Black-Box Proof of Knowledge of Plaintext and Multiparty Computation with Low Communication Overhead [chapter]

Steven Myers, Mona Sergi, abhi shelat
2013 Lecture Notes in Computer Science  
We present a 2-round protocol to prove knowledge of a plaintext corresponding to a given ciphertext. Our protocol is black-box in the underlying cryptographic primitives and it can be instantiated with almost any fully homomorphic encryption scheme. Since our protocol is only 2 rounds it cannot be zero-knowledge [GO94]; instead, we prove that our protocol ensures the semantic security of the underlying ciphertext. To illustrate the merit of this relaxed proof of knowledge property, we use our
more » ... sult to construct a secure multi-party computation protocol for evaluating a function f in the standard model using only black-box access to a threshold fully homomorphic encryption scheme. This protocol requires communication that is independent of |f |; while Gentry [Gen09a] has previously shown how to construct secure multi-party protocols with similar communication rates, the use of our novel primitive (along with other new techniques) avoids the use of complicated generic white-box techniques (cf. PCP encodings [Gen09a] and generic zero-knowledge proofs [AJLA + 12, LATV11].) In this sense, our work demonstrates in principle that practical TFHE can lead to reasonably practical secure computation. 1 Since all current schemes contain bit-wise encryptions of their own secret-keys which are random bit strings, and a natural extension of any protocol that provides encryptions of one's own secret-key can be used to derive a labeled encryption of 0 and 1 which we describe.
doi:10.1007/978-3-642-36594-2_23 fatcat:uqboiem2ijbsff2utlxmbd74la