Homomorphic Secret Sharing Research Articles

Verifiable Additive Homomorphic Secret Sharing with Dynamic Aggregation Support

(n,m,t)-Homomorphic Secret Sharing (HSS) allows n clients to share data secretly to m servers, which compute a function f homomorphically on the received secretly shared data while restricting the input data acquired by a collection of t servers to private ones. In Verifiable Homomorphic Secret Sharing (VHSS), if there are partially colluding malicious servers submitting erroneous computation results to the client, such erroneous computation results will be rejected by the client. In traditional static homomorphic secret sharing schemes, once a secret share of raw data is assigned to a group of servers, then all servers in the group must participate in the computation, which means that the computation has to be restarted once some servers fail to perform the task. In order to solve the above problem, we propose the first dynamic homomorphic secret sharing scheme for additive computation in this paper. In our scheme, once some servers fail, there is no need to recalculate the secret sharing but only the need to reissue the index set of servers that perform the computation, Our structure assigns more computation to the servers, which is very useful in real scenarios. In addition, we propose dynamic verifiable homomorphic secret sharing schemes based on the above schemes, which have less computational overhead compared to the existing schemes, although we sacrifice the public verifiability property. Finally, we give a detailed correctness, security, and verifiability analysis of the two proposed schemes and provide the theoretical and experimental evaluation results of the computational overhead.

Scooby: Improved multi-party homomorphic secret sharing based on FHE

In this paper we present new constructions of multi-party homomorphic secret sharing (HSS) based on a new primitive that we call homomorphic encryption with decryption to shares (HEDS). Our first scheme, which we call Scooby, is based on many popular fully homomorphic encryption (FHE) schemes with a linear decryption property. Scooby achieves an n-party HSS for general circuits with complexity O(|F|+log⁡n), as opposed to O(n2⋅|F|) for the prior best construction based on multi-key FHE. Scooby relies on a trusted setup procedure, and can be based on (ring)-LWE with a super-polynomial modulus-to-noise ratio. In our second construction, Scrappy, assuming any generic FHE plus HSS for NC1-circuits, we obtain a HEDS scheme which does not require a super-polynomial modulus. While these schemes all require FHE, in another instantiation, Shaggy, we show how it is also possible to obtain multi-party HSS without FHE, instead relying on the DCR assumption to obtain 4-party HSS for constant-degree polynomials.

Verifiable Homomorphic Secret Sharing for Low Degree Polynomials

An <inline-formula><tex-math notation="LaTeX">$(n,m,t)$</tex-math></inline-formula>-homomorphic secret sharing (HSS) scheme for a function family <inline-formula><tex-math notation="LaTeX">$\cal F$</tex-math></inline-formula> allows <inline-formula><tex-math notation="LaTeX">$n$</tex-math></inline-formula> clients to share their data <inline-formula><tex-math notation="LaTeX">$x_{1}, \ldots ,x_{n}$</tex-math></inline-formula> among <inline-formula><tex-math notation="LaTeX">$m$</tex-math></inline-formula> servers and then distribute the computation of any function <inline-formula><tex-math notation="LaTeX">$f\in {\cal F}$</tex-math></inline-formula> to the servers such that: (i) any <inline-formula><tex-math notation="LaTeX">$t$</tex-math></inline-formula> colluding servers learn no information about the data; (ii) each server is able to compute a partial result and <inline-formula><tex-math notation="LaTeX">$f(x_{1}, \ldots ,x_{n})$</tex-math></inline-formula> can be reconstructed from the servers&#x0027; partial results. HSS schemes cannot guarantee correct reconstruction, if some servers are malicious and provide wrong partial results. Recently, verifiable HSS (VHSS) has been introduced to achieve an additional property: (iii) any <inline-formula><tex-math notation="LaTeX">$t$</tex-math></inline-formula> colluding servers cannot persuade the client(s) to accept their partial results and reconstruct a wrong value. The property (iii) is usually achieved by the client verifying the servers&#x0027; partial results. A VHSS scheme is compact if the verification is substantially faster than locally computing <inline-formula><tex-math notation="LaTeX">$f(x_{1},\ldots ,x_{n})$</tex-math></inline-formula>. Of the existing VHSS schemes for polynomials, some are not compact; the others are compact but impose very heavy workload on the servers, even for low degree polynomials (e.g., they are at least 4000&#x00D7; slower than the existing HSS schemes in order to evaluate polynomials of degree <inline-formula><tex-math notation="LaTeX">$\leq 5$</tex-math></inline-formula>, which have many applications such as privacy-preserving machine learning). In this paper, we propose both a single-client VHSS (SVHSS) model and a multi-client VHSS (MVHSS) model. Our SVHSS allows a client to use a secret key to share its data among servers; our MVHSS allows multiple clients to share their data with a public key. For any integers <inline-formula><tex-math notation="LaTeX">$m,t&gt;0$</tex-math></inline-formula>, we constructed both an <inline-formula><tex-math notation="LaTeX">$(m,t)$</tex-math></inline-formula>-SVHSS scheme and an <inline-formula><tex-math notation="LaTeX">$(m,t)$</tex-math></inline-formula>-MVHSS scheme that satisfy the properties of (i)-(iii). Our constructions are based on level-<inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> homomorphic encryptions. The <inline-formula><tex-math notation="LaTeX">$(m,t)$</tex-math></inline-formula>-SVHSS and <inline-formula><tex-math notation="LaTeX">$(m,t)$</tex-math></inline-formula>-MVHSS are compact and allow the computations of degree-<inline-formula><tex-math notation="LaTeX">$d$</tex-math></inline-formula> polynomials for <inline-formula><tex-math notation="LaTeX">$d\leq ((k+1)m-1)/t$</tex-math></inline-formula> and <inline-formula><tex-math notation="LaTeX">$d\leq ((k+1)(m-t)-1)/t$</tex-math></inline-formula>, respectively. Experiments show that our schemes are much more efficient than the existing compact VHSS for low degree polynomials. For example, to compute polynomials of degree <inline-formula><tex-math notation="LaTeX">$\leq 5$</tex-math></inline-formula>, our MVHSS scheme is at least 420&#x00D7;faster. By applying SVHSS and MVHSS, we may add verifiability to privacy-preserving machine learning (PPML) algorithms. Experiments show that the resulting schemes are at least 52&#x00D7; and 20&#x00D7; faster than the existing verifiable PPML schemes.

