Skip to main content
SpringerLink
Log in

BetterTimes

Privacy-Assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields

  • Conference paper
  • First Online:
Provable Security (ProvSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9451))

Included in the following conference series:

Abstract

We present a privacy-assured multiplication protocol using which an arbitrary arithmetic formula with inputs from two parties over a finite field \(\mathbb {F}_p\) can be jointly computed on encrypted data using an additively homomorphic encryption scheme. Our protocol is secure against malicious adversaries. To motivate and illustrate applications of this technique, we demonstrate an attack on a class of known protocols showing how to compromise location privacy of honest users by manipulating messages in protocols with additively homomorphic encryption. We evaluate our approach using a prototypical implementation. The results show that the added overhead of our approach is small compared to insecure outsourced multiplication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://bitbucket.org/hallgrep/bettertimes.

References

  1. Barthe, G., Grégoire, B., Béguelin, S.Z.: Formal certification of code-based cryptographic proofs. In: Shao, Z., Pierce, B.C. (eds.) Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, January 21–23, pp. 90–101. ACM (2009)

    Google Scholar 

  2. Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 18, p. 111 (2011)

    Google Scholar 

  6. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  7. Coldewey, D.: “Girls Around Me” Creeper App Just Might Get People To Pay Attention To Privacy Settings. TechCrunch, March 2012

    Google Scholar 

  8. Cramer, R., Damgård, I.B., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Damgård, I.B., Geisler, M., Krøigaard, M.: Efficient and secure comparison for on-line auctions. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 416–430. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Damgåard, I.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: USENIX Security Symposium, pp. 303–320. USENIX (2004)

    Google Scholar 

  12. Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognition. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  13. Free Software Foundation. The gnu multiple precision arithmetic library (1991–2013). http://gmplib.org/

  14. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC, pp. 169–178. ACM (2009)

    Google Scholar 

  15. Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  16. Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. J. Comput. Syst. Sci. 60(3), 592–629 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  17. Goldreich, O.: The Foundations of Cryptography, vol. 2. Cambridge University Press, Basic Applications (2004)

    Google Scholar 

  18. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in np have zero-knowledge proof systems. J. ACM 38(3), 690–728 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  19. Hallgren, P., Ochoa, M., Sabelfeld, A.: InnerCircle: a parallelizable decentralized privacy-preserving location proximity protocol. In: International Conference on Privacy, Security and Trust (PST), July 2015. http://dblp.uni-trier.de/rec/bibtex/conf/pst/HallgrenOS15

  20. Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium, USENIX Association (2011)

    Google Scholar 

  21. Huang, Y., Katz, J., Evans, D.: Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In: IEEE Symposium on Security and Privacy, SP 2012, 21–23 May 2012, San Francisco, California, USA, pp. 272–284. IEEE Computer Society (2012)

    Google Scholar 

  22. Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: From dust to dawn: Practically efficient two-party secure function evaluation protocols and their modular design. IACR Cryptology ePrint Archive 2010, 79 (2010)

    Google Scholar 

  23. Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: A systematic approach to practically efficient general two-party secure function evaluation protocols and their modular design. J. Comput. Secur. 21(2), 283–315 (2013)

    Google Scholar 

  24. Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  25. Kreuter, B., Shelat, A., Shen, C.: Billion-gate secure computation with malicious adversaries. In: Kohno, T. (ed.) Proceedings of the 21st USENIX Security Symposium, 8–10 August, 2012, Bellevue, WA, USA, pp. 285–300. USENIX Association (2012)

    Google Scholar 

  26. Lagendijk, R.L., Erkin, Z., Barni, M.: Encrypted signal processing for privacy protection: Conveying the utility of homomorphic encryption and multiparty computation. IEEE Signal Process. Mag. 30(1), 82–105 (2013)

    Article  Google Scholar 

  27. Li, M., Zhu, H., Gao, Z., Chen, S., Yu, L., Hu, S., Ren, K.: All your location are belong to us: breaking mobile social networks for automated user location tracking. In: MobiHoc, pp. 43–52 (2014)

    Google Scholar 

  28. Lindell, Y., Pinkas, B.: Secure multiparty computation for privacy-preserving data mining. IACR Cryptology ePrint Archive 2008, 197 (2008)

