Secret Sharing and Secure Computing from Monotone Formulae

We present a construction of log-depth formulae for various threshold functions based on atomic threshold gates of constant size. From this, we build a new family of linear secret sharing schemes that are multiplicative, scale well as the number of players increases and allows to raise a shared value to the characteristic of the underlying field without interaction. Some of these schemes are in addition strongly multiplicative. Our formulas can also be used to construct multiparty protocols from protocols for a constant number of parties. In particular we implement black-box multiparty computation over non-Abelian groups in a way that is much simpler than previously known and we also show how to get a protocol in this setting that is efficient and actively secure against a constant fraction of corrupted parties, a long standing open problem. Finally, we show a negative result on usage of our scheme for pseudorandom secret sharing as defined by Cramer, Damgård and Ishai

The Application of Claw Free Functions in Cryptography: - Unconditional Protection in Cryptographic Protocols

A set of clawfree functions is a set of functions that are all easily computable, but for which it is hard to simultaneously find preimages of an element under different functions. In this thesis we develop a formalism for describing such functions, and show several techniques for building them, some new and others well known. We show how clawfree functions can be extremely useful, in the construction of for example collision free hash functions and of cryptographic protocols in general. In particular, we show how to solve the famous multiparty computation problem, while achieving un conditional privacy protection for one participant. This is the optimal result in the model of communication we consider

A discrete logarithm blob for noninteractive XOR gates

We present a bit commitment scheme based on discrete logarithms. Unlike earlier discrete log based schemes, our system allows non-interactive XORing and negation of bits contained in commitments. When used as a building block in zero-knowledge protocols, our scheme leads to protocols that are statistical (almost perfect) zero-knowledge, and where the prover is unable to break the system, unless he can find a secret discrete logarithm

Efficient algorithms for the gcd and cubic residuosity in the ring of Eisenstein integers

AbstractWe present simple and efficient algorithms for computing the gcd and cubic residuosity in the ring of Eisenstein integers, Z[ζ], i.e. the integers extended with ζ, a complex primitive third root of unity. The algorithms are similar and may be seen as generalisations of the binary integer gcd and derived Jacobi symbol algorithms. Our algorithms take time O(n2) for n-bit input. For the cubic residuosity problem this is an improvement from the known results based on the Euclidean algorithm, and taking time O(n⋅M(n)), where M(n) denotes the complexity of multiplying n-bit integers. For the gcd problem our algorithm is simpler and faster than an earlier algorithm of complexity O(n2). The new algorithms have applications in practical primality tests and the implementation of cryptographic protocols

An Extended Quadratic Frobenius Primality Test with Average Case Error Estimates

We present an Extended Quadratic Frobenius Primality Test (EQFT), which is related to the Miller-Rabin test and the Quadratic Frobenius test (QFT) by Grantham. EQFT is well-suited for generating large, random prime numbers since on a random input number, it takes time about equivalent to 2 Miller-Rabin tests, but has much smaller error probability. EQFT extends QFT by verifying additional algebraic properties related to the existence of elements of order 3 and 4. We obtain a simple closed expression that upper bounds the probability of acceptance for any input number. This in turn allows us to give strong bounds on the average-case behaviour of the test: consider the algorithm that repeatedly chooses random odd k bit numbers, subjects them to t iterations of our test and outputs the first one found that passes all tests. We obtain numeric upper bounds for the error probability of this algorithm as well as a general closed expression bounding the error. For instance, it is at most 2-143 for k = 500, t = 2. Compared to earlier similar results for the Miller-Rabin test, the results indicates that our test in the average case has the e#ect of 9 Miller-Rabin tests, while only taking time equivalent to about 2 such tests. We also give bounds for the error in case a prime is sought by incremental search from a random starting point. While EQFT is slower than the average case on a small set of inputs, we present a variant that is always fast, i.e. takes time about 2 Miller-Rabin tests. The variant has slightly larger worst case error probability than EQFT, but still improves on previous proposed tests

Anonymous and Verifiable Registration in Databases

Methods are given by which personal data about a large number of individuals can be registered in a large central database without having to trust this register not to give away information linked to a given individual. Personal information arriving from many different sources can be placed correctly in the register. The registration is done in a verifiable way: Each individual can be given access to the register to check that his information is correct, and can even, if he chooses to do so, prove to anyone that he is or is not identical to a given person in the register. This can all be done without compromising the anonymity of any other individual

Confidential benchmarking based on multiparty computation

We report on the design and implementation of a system that uses multiparty computation to enable banks to benchmark their customers\u27 confidential performance data against a large representative set of confidential performance data from a consultancy house. The system ensures that both the banks\u27 and the consultancy house\u27s data stays confidential, the banks as clients learn nothing but the computed benchmarking score. In the concrete business application, the developed prototype help Danish banks to find the most efficient customers among a large and challenging group of agricultural customers with too much debt. We propose a model based on linear programming for doing the benchmarking and implement it using the SPDZ protocol by Damgård et al., which we modify using a new idea that allows clients to supply data and get output without having to participate in the preprocessing phase and without keeping state during the computation. We ran the system with two servers doing the secure computation using a database with information on about 2500 users. Answers arrived in about 25 seconds

Convertible Undeniable Signatures

We introduce a new concept called convertible undeniable signature schemes.In these schemes, release of a single bit string by the signer turns all of his signatures, which were originally undeniable signatures, into ordinary digital signatures. We prove that the existence of such schemes is implied by the existence of digital signature schemes. Then, looking at the problem more practically, we present a very efficient convertible undeniable signature scheme. This scheme has the added benefit that signatures can also be selectively converted