Paper 2017/756
Verifiable Private Polynomial Evaluation
Xavier Bultel, Manik Lal Das, Hardik Gajera, David Gérault, Matthieu Giraud, and Pascal Lafourcade
Abstract
Delegating the computation of a polynomial to a server in a verifiable way is challenging. An even more challenging problem is ensuring that this polynomial remains hidden to clients who are able to query such a server. In this paper, we formally define the notion of \emph{Private Polynomial Evaluation} (PPE). Our main contribution is to design a rigorous security model along with relations between the different security properties. We define \emph{polynomial protection} (PP), \emph{proof unforgeability} (UNF), and \emph{indistinguishability against chosen function attack} (INDCFA), which formalizes the resistance of a PPE against attackers trying to guess which polynomial is used among two polynomials of their choice. As a second contribution, we give a cryptanalysis of two PPE schemes of the literature. Finally, we design a PPE scheme called PIPE and we prove that it is PP-, UNF- and INDCFA-secure under the decisional Diffie-Hellman assumption in the random oracle model.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. ProvSec 2017
- Keywords
- verifiable computationprivate polynomialsecurity modelscloud
- Contact author(s)
- matthieu giraud @ uca fr
- History
- 2017-08-07: received
- Short URL
- https://ia.cr/2017/756
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/756,
author = {Xavier Bultel and Manik Lal Das and Hardik Gajera and David Gérault and Matthieu Giraud and Pascal Lafourcade},
title = {Verifiable Private Polynomial Evaluation},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/756},
year = {2017},
url = {https://eprint.iacr.org/2017/756}
}
