Paper 2017/756

Verifiable Private Polynomial Evaluation

Xavier Bultel, Manik Lal Das, Hardik Gajera, David Gérault, Matthieu Giraud, and Pascal Lafourcade

Abstract

Delegating the computation of a polynomial to a server in a verifiable way is challenging. An even more challenging problem is ensuring that this polynomial remains hidden to clients who are able to query such a server. In this paper, we formally define the notion of \emph{Private Polynomial Evaluation} (PPE). Our main contribution is to design a rigorous security model along with relations between the different security properties. We define \emph{polynomial protection} (PP), \emph{proof unforgeability} (UNF), and \emph{indistinguishability against chosen function attack} (INDCFA), which formalizes the resistance of a PPE against attackers trying to guess which polynomial is used among two polynomials of their choice. As a second contribution, we give a cryptanalysis of two PPE schemes of the literature. Finally, we design a PPE scheme called PIPE and we prove that it is PP-, UNF- and INDCFA-secure under the decisional Diffie-Hellman assumption in the random oracle model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ProvSec 2017
Keywords
verifiable computationprivate polynomialsecurity modelscloud
Contact author(s)
matthieu giraud @ uca fr
History
2017-08-07: received
Short URL
https://ia.cr/2017/756
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/756,
      author = {Xavier Bultel and Manik Lal Das and Hardik Gajera and David Gérault and Matthieu Giraud and Pascal Lafourcade},
      title = {Verifiable Private Polynomial Evaluation},
      howpublished = {Cryptology ePrint Archive, Paper 2017/756},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/756}},
      url = {https://eprint.iacr.org/2017/756}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.