One of the two is not a real issues: in fact we can implement this in VIFF as a "symmetric" protocol. Basically we just run 2 multiplication at once :) So we can interleave this protocol with one where P1,P2 want to compute shares of z=xy, and where P2 plays the role of P1. This should increase the effiency even more, as the parties don't have any more idle time.
Claudio On Mon, Jun 30, 2008 at 10:26 AM, Claudio Orlandi <[EMAIL PROTECTED]> wrote: > It seems ok to me. > I just think that we can improve effiency (and security) a bit if we > do like this: > > P1 computes: > - A1= Enc(a1), B1=Enc(b1) > - Send A1,B1 to P2 > P2 computes: > - C1=A1^b2 * B1^a2 * Enc(r) // r random in [0, 2p^2 + 2^k] k security > parameter > - c2= a2b2 - (r mod p) mod p > - Send C1 to P1 > P1 computes: > - c1 = Dec(C1) + a1b1 mod p > > Now c1+c2=c=ab=(a1+a2)(b1+b2) > > Efficiency: in this way we reduced from: > - Encryptions: from 6 to 3 encryptions > - Decryptions: from 2 to 1 decryptions > - Communication: from 4 to 3 ciphertext > - Generated random numbers: from 2 to 1 > - Key pair needed: from 2 to 1. > > Security: > - original: computational for both players. > - modified: computational for P1, statistical in k for P2. > > Problems: > - it doesn't scale for n>2 > - it might be complicated to implement it in VIFF, given that this is > quite asymmetric while VIFF is highly symmetric. > > Claudio > > On Sun, Jun 29, 2008 at 2:15 PM, Martin Geisler <[EMAIL PROTECTED]> wrote: >> "Claudio Orlandi" <[EMAIL PROTECTED]> writes: >> >> Hi Claudio >> >>> if you are interested just in passive security for the 2 party case >>> you can implement the following protocol for multiplication. >> >> You never commented on my implementation of your multiplication >> protocol -- is there anything I should know security-wise before >> including it in VIFF proper? >> >> I did a simple benchmark with 10 multiplications and a multiplication >> takes about *3 seconds* when I run both playes on the same laptop. I >> have not yet tested on the DAIMI machines we normally compare with. >> >> The updated code is here: >> >> http://thread.gmane.org/gmane.comp.cryptography.viff.patches/14 >> >> -- >> Martin Geisler >> > > > > -- > Claudio Orlandi > > PhD student, > Department of Computer Science, Turing-223 > Aarhus Universitet, Denmark > http://www.daimi.au.dk/~orlandi > -- Claudio Orlandi PhD student, Department of Computer Science, Turing-223 Aarhus Universitet, Denmark http://www.daimi.au.dk/~orlandi _______________________________________________ viff-devel mailing list (http://viff.dk/) [email protected] http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
