It seems ok to me. I just think that we can improve effiency (and security) a bit if we do like this:
P1 computes: - A1= Enc(a1), B1=Enc(b1) - Send A1,B1 to P2 P2 computes: - C1=A1^b2 * B1^a2 * Enc(r) // r random in [0, 2p^2 + 2^k] k security parameter - c2= a2b2 - (r mod p) mod p - Send C1 to P1 P1 computes: - c1 = Dec(C1) + a1b1 mod p Now c1+c2=c=ab=(a1+a2)(b1+b2) Efficiency: in this way we reduced from: - Encryptions: from 6 to 3 encryptions - Decryptions: from 2 to 1 decryptions - Communication: from 4 to 3 ciphertext - Generated random numbers: from 2 to 1 - Key pair needed: from 2 to 1. Security: - original: computational for both players. - modified: computational for P1, statistical in k for P2. Problems: - it doesn't scale for n>2 - it might be complicated to implement it in VIFF, given that this is quite asymmetric while VIFF is highly symmetric. Claudio On Sun, Jun 29, 2008 at 2:15 PM, Martin Geisler <[EMAIL PROTECTED]> wrote: > "Claudio Orlandi" <[EMAIL PROTECTED]> writes: > > Hi Claudio > >> if you are interested just in passive security for the 2 party case >> you can implement the following protocol for multiplication. > > You never commented on my implementation of your multiplication > protocol -- is there anything I should know security-wise before > including it in VIFF proper? > > I did a simple benchmark with 10 multiplications and a multiplication > takes about *3 seconds* when I run both playes on the same laptop. I > have not yet tested on the DAIMI machines we normally compare with. > > The updated code is here: > > http://thread.gmane.org/gmane.comp.cryptography.viff.patches/14 > > -- > Martin Geisler > -- Claudio Orlandi PhD student, Department of Computer Science, Turing-223 Aarhus Universitet, Denmark http://www.daimi.au.dk/~orlandi _______________________________________________ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
