Additively Homomorphic UC Commitments with Optimal Amortized Overhead

Cascudo, Ignacio; Damgård, Ivan; David, Bernardo; Giacomelli, Irene; Nielsen, Jesper Buus; Trifiletti, Roberto

doi:10.1007/978-3-662-46447-2_22

Cited by 20 publications

(34 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main goals of this paper are two: first, to give a description of the square C * 2 of a cyclic code C that facilitates the task of finding tight lower bounds for d(C * 2 ); second, to exploit this description in order to find families of cyclic codes with simultaneously "large" (with respect to its length) values of dim C and d(C * 2 ), with special focus on binary codes and on the range of parameters which is interesting for the applications in [7].…”

Section: Overview Of the Resultsmentioning

confidence: 99%

“…In order to justify the set of parameters this paper focuses on, some concrete applications are briefly mentioned now. First, cyclic codes played a central role in a construction of a cryptographic tool known as additively homomorphic universally composable secure commitment schemes [7]. This result requires binary codes C with certain fixed dim C and d(C) and, for those values, the shortest known codes are BCH codes, which are a family of cyclic codes.…”

Section: Applicationsmentioning

confidence: 99%

“…This result requires binary codes C with certain fixed dim C and d(C) and, for those values, the shortest known codes are BCH codes, which are a family of cyclic codes. The concrete parameters that are considered in [7], when comparing the performance of their construction with previous alternatives, are dim C = 256 and d(C) ≥ 120. However, the construction was further improved in [16,6] and it was shown that the same level of security can be achieved with a modified construction that only needs half the minimum distance.…”

Section: Applicationsmentioning

confidence: 99%

See 2 more Smart Citations

On Squares of Cyclic Codes

Cascudo

2019

IEEE Trans. Inform. Theory

Self Cite

View full text Add to dashboard Cite

The square C * 2 of a linear error correcting code C is the linear code spanned by the component-wise products of every pair of (non-necessarily distinct) words in C. Squares of codes have gained attention for several applications mainly in the area of cryptography, and typically in those applications one is concerned about some of the parameters (dimension, minimum distance) of both C * 2 and C. In this paper, motivated mostly by the study of this problem in the case of linear codes defined over the binary field, squares of cyclic codes are considered. General results on the minimum distance of the squares of cyclic codes are obtained and constructions of cyclic codes C with relatively large dimension of C and minimum distance of the square C * 2 are discussed. In some cases, the constructions lead to codes C such that both C and C * 2 simultaneously have the largest possible minimum distances for their length and dimensions. * Ignacio Cascudo is with the

show abstract

Section: Overview Of the Resultsmentioning

confidence: 99%

Section: Applicationsmentioning

confidence: 99%

Section: Applicationsmentioning

confidence: 99%

See 1 more Smart Citation

On Squares of Cyclic Codes

Cascudo

2019

IEEE Trans. Inform. Theory

Self Cite

View full text Add to dashboard Cite

show abstract

“…We give a presentation of the protocol and its security proof that is inspired by a recent work on homomorphic universally composable secure commitments [2]. As noted in [12], there is a strong similarity between the OT-extension protocol constructions in the aforementioned works and several protocol constructions in a line of work on homomorphic UC commitments [3,4,2]. In the first part of the OTextension protocol in [10], the base OT's are used for the receiver to eventually create an additive 1-out-of-2 sharing of each coordinate in the codewords encoding his selection, so that the sender learns exactly one share of each.…”

Section: Introductionmentioning

confidence: 99%

Actively Secure OT-Extension from q-ary Linear Codes

Cascudo

Christensen

Gundersen

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We consider recent constructions of 1-out-of-N OT-extension from Kolesnikov and Kumaresan (CRYPTO 2013) and from Orrù et al. (CT-RSA 2017), based on binary error-correcting codes. We generalize their constructions such that q-ary codes can be used for any prime power q. This allows to reduce the number of base 1-out-of-2 OT's that are needed to instantiate the construction for any value of N , at the cost of increasing the complexity of the remaining part of the protocol. We analyze these trade-offs in some concrete cases.The final authenticated publication is available online at https://doi.org/10.1007/ 978-3-319-98113-0 18 1 Update: In the published version of this work, we were unfortunately not aware of the results by Patra et al. [13]. The protocol in [13] differs from that by Orrù et al. [12] in the consistency check, where instead of sending full codewords, the receiver can send parity check bits, which results in a decreased communication complexity. The same modifications and comparisons that we describe for the protocol in [12] can also be applied to the one in [13] (in fact, our comparisons only take into account the encoding phase of the protocol, but not the consistency check). In order to avoid departing too much from the published version of this document, we keep the original description and add Remark 1 on page 15, where we describe how [13] differs from [12].

show abstract

“…They show how to get UC commitments with linear complexity for the verifier (linear in the size of the string committed to), but left it as an open problem to get linear complexity also for the prover. This problem was solved very recently by Cascudo et al in [1] using a new construction of a non-threshold LSSS and a new variant of the MPC-in-the-head paradigm.…”

Section: Applicationsmentioning

confidence: 99%

Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions

Cramer

Damgård

Döttling

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We present a novel method for constructing linear secret sharing schemes (LSSS) from linear error correcting codes and linear universal hash functions in a blackbox way. The main advantage of this new construction is that the privacy property of the resulting secret sharing scheme essentially becomes independent of the code we use, only depending on its rate. This allows us to fully harness the algorithmic properties of recent code constructions such as efficient encoding and decoding or efficient list-decoding. Choosing the error correcting codes and universal hash functions involved carefully, we obtain solutions to the following open problems:-A linear near-threshold secret sharing scheme with both linear time sharing and reconstruction algorithms and large secrets (i.e. secrets of size Ω(n)). Thus, the computational overhead per shared bit in this scheme is constant. -An efficiently reconstructible robust secret sharing scheme for n/3 ≤ t < (1 − ) · n/2 corrupted players (for any constant > 0) with shares of optimal size O(1 + λ/n) and secrets of size Ω(n + λ), where λ is the security parameter.

show abstract

Additively Homomorphic UC Commitments with Optimal Amortized Overhead

Cited by 20 publications

References 26 publications

On Squares of Cyclic Codes

On Squares of Cyclic Codes

Actively Secure OT-Extension from q-ary Linear Codes

Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions

Contact Info

Product

Resources

About