    Google Scholar 

  29. Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: Oblivm: A programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, 17–21 May, 2015, San Jose, CA, USA, pp. 359–376. IEEE Computer Society (2015)

    Google Scholar 

  30. Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, 6–9 February 2011, San Diego, California, USA. The Internet Society (2011)

    Google Scholar 

  31. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  32. Polakis, I., Argyros, G., Petsios, T., Sivakorn, S., Keromytis, A.D.: Where’s wally? precise user discovery attacks in location proximity services. In: ACM Conference on Computer and Communications Security, October 2015. http://dblp.uni-trier.de/rec/bibtex/conf/ccs/PolakisAPSK15

  33. Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Efficient privacy-preserving face recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 229–244. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  34. Sedenka, J., Gasti, P.: Privacy-preserving distance computation and proximity testing on earth, done right. In: Moriai, S., Jaeger, T., Sakurai, K. (eds.) 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014, 03–06 June, 2014, Kyoto, Japan, pp. 99–110. ACM (2014)

    Google Scholar 

  35. Shpilka, A., Yehudayoff, A.: Arithmetic circuits: A survey of recent results and open questions. Found. Trends Theo. Comput. Sci. 5(3–4), 207–388 (2010)

    MathSciNet  MATH  Google Scholar 

  36. Veytsman, M.: How I was able to track the location of any Tinder user, February 2014. http://blog.includesecurity.com/

  37. Wachs, M., Schanzenbach, M., Grothoff, C.: On the feasibility of a censorship resistant decentralized name system. In: Danger, J.-L., Debbabi, M., Marion, J.-Y., Garcia-Alfaro, J., Heywood, N.Z. (eds.) FPS 2013. LNCS, vol. 8352, pp. 19–30. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  38. Zhong, G., Goldberg, I., Hengartner, U.: Louis, Lester and Pierre: three protocols for location privacy. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 62–76. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Acknowledgments

Thanks are due to Allen Au for the useful comments. This work was funded by the European Community under the ProSecuToR project and the Swedish research agencies SSF and VR.

Author information

Authors and Affiliations

  1. Chalmers University of Technology, Gothenburg, Sweden

    Per Hallgren & Andrei Sabelfeld

  2. Technische Universität München, Munich, Germany

    Martín Ochoa

  3. Singapore University of Technology and Design, Singapore, Singapore

    Martín Ochoa

Authors
  1. Per Hallgren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martín Ochoa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrei Sabelfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Per Hallgren .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man-Ho Au

  2. Japan Advanced Inst. of Science and Tech, Ishikawa, Japan

    Atsuko Miyaji

Appendices

A A Concrete Instantiation to Secure Hallgren et al.

To make the protocol from Hallgren et al., and other afflicted solutions, secure against format attacks from Alice, the distance can be computed directly on the coordinates instead of using several correlated values. The secured algorithm could be modeled as follows:

B Visualization of Privacy-Preserving Arithmetic Formula

Figure 7 depicts the system for privacy-preserving arithmetic formulas presented in this paper, during an execution where Alice is honest. Alice is the initiating party, and starts by sending her inputs to Bob. Bob then hardwires both is and Alice’s inputs into a instruction of nested operations, forming a tree like in Fig. 3. Depending on g, Bob computes any local operations and executes BetterTimes as necessary, with as many iterations as necessary. Finally, he computes the ciphertext \([\![result ]\!]\). Since Alice by assumption is honest, \([\![result ]\!]\) will hold the output of g (and would hold the encryption of a random element in \(\mathbb {F}_p\) if Alice was dishonest). BetterTimes is simplified here, for a more complete visualization see Fig. 4.

Fig. 7.
figure 7

Visualization of actions by each principal, where R and O means repeatable and optional, respectively.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Hallgren, P., Ochoa, M., Sabelfeld, A. (2015). BetterTimes. In: Au, MH., Miyaji, A. (eds) Provable Security. ProvSec 2015. Lecture Notes in Computer Science(), vol 9451. Springer, Cham. https://doi.org/10.1007/978-3-319-26059-4_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26059-4_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26058-7

  • Online ISBN: 978-3-319-26059-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation