Paper 2021/1682

Making Private Function Evaluation Safer, Faster, and Simpler

Yi Liu, Qi Wang, and Siu-Ming Yiu


In the problem of two-party \emph{private function evaluation} (PFE), one party $P_A$ holds a \emph{private function} $f$ and (optionally) a private input $x_A$, while the other party $P_B$ possesses a private input $x_B$. Their goal is to evaluate $f$ on $x_A$ and $x_B$, and one or both parties may obtain the evaluation result $f(x_A, x_B)$ while no other information beyond $f(x_A, x_B)$ is revealed. In this paper, we revisit the two-party PFE problem and provide several enhancements. We propose the \emph{first} constant-round actively secure PFE protocol with linear complexity. Based on this result, we further provide the \emph{first} constant-round publicly verifiable covertly (PVC) secure PFE protocol with linear complexity to gain better efficiency. For instance, when the deterrence factor is $\epsilon = 1/2$, compared to the passively secure protocol, its communication cost is very close and its computation cost is around $2.6\times$. In our constructions, as a by-product, we design a specific protocol for proving that a list of ElGamal ciphertexts is derived from an \emph{extended permutation} performed on a given list of elements. It should be noted that this protocol greatly improves the previous result and may be of independent interest. In addition, a reusability property is added to our two PFE protocols. Namely, if the same function $f$ is involved in multiple executions of the protocol between $P_A$ and $P_B$, then the protocol could be executed more efficiently from the second execution. Moreover, we further extend this property to be \emph{global}, such that it supports multiple executions for the same $f$ in a reusable fashion between $P_A$ and \emph{arbitrary} parties playing the role of $P_B$.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in PKC 2022
Extended permutationPrivate function evaluationPublicly verifiable covert securitySecure two-party computation
Contact author(s)
liuy7 @ mail sustech edu cn
2021-12-24: revised
2021-12-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yi Liu and Qi Wang and Siu-Ming Yiu},
      title = {Making Private Function Evaluation Safer, Faster, and Simpler},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1682},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.