An optimal distributed discrete log protocol with applications to homomorphic secret sharing

Itai Dinur, Nathan Keller, Ohad Klein

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

The distributed discrete logarithm (DDL) problem was introduced by Boyle et al. at CRYPTO 2016. A protocol solving this problem was the main tool used in the share conversion procedure of their homomorphic secret sharing (HSS) scheme which allows non-interactive evaluation of branching programs among two parties over shares of secret inputs. Let g be a generator of a multiplicative group G. Given a random group element gx and an unknown integer (formula presented) for a small M, two parties A and B (that cannot communicate) successfully solve DDL if (formula presented). Otherwise, the parties err. In the DDL protocol of Boyle et al., A and B run in time T and have error probability that is roughly linear in M/T. Since it has a significant impact on the HSS scheme’s performance, a major open problem raised by Boyle et al. was to reduce the error probability as a function of T. In this paper we devise a new DDL protocol that substantially reduces the error probability to O(M· T-2). Our new protocol improves the asymptotic evaluation time complexity of the HSS scheme by Boyle et al. on branching programs of size S from O(S2) to O(S3/2). We further show that our protocol is optimal up to a constant factor for all relevant cryptographic group families, unless one can solve the discrete logarithm problem in a short interval of length R in time (formula presented). Our DDL protocol is based on a new type of random walk that is composed of several iterations in which the expected step length gradually increases. We believe that this random walk is of independent interest and will find additional applications.

Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings
EditorsHovav Shacham, Alexandra Boldyreva
PublisherSpringer Verlag
Pages213-242
Number of pages30
ISBN (Print)9783319968773
DOIs
StatePublished - 2018
Event38th Annual International Cryptology Conference, CRYPTO 2018 - Santa Barbara, United States
Duration: 19 Aug 201823 Aug 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10993 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference38th Annual International Cryptology Conference, CRYPTO 2018
Country/TerritoryUnited States
CitySanta Barbara
Period19/08/1823/08/18

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2018.

Funding

This research was supported by the European Research Council under the ERC starting grant agreement no. 757731 (LightCrypt) and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The first author was additionally supported by the Israeli Science Foundation through grant No. 573/16. The authors would like to thanks Elette Boyle, Niv Gilboa, Yuval Ishai and Yehuda Lindell for discussions and helpful suggestions regarding this work. This research was supported by the European Research Council under the ERC starting grant agreement no. 757731 (LightCrypt) and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The first author was additionally supported by the Israeli Science Foundation through grant No. 573/16.

FundersFunder number
Israeli Science Foundation573/16
United States-Israel Binational Science Foundation
Horizon 2020 Framework Programme
European Commission757731
Israel Science Foundation

    Keywords

    • Discrete logarithm
    • Discrete logarithm in a short interval
    • Fully homomorphic encryption
    • Homomorphic secret sharing
    • Random walk
    • Share conversion

    Fingerprint

    Dive into the research topics of 'An optimal distributed discrete log protocol with applications to homomorphic secret sharing'. Together they form a unique fingerprint.

    Cite this