TY - GEN
T1 - Non-interactive and fully output expressive private comparison
AU - Ishimaki, Yu
AU - Yamana, Hayato
N1 - Funding Information:
This work was supported by JST CREST Grant Number JPMJCR1503, Japan and Japan-US Network Opportunity 2 by the Commissioned Research of National Institute of Information and Communications Technology (NICT), JAPAN. The authors would like to thank Kurt Rohloff and Yuriy Polyakov for their supports for PALISADE library.
Funding Information:
Acknowledgment. This work was supported by JST CREST Grant Number JPMJCR1503, Japan and Japan-US Network Opportunity 2 by the Commissioned Research of National Institute of Information and Communications Technology (NICT), JAPAN. The authors would like to thank Kurt Rohloff and Yuriy Polyakov for their supports for PALISADE library.
Publisher Copyright:
© 2018, Springer Nature Switzerland AG.
PY - 2018
Y1 - 2018
N2 - Private comparison protocols are fundamental to the field of secure computation. Recently, Lu et al. (ASIACCS 2018) proposed a new protocol, XCMP,, which is based on a ring-based fully homomorphic encryption (FHE) scheme. In that scheme, two μ-bit integers a and b are compared in encrypted form without revealing the plaintext to an evaluator. The protocol outputs a bit in encrypted form, which indicates whether a > b. XCMP has the following three advantages: the output can be reused for further processing, the evaluation is performed without any interactions with a decryptor having a secret key, and the required multiplicative depth is only 1. However, XCMP has two potential disadvantages. First, the protocol result preserves both additive and multiplicative homomorphisms over ℤ t only, whereas the underlying FHE scheme can support a much larger plaintext space of (Formula Presented) for a prime t and a power-of-two N; this restricts the functionality of applications using the comparison result. Second, the bit length μ of the integers to be compared is no more than log N (typically 16 bits, at most). Thus, it is difficult for XCMP to handle larger integers. In this paper, we propose a non-interactive private comparison protocol that solves the aforementioned problems and outputs an additively and multiplicatively reusable comparison result over the ring without adding an extremely large computational overhead over XCMP. Moreover, by regarding a μ (>16 -bit integer as a sequence of chunks, we show that the multiplicative depth required for our comparison protocol is logarithmic in the number of chunks. This value is much smaller than the naïve solution with a multiplicative depth of log μ. Experiment results demonstrate that our protocol introduces a subtle overhead over XCMP. Remarkably, we experimentally demonstrate that our protocol for a larger domain is comparable to the construction given by one of the state-of-the-art bitwise FHE schemes.
AB - Private comparison protocols are fundamental to the field of secure computation. Recently, Lu et al. (ASIACCS 2018) proposed a new protocol, XCMP,, which is based on a ring-based fully homomorphic encryption (FHE) scheme. In that scheme, two μ-bit integers a and b are compared in encrypted form without revealing the plaintext to an evaluator. The protocol outputs a bit in encrypted form, which indicates whether a > b. XCMP has the following three advantages: the output can be reused for further processing, the evaluation is performed without any interactions with a decryptor having a secret key, and the required multiplicative depth is only 1. However, XCMP has two potential disadvantages. First, the protocol result preserves both additive and multiplicative homomorphisms over ℤ t only, whereas the underlying FHE scheme can support a much larger plaintext space of (Formula Presented) for a prime t and a power-of-two N; this restricts the functionality of applications using the comparison result. Second, the bit length μ of the integers to be compared is no more than log N (typically 16 bits, at most). Thus, it is difficult for XCMP to handle larger integers. In this paper, we propose a non-interactive private comparison protocol that solves the aforementioned problems and outputs an additively and multiplicatively reusable comparison result over the ring without adding an extremely large computational overhead over XCMP. Moreover, by regarding a μ (>16 -bit integer as a sequence of chunks, we show that the multiplicative depth required for our comparison protocol is logarithmic in the number of chunks. This value is much smaller than the naïve solution with a multiplicative depth of log μ. Experiment results demonstrate that our protocol introduces a subtle overhead over XCMP. Remarkably, we experimentally demonstrate that our protocol for a larger domain is comparable to the construction given by one of the state-of-the-art bitwise FHE schemes.
KW - Homomorphic encryption
KW - Non-interactive private comparison
KW - Secure computation
UR - http://www.scopus.com/inward/record.url?scp=85058532372&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85058532372&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-05378-9_19
DO - 10.1007/978-3-030-05378-9_19
M3 - Conference contribution
AN - SCOPUS:85058532372
SN - 9783030053772
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 355
EP - 374
BT - Progress in Cryptology – INDOCRYPT 2018 - 19th International Conference on Cryptology in India, Proceedings
A2 - Chakraborty, Debrup
A2 - Iwata, Tetsu
PB - Springer Verlag
T2 - 19th International Conference on Cryptology in India, INDOCRYPT 2018
Y2 - 9 December 2018 through 12 December 2018
ER -