Publicly Verifiable Homomorphic Secret Sharing for Polynomial Evaluation

Publicly Verifiable Homomorphic Secret Sharing for Polynomial Evaluation

Verifiable Homomorphic Secret Sharing for Machine Learning Classifiers

Verifiable Homomorphic Secret Sharing for Machine Learning Classifiers

Energy-Efficient IoT e-Health Using Artificial Intelligence Model with Homomorphic Secret Sharing

Internet of Things (IoT) is a developing technology for supporting heterogeneous physical objects into smart things and improving the individuals living using wireless communication systems. Recently, many smart healthcare systems are based on the Internet of Medical Things (IoMT) to collect and analyze the data for infectious diseases, i.e., body fever, flu, COVID-19, shortness of breath, etc. with the least operation cost. However, the most important research challenges in such applications are storing the medical data on a secured cloud and make the disease diagnosis system more energy efficient. Additionally, the rapid explosion of IoMT technology has involved many cyber-criminals and continuous attempts to compromise medical devices with information loss and generating bogus certificates. Thus, the increase in modern technologies for healthcare applications based on IoMT, securing health data, and offering trusted communication against intruders is gaining much research attention. Therefore, this study aims to propose an energy-efficient IoT e-health model using artificial intelligence with homomorphic secret sharing, which aims to increase the maintainability of disease diagnosis systems and support trustworthy communication with the integration of the medical cloud. The proposed model is analyzed and proved its significance against relevant systems.

On Abelian and Homomorphic Secret Sharing Schemes

On Abelian and Homomorphic Secret Sharing Schemes

An HSS‐based robust and lightweight multiple group authentication for ITS towards 5G

The next generation of network communications (5G) has the particularity of being heterogeneous, which has different abilities with storage, computing and communication. Group communications is more and more popular for Intelligent Transportation Systems (ITS) in 5G since various smart devices have been constantly connected to ITS over the past decades. One of the main challenges faced by the group communications for ITS towards 5G is how to make the communications secure among these heterogeneous devices. Membership authentication is used to ensure that all users are legitimate group members in ITS communication systems towards 5G. A new type of authentication, called t-secure m-user n-group authentication scheme ((t, m, n) GAS), has been proposed in 2013. GAS is different from conventional peer-to-peer authentications which authenticate users one at a time. GAS can authenticate m users at once. GAS is specially designed for group communications which involve multiple users. Since then, extended research papers on group authentication have been published. A discrete-logarithm-based GAS with multiple authentications has been proposed in the original paper. In this paper, based on homomorphic secret sharing (HSS), a novel multiple group authentication is presented, which is more lightweight and robust than the original scheme. The security of the proposed scheme is unconditionally secure without any assumption. More importantly, since polynomial evaluations with a smaller modulus are needed in our proposed scheme, it is more efficient than the original scheme which needs modular exponentiations with a larger modulus, thus this design is more suitable for lightweight multiple group authentication in ITS towards 5G.

