HSS scheme for branching programs, with an inverse polynomial error, using discrete-log type assumptions such as DDH. We make two types of contributions. Optimizations. We introduce new optimizations that speed up the previous optimized implementation of Boyle et al. by more than a factor of 30, significantly reduce the share size, and reduce the rate of leakage induced by selective failure. Applications. Our optimizations are motivated by the observation that there are natural application scenarios in which HSS is useful even when applied to simple computations on short inputs. We demonstrate the practical feasibility of our HSS implementation in the context of such applications.

AB - We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0, x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm Eval such that for any function (or "program") P from a given class it holds that Eval(x0, P)+Eval(x1, P) = P (x). Boyle et al. show how to construct an HSS scheme for branching programs, with an inverse polynomial error, using discrete-log type assumptions such as DDH. We make two types of contributions. Optimizations. We introduce new optimizations that speed up the previous optimized implementation of Boyle et al. by more than a factor of 30, significantly reduce the share size, and reduce the rate of leakage induced by selective failure. Applications. Our optimizations are motivated by the observation that there are natural application scenarios in which HSS is useful even when applied to simple computations on short inputs. We demonstrate the practical feasibility of our HSS implementation in the context of such applications.

KW - Homomorphic Encryption

KW - Homomorphic Secret Sharing

KW - Private Information Retrieval

KW - Secure Computation

UR - http://www.scopus.com/inward/record.url?scp=85037841741&partnerID=8YFLogxK

U2 - 10.1145/3133956.3134107

DO - 10.1145/3133956.3134107

M3 - Conference contribution

AN - SCOPUS:85037841741

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2105

EP - 2122

BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 30 October 2017 through 3 November 2017

ER -