Cryptology ePrint Archive: Report 2005/378
A New Protocol for Conditional Disclosure of Secrets And Its Applications
Sven Laur and Helger Lipmaa
Abstract: Many protocols that are based on homomorphic encryption are private only if a client submits inputs from a limited range $S$. Conditional disclosure of secrets (CDS) helps to overcome this restriction. In a CDS protocol for a set $S$, the client obtains server's secret if and only if the client's inputs belong to $S$ and thus the server can guard itself against malformed queries. We extend the existing CDS protocols to work over additively homomorphic cryptosystems for every set from $NP/poly$. The new construction is modular and easy to apply. As an example, we derive a new oblivious transfer protocol with log-squared communication and a millionaire's protocol with logarithmic communication. We also implement private, universally verifiable and robust multi-candidate electronic voting so that all voters only transmit an encryption of their vote. The only hardness assumption in all these protocols is that the underlying public-key cryptosystem is IND-CPA secure and the plaintext order does not have small factors.
Category / Keywords: cryptographic protocols/Conditional disclosure of secrets, crypto-computing, homomorphic encryption, oblivious transfer, two-party computation
Publication Info: ACNS 2007
Date: received 20 Oct 2005, last revised 20 Mar 2007
Contact author: h lipmaa at cs ucl ac uk
Available formats: PDF | BibTeX Citation
Note: The main results of this paper (the new DIE protocol, CDS protocol, CDS transformation) date from August 2004. First eprint version (20.10.2005) was a delibrately old version from May 2005. Second eprint version (21.11.2005): better readability, more applications, more general. Third eprint version (08.08.2006): this version has better readability. The most important additions: the use of Elliptic Curve Method of factoring to achieve additional security, and the unified explanation of several protocols by using a forked compostion together with a communication-efficient CPIR, see Thm 2. Fourth eprint version (March 2007): corresponds to the published version. No new contents, better readability.
Version: 20070320:202848 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]