Practical and Provably Secure Distributed Aggregation: Verifiable Additive Homomorphic Secret Sharing

Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information. In this paper, we propose an approach, called verifiable additive homomorphic secret sharing (VAHSS), to achieve practical and provably secure aggregation of data, while allowing for the clients to protect their secret data and providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. We propose three VAHSS constructions by combining an additive homomorphic secret sharing (HSS) scheme, for computing the sum of the clients’ secret inputs, and three different methods for achieving public verifiability, namely: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three constructions, we provide a detailed correctness, security, and verifiability analysis and detailed experimental evaluations. Our results demonstrate the efficiency of our proposed constructions, especially from the client side.

Cheater-identifiable homomorphic secret sharing for outsourcing computations

Homomorphic secret sharing (HSS) allows a dealer to share a secret x among m participants such that: (1) any unauthorized subset of the participants learns no information about x; and (2) every participant in an authorized subset can perform the computation of a function f on its share to obtain a partial result and these partial results suffice to recover f(x). In a multi-client multi-server setting, HSS can be used to outsource the computation of a function f on the dealer’s (clients’) private inputs and thus resolve one of the main security issues in outsourcing computation, i.e., the privacy of the client’s data. Tsaloli, Liang, and Mitrokotsa (ProvSec 2018) proposed a verifiable HSS (VHSS) model where the partial results of the servers can be verified, in order to resolve another main security issue in outsourcing computation, i.e., the integrity of the outsourced computation. They also constructed a VHSS scheme for computing the product of the dealers’ private inputs such that any proper subset of the servers learns no information about the private inputs. In this paper, we present an easy attack of their scheme with which even a single server is able to distinguish between two different sets of private inputs. We propose a new VHSS model and construct a new VHSS scheme for computing the same function. By properly choosing the parameters, our scheme allows cheater detection, cheater identification, robust decoding, and extremely fast verification and result decoding.

An Optimal Distributed Discrete Log Protocol with Applications to Homomorphic Secret Sharing

The distributed discrete logarithm (DDL) problem was introduced by Boyle, Gilboa and Ishai at CRYPTO 2016. A protocol solving this problem was the main tool used in the share conversion procedure of their homomorphic secret sharing (HSS) scheme which allows non-interactive evaluation of branching programs among two parties over shares of secret inputs. Let g be a generator of a multiplicative group $${\mathbb {G}}$$. Given a random group element $$g^{x}$$ and an unknown integer $$b \in [-M,M]$$ for a small M, two parties A and B (that cannot communicate) successfully solve DDL if $$A(g^{x}) - B(g^{x+b}) = b$$. Otherwise, the parties err. In the DDL protocol of Boyle et al., A and B run in time T and have error probability that is roughly linear in M / T. Since it has a significant impact on the HSS scheme’s performance, a major open problem raised by Boyle et al. was to reduce the error probability as a function of T. In this paper we devise a new DDL protocol that substantially reduces the error probability to $$O(M \cdot T^{-2})$$. Our new protocol improves the asymptotic evaluation time complexity of the HSS scheme by Boyle et al. on branching programs of size S from $$O(S^2)$$ to $$O(S^{3/2})$$. We further show that our protocol is optimal up to a constant factor for all relevant cryptographic group families, unless one can solve the discrete logarithm problem in a short interval of length R in time $$o(\sqrt{R})$$. Our DDL protocol is based on a new type of random walk that is composed of several iterations in which the expected step length gradually increases. We believe that this random walk is of independent interest and will find additional applications.

Distributed Privacy Preserving Clustering via Homomorphic Secret Sharing and Its Application to (Vertically) Partitioned Spatio-Temporal Data

Recent concerns about privacy issues have motivated data mining researchers to develop methods for performing data mining while preserving the privacy of individuals. One approach to develop privacy preserving data mining algorithms is secure multiparty computation, which allows for privacy preserving data mining algorithms that do not trade accuracy for privacy. However, earlier methods suffer from very high communication and computational costs, making them infeasible to use in any real world scenario. Moreover, these algorithms have strict assumptions on the involved parties, assuming involved parties will not collude with each other. In this paper, the authors propose a new secure multiparty computation based k-means clustering algorithm that is both secure and efficient enough to be used in a real world scenario. Experiments based on realistic scenarios reveal that this protocol has lower communication costs and significantly lower computational costs.