EN FR
EN FR


Section: New Results

Cryptographic Protocols

Participant : Guilhem Castagnos.

In [16] G. Castagnos, L. Imbert, and F. Laguillaumie revisit a recent cryptographic primitive called encryption switching protocols (ESP). This primitive was introduced by Couteau, Peters and Pointcheval last year. It allows to switch ciphertexts between two encryption schemes. If such an ESP is built with two schemes that are respectively additively and multiplicatively homomorphic, it naturally gives rise to a secure 2-party computation protocol. It is thus perfectly suited for evaluating functions, such as multivariate polynomials, given as arithmetic circuits. Couteau et al. built an ESP to switch between Elgamal and Paillier encryptions which do not naturally fit well together. Consequently, they had to design a clever variant of Elgamal over 𝐙/n𝐙 with a costly shared decryption.

In this work, Castagnos et. al. first present a conceptually simple generic construction for encryption switching protocols. Then, they give an efficient instantiation of our generic approach that uses two well-suited protocols, namely a variant of Elgamal in 𝐙/p𝐙 and the Castagnos-Laguillaumie encryption which is additively homomorphic over 𝐙/p𝐙. Among other advantages, this allows to perform all computations modulo a prime p instead of an RSA modulus. Overall, this solution leads to significant reductions in the number of rounds as well as the number of bits exchanged by the parties during the interactive protocols. They also show how to extend its security to the malicious setting.

This paper was presented at the CRYPTO Conference 2017, and is part of the Alambic project.