TY - GEN
T1 - Function secret sharing
T2 - 23rd ACM Conference on Computer and Communications Security, CCS 2016
AU - Boyle, Elette
AU - Gilboa, Niv
AU - Ishai, Yuval
N1 - Publisher Copyright:
© 2016 Copyright held by the owner/author(s).
PY - 2016/10/24
Y1 - 2016/10/24
N2 - Function Secret Sharing (FSS), introduced by Boyle et al. (Eurocrypt 2015), provides away for additively secret-sharing a function from a given function family F. More concretely, an m-party FSS scheme splits a function f: {0, 1}n → G, for some abelian group G, into functions f1,..., fm, described by keys k1,..., km, such that f = f1 +... + fm and every strict subset of the keys hides f. A Distributed Point Function (DPF) is a special case where F is the family of point functions, namely functions fα,β that evaluate to β on the input α and to 0 on all other inputs. FSS schemes are useful for applications that involve privately reading from or writing to distributed databases while minimizing the amount of communication. These include different flavors of private information retrieval (PIR), as well as a recent application of DPF for large-scale anonymous messaging. We improve and extend previous results in several ways: • Simplified FSS constructions. We introduce a ten-soring operation for FSS which is used to obtain a conceptually simpler derivation of previous constructions and present our new constructions. • Improved 2-party DPF. We reduce the key size of the PRG-based DPF scheme of Boyle et al. roughly by a factor of 4 and optimize its computational cost. The optimized DPF significantly improves the concrete costs of 2-server PIR and related primitives. • FSS for new function families. We present an efficient PRG-based 2-party FSS scheme for the family of decision trees, leaking only the topology of the tree and the internal node labels. We apply this towards FSS for multi-dimensional intervals. We also present a general technique for extending FSS schemes by increasing the number of parties. • Verifiable FSS. We present efficient protocols for verifying that keys (k1∗,..., km∗), obtained from a potentially malicious user, are consistent with some f ∈ F. Such a verification may be critical for applications that involve private writing or voting by many users.
AB - Function Secret Sharing (FSS), introduced by Boyle et al. (Eurocrypt 2015), provides away for additively secret-sharing a function from a given function family F. More concretely, an m-party FSS scheme splits a function f: {0, 1}n → G, for some abelian group G, into functions f1,..., fm, described by keys k1,..., km, such that f = f1 +... + fm and every strict subset of the keys hides f. A Distributed Point Function (DPF) is a special case where F is the family of point functions, namely functions fα,β that evaluate to β on the input α and to 0 on all other inputs. FSS schemes are useful for applications that involve privately reading from or writing to distributed databases while minimizing the amount of communication. These include different flavors of private information retrieval (PIR), as well as a recent application of DPF for large-scale anonymous messaging. We improve and extend previous results in several ways: • Simplified FSS constructions. We introduce a ten-soring operation for FSS which is used to obtain a conceptually simpler derivation of previous constructions and present our new constructions. • Improved 2-party DPF. We reduce the key size of the PRG-based DPF scheme of Boyle et al. roughly by a factor of 4 and optimize its computational cost. The optimized DPF significantly improves the concrete costs of 2-server PIR and related primitives. • FSS for new function families. We present an efficient PRG-based 2-party FSS scheme for the family of decision trees, leaking only the topology of the tree and the internal node labels. We apply this towards FSS for multi-dimensional intervals. We also present a general technique for extending FSS schemes by increasing the number of parties. • Verifiable FSS. We present efficient protocols for verifying that keys (k1∗,..., km∗), obtained from a potentially malicious user, are consistent with some f ∈ F. Such a verification may be critical for applications that involve private writing or voting by many users.
KW - Function Secret Sharing
KW - Homomorphic encryption
KW - Private information retrieval
KW - Secure multiparty computation
UR - http://www.scopus.com/inward/record.url?scp=84995527955&partnerID=8YFLogxK
U2 - 10.1145/2976749.2978429
DO - 10.1145/2976749.2978429
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84995527955
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1292
EP - 1303
BT - CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 24 October 2016 through 28 October 2016
ER -