Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [function-evaluation]

Calculating the value of a function for given inputs, especially, in the context of secure multi-party computation and/or homomorphic encryption, without disclosing the inputs to some or all parties carrying out the calculation.

In the context of secure multi-party computation and homomorphic encryption, function evaluation refers to calculating the value of an arbitrary function for given inputs, typically without disclosing what those inputs are to some or all parties actually carrying out the calculation.

24 questions
18
votes
2 answers

Why use a 1-2 Oblivious Transfer instead of a 1 out of n Oblivious Transfer?

When initiating an oblivious transfer, why would someone use a 1-2 oblivious transfer rather than going for an 1 out of n oblivious transfer? Perhaps a slight time overhead for the extra message encrypts, but with everything as fast as it is these…
Jeremy L
  • 283
  • 1
  • 6
17
votes
1 answer

Representing a function as FHE circuit

I am actually trying to study homomorphic encryption (on lattices) but I'm facing a problem. Every paper that I have read so far talk about writing the function to evaluate on ciphertexts as a circuit, either boolean or arithmetic according to our…
Binou
  • 448
  • 5
  • 14
11
votes
0 answers

Share Conversion between Different Finite Fields

Let us have any linear secret sharing scheme (LSSS) that works on some field $Z_{p}$, where p is some prime or a power of a prime e.g., Shamir Secret Sharing, Additive secret Sharing. The problem at hand is simple, for any secret shared value in…
DaWNFoRCe
  • 892
  • 7
  • 17
10
votes
3 answers

What criteria make the theta step of Keccak's round function reversible?

From what I've been reading, Keccak's round function is reversible. That's pretty obvious for the $\rho$, $\pi$ and $\iota$ transforms. For $\chi$ to be reversible, $x$'s range has to be odd — but that's alright since Keccak's $x$ has a range of 5.…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
9
votes
3 answers

How hard is to invert the function that computes the middle-bits of (x^2)?

I'm designing a function f that should be moderately hard to invert and very fast to evaluate in a modern CPU. The function will be used in a proof-of-work function. I've read that the middle-bits of multiplication are the harder bits to obtain, so…
SDL
  • 1,927
  • 13
  • 25
6
votes
2 answers

SPDZ for the 2-party case

There exist protocols for 2-party computation e.g., GMW that use Boolean circuits. I could also use Paillier and arithmetic circuits for a 2 party computation. However after reading about SPDZ is my understanding I could use it to do 2-party…
DaWNFoRCe
  • 892
  • 7
  • 17
6
votes
2 answers

Alternatives to FHE for secure function evaluation

As a followup to a previous question I asked which was more related to Fully Homomorphic Encryption (FHE), what other cryptographic methods are available for computing a private function on public and/or private input? And, what are the…
mikeazo
  • 39,117
  • 9
  • 118
  • 183
4
votes
1 answer

What's efficient MPC protocol for determining if sum's bigger than y?

My secure multi-party computation (MPC) in need is simply to determine if a sum of two private variable is bigger than a given value $y$, as $f(x_0, x_1) = [(x_0 + x_1) > y]$ in which the value of sum itself (i.e., $x_0+x_1$) is deemed private and…
Richard
  • 223
  • 1
  • 4
4
votes
1 answer

How can Garbled Circuits be utilized to reduce the round complexity of GMW?

I've been reading this set of notes on some topics in MPC and am having difficulty understanding the transformation the authors make in order to reduce the round complexity of the GMW protocol through applying garbled circuits. In particular, the…
Lt. Commander. Data
  • 223
  • 1
  • 7
3
votes
1 answer

What security does the BMR protocol offer against corruption?

I've been conducting some research into general-purpose MPC protocols and have been unable to pinpoint the exact security offered by the BMR protocol. The reference I've been using for the majority of my research is “A pragmatic introduction to…
YGrade
  • 33
  • 3
3
votes
0 answers

Usage of the nth-root function in cryptography

Having offered a fast integer nth-root algorithm to a bigint library that is also used for cryptography I was asked if it does its work in constant time, so I took a look at the literature to see how other programmers solved that problem and…
deamentiaemundi
  • 173
  • 5
3
votes
2 answers

Background for modular arithmetic function

I'm investigating this function: $a := ((b\cdot c) \bmod k) - (b \cdot c)/k$ where $/$ indicates integer division. Two things I've noticed: It's equivalent to multiplying a·b, and then subtracting the high digits from the low digits (in a radix…
S. Robert James
  • 329
  • 4
  • 8
3
votes
1 answer

Can big numbers multiplication be a valid form of encryption?

I have a vector of int called $Xreg = [x1, x2, ..., xn]$ that I need to send from a client to a server for storage in a database. If an attacker gains access to the database or the server he shouldn't be able to recover the original vector $Xreg$.…
user3336797
  • 53
  • 4
3
votes
1 answer

Fully Homomorphic Encryption over the Integers - perform an operation on an encrypted data

In Fully Homomorphic Encryption scheme represented here Fully Homomorphic Encryption over the Integers In the Evaluate process (see section “3.1 The Construction” of the paper): $$Evaluate(pk, C, c1, \dots , ct):$$ Now… If I want to do some…
Mohamed Adel Ismail
  • 39
  • 3
2
votes
0 answers

Some questions about the book "Tutorials on the foundations of cryptography: dedicated to Oded Goldreich"

The proof of Theorem 5.2.13 : For semantic security, the author wrote "$m_1 \leftarrow {\rm Sim_1}(1^\lambda)$". I think it may contradict with the security requirement defined in Definition 5.2.11 and Definition 5.2.12 where it is required that…
laolien
  • 51
  • 3
1
2