Abstract
We present a public-key encryption scheme with the following properties. Given a branching program P and an encryption c of an input x, it is possible to efficiently compute a succinct ciphertext c′ from which P(x) can be efficiently decoded using the secret key. The size of c′ depends polynomially on the size of x and the length of P, but does not further depend on the size of P. As interesting special cases, one can efficiently evaluate finite automata, decision trees, and OBDDs on encrypted data, where the size of the resulting ciphertext c′ does not depend on the size of the object being evaluated. These are the first general representation models for which such a feasibility result is shown. Our main construction generalizes the approach of Kushilevitz and Ostrovsky (FOCS 1997) for constructing single-server Private Information Retrieval protocols.
We also show how to strengthen the above so that c′ does not contain additional information about P (other than P(x) for some x) even if the public key and the ciphertext c are maliciously formed. This yields a two-message secure protocol for evaluating a length-bounded branching program P held by a server on an input x held by a client. A distinctive feature of this protocol is that it hides the size of the server’s input P from the client. In particular, the client’s work is independent of the size of P.
Supported by grants 36/03 and 1310/06 from the Israel Science Foundation and grant 2004361 from the U.S.-Israel Binational Science Foundation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)
Blum, M., De Santis, A., Micali, S., Persiano, G.: Non-interactive Zero Knowledge. SIAM Journal of Computing 20(6), 1084–1118 (1991)
Barak, B., Goldreich, O.: Universal Arguments and their Applications. In: Proc. CCC 2002, pp. 194–203 (2002)
Beaver, D.: Minimal-Latency Secure Function Evaluation. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 335–350. Springer, Heidelberg (2000)
Boneh, D., Goh, E.J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Proc. 2nd TCC, pp. 325–341 (2005)
Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999)
Cachin, C., Camenisch, J., Kilian, J., Muller, J.: One-round secure computation and secure autonomous mobile agents. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, Springer, Heidelberg (2000)
Canneti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202
Chor, B., Gilboa, N., Naor, M.: Private information retrieval by keywords. Technical Report TR-CS0917, Department of Computer Science, Technion (1997)
Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. J. of the ACM 45, 965–981 (1998), Earlier version in FOCS ’95
Damgård, I., Jurik, M.: A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 79–95. Springer, Heidelberg (2002)
Even, S., Goldreich, O., Lempel, A.: A Randomized Protocol for Signing Contracts. Communications of the ACM 28(6), 637–647 (1985)
Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom fuctions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005)
Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation. In: Proc. of 26th STOC, pp. 554–563 (1994)
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting Data Privacy in Private Information Retrieval Schemes. In: Proc. of 30th STOC, pp. 151–160 (1998)
Goldreich, O.: Foundations of Cryptography: Basic Applications. Cambridge University Press, Cambridge (2004)
Goldwasser, S., Micali, S.: Probabilistic encryption. JCSS 28(2), 270–299 (1984), Preliminary version in Proc. STOC ’82
Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: Proc. 41st FOCS, pp. 294–304 (2000)
Ishai, Y., Kushilevitz, E.: Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials. In: Widmayer, P., Triguero, F., Morales, R., Hennessy, M., Eidenbenz, S., Conejo, R. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002)
Kalai, Y.T.: Smooth Projective Hashing, and two message Oblivious Transfer. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005)
Kilian, J.: Founding cryptography on oblivious transfer. In: Proc. of the 20th ACM, pp. 20–31. ACM Press, New York (1998)
Kolesnikov, V.: Gate Evaluation Secret Sharing and Secure One-Round Two-Party Computation. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 136–155. Springer, Heidelberg (2005)
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: Proc. 38th FOCS, pp. 364–273 (1997)
Laur, S., Lipmaa, H.: Additively homomorphic Conditional Disclosure of Secrets and applications. Eprint report 2005/378 (2005)
Lindell, Y., Pinkas, B.: A Proof of Yao’s Protocol for Secure Two-Party Computation. Cryptology ePrint Archive, Report 2004/175 (2004)
Lipmaa, H.: An Oblivious Transfer Protocol with Log-Squared Communication. In: Proc. 8th ICS, pp. 314–328 (2005), Full version on eprint
Micali, S., Rabin, M., Kilian, J.: Zero knowledge sets. In: Proc. 44th FOCS, pp. 80–91 (2003)
Naor, M., Nissim, K.: Communication Preserving Protocols for Secure Function Evaluation. In: Proc. 33rd STOC, pp. 590–599 (2001)
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proc. SODA (2001)
Ostrovsky, R., Skeith III., W.E.: Private Searching on Streaming Data. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 223–240. Springer, Heidelberg (2005)
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Pippenger, N.: On simultaneous resource bounds. In: Proc. of the 20th FOCS, pp. 307–311 (1979)
Rabin, M.: How to Exchange Secrets by Oblivious Transfer. Tech. Memo TR-81, Aiken Computation Laboratory, Harvard U. (1981)
Stern, J.P.: A new and efficient all or nothing Disclosure of Secrets protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg (1998)
Sander, T., Young, A., Yung, M.: Non-interactive cryptocomputing for NC 1. In: Proc. 20th FOCS, pp. 554–566 (1999)
Yao, A.C.: How to generate and exchange secrets. In: Proc. 18th STOC, pp. 162–167 (1986)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Ishai, Y., Paskin, A. (2007). Evaluating Branching Programs on Encrypted Data. In: Vadhan, S.P. (eds) Theory of Cryptography. TCC 2007. Lecture Notes in Computer Science, vol 4392. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70936-7_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-70936-7_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70935-0
Online ISBN: 978-3-540-70936-7
eBook Packages: Computer ScienceComputer Science (R0)