Function Secret Sharing

Boyle, Elette; Gilboa, Niv; Ishai, Yuval

doi:10.1145/2976749.2978429

Cited by 231 publications

(23 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, the construction associates with each layer of the tree shares one λ-bit CW, the two least-significant bits of which are special toggle bits that help the evaluator decide to which nodes it should "apply" the CW. The precise details of how to generate and apply CWs (and toggle bits) goes beyond what is needed to understand our MUX and DeMUX constructions; for brevity, we omit those details here and direct interested readers to Gilboa and Ishai [20] and Boyle et al [9]. For our purposes, it suffices to know that 1. each node (in each tree share) is associated with its own flag bit that is determined by a combination of the toggle bits and node labels produced by the PRG output together with the CW for the preceding layer;…”

Section: Boyle-gilboa-ishai (22)-dpfsmentioning

confidence: 99%

See 1 more Smart Citation

Practical and Provably Secure Distributed Aggregation: Verifiable Additive Homomorphic Secret Sharing

2020

View full text Add to dashboard Cite

Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information. In this paper, we propose an approach, called verifiable additive homomorphic secret sharing (VAHSS), to achieve practical and provably secure aggregation of data, while allowing for the clients to protect their secret data and providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. We propose three VAHSS constructions by combining an additive homomorphic secret sharing (HSS) scheme, for computing the sum of the clients’ secret inputs, and three different methods for achieving public verifiability, namely: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three constructions, we provide a detailed correctness, security, and verifiability analysis and detailed experimental evaluations. Our results demonstrate the efficiency of our proposed constructions, especially from the client side.

show abstract

“…In the 2-server setting, several works have employed (2, 2)-DPFs to achieve low upload costs [8,12,17], while Angel, Chen, Laine, and Setty [2] proposed a novel technique to obtain low upload costs in single-server FHE-based PIR using so-called plaintext slot permutations. For > 2 servers, there does not appear to be any prior work that provides upload costs scaling sublinearly in r .…”

Section: A Related Workmentioning

confidence: 99%

A Bit More Than a Bit Is More Than a Bit Better

Hafiz

Henry

2019

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

We study both the practical and theoretical efficiency of private information retrieval (PIR) protocols in a model wherein several untrusted servers work to obliviously service remote clients’ requests for data and yet no pair of servers colludes in a bid to violate said obliviousness. In exchange for such a strong security assumption, we obtain new PIR protocols exhibiting remarkable efficiency with respect to every cost metric—download, upload, computation, and round complexity—typically considered in the PIR literature. The new constructions extend a multiserver PIR protocol of Shah, Rashmi, and Ramchandran (ISIT 2014), which exhibits a remarkable property of its own: to fetch a b-bit record from a collection of r such records, the client need only download b + 1 bits total. We find that allowing “a bit more” download (and optionally introducing computational assumptions) yields a family of protocols offering very attractive trade-offs. In addition to Shah et al.’s protocol, this family includes as special cases (2-server instances of) the seminal protocol of Chor, Goldreich, Kushilevitz, and Sudan (FOCS 1995) and the recent DPF-based protocol of Boyle, Gilboa, and Ishai (CCS 2016). An implicit “folklore” axiom that dogmatically permeates the research literature on multiserver PIR posits that the latter protocols are the “most efficient” protocols possible in the perfectly and computationally private settings, respectively. Yet our findings soundly refute this supposed axiom: These special cases are (by far) the least performant representatives of our family, with essentially all other parameter settings yielding instances that are significantly faster.

show abstract

Function Secret Sharing

Cited by 231 publications

References 30 publications

You May Also Like... Privacy: Recommendation Systems Meet PIR

You May Also Like... Privacy: Recommendation Systems Meet PIR

Practical and Provably Secure Distributed Aggregation: Verifiable Additive Homomorphic Secret Sharing

A Bit More Than a Bit Is More Than a Bit Better

Contact Info

Product

Resources

About