Modulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis
نویسندگان
چکیده
For the homomorphic Paillier cryptosystem we construct a protocol for secure modulo reduction, that on input of an encryption JxK with x of bit length `x and a public ‘modulus’ a of bit length `a outputs an encryption Jx mod aK. As a result, a protocol for computing an encrypted integer division Jxdiv aK is obtained. Surprisingly, efficiency of the protocol is independent of `x: the broadcast complexity of the protocol varies between O(nk`a) and O(n k`a), for n parties and security parameter k, and it is very efficient in case of small `a (in practical cases `a often is much smaller than `x). Our protocol allows for efficient multiparty computation of statistics such as the mean, the variance and the median, and it is therefore very applicable to surveys for the benefit of statistical analysis.
منابع مشابه
Encryption Switching Protocols Revisited: Switching Modulo p
At CRYPTO 2016, Couteau, Peters and Pointcheval introduced a new primitive called encryption switching protocols, allowing to switch ciphertexts between two encryption schemes. If such an ESP is built with two schemes that are respectively additively and multiplicatively homomorphic, it naturally gives rise to a secure 2-party computation protocol. It is thus perfectly suited for evaluating fun...
متن کاملOn Secure Two-Party Integer Division
We consider the problem of secure integer division: given two Paillier encryptions of `-bit values n and d, determine an encryption of b d c without leaking any information about n or d. We propose two new protocols solving this problem. The first requires O(`) arithmetic operation on encrypted values (secure addition and multiplication) in O(1) rounds. This is the most efficient constant-round...
متن کاملEfficient Binary Conversion for Paillier Encrypted Values
We consider the framework of secure n-party computation based on threshold homomorphic cryptosystems as put forth by Cramer, Damg̊ard, and Nielsen at Eurocrypt 2001. When used with Paillier’s cryptosystem, this framework allows for efficient secure evaluation of any arithmetic circuit defined over ZN , where N is the RSA modulus of the underlying Paillier cryptosystem. In this paper, we extend t...
متن کاملSub-linear, Secure Comparison with Two Non-colluding Parties
The classic problem in the field of secure computation is Yao’s millionaires’ problem; we consider two new protocols solving a variation of this: a number of parties, P1, . . . , Pn, securely hold two `bit values, x and y – e.g. x and y could be encrypted or secret shared. They wish to obtain a bit stating whether x is greater than y using only secure arithmetic; this should be done without rev...
متن کاملA Provably Secure Elliptic Curve Scheme with Fast Encryption
We present a new elliptic curve cryptosystem with fast encryption and key generation, which is provably secure in the standard model. The scheme uses arithmetic modulo n, where n is an RSA modulus, and merges ideas from Paillier and Rabin related schemes. Despite the typical bit length of n, our encryption algorithm is faster than El Gamal elliptic curve cryptosystems. The one-wayness of the ne...
متن کامل