"Claudio Orlandi" <[EMAIL PROTECTED]> writes: Good morning Claudio!
> One of the two is not a real issues: in fact we can implement this > in VIFF as a "symmetric" protocol. Basically we just run 2 > multiplication at once :) Okay, I'll see about implementing this soon. The asymmetry should actually no longer be a problem, the players can communication in any pattern now. Of course, the more complicated this pattern is, the more anoying it is to code, but it is possible :-) > So we can interleave this protocol with one where P1,P2 want to > compute shares of z=xy, and where P2 plays the role of P1. This > should increase the effiency even more, as the parties don't have > any more idle time. > > Claudio > > On Mon, Jun 30, 2008 at 10:26 AM, Claudio Orlandi > <[EMAIL PROTECTED]> wrote: >> It seems ok to me. >> I just think that we can improve effiency (and security) a bit if >> we do like this: >> >> P1 computes: >> - A1= Enc(a1), B1=Enc(b1) >> - Send A1,B1 to P2 >> P2 computes: >> - C1=A1^b2 * B1^a2 * Enc(r) // r random in [0, 2p^2 + 2^k] k >> security parameter >> - c2= a2b2 - (r mod p) mod p >> - Send C1 to P1 >> P1 computes: >> - c1 = Dec(C1) + a1b1 mod p >> >> Now c1+c2=c=ab=(a1+a2)(b1+b2) >> >> Efficiency: in this way we reduced from: >> - Encryptions: from 6 to 3 encryptions >> - Decryptions: from 2 to 1 decryptions >> - Communication: from 4 to 3 ciphertext >> - Generated random numbers: from 2 to 1 >> - Key pair needed: from 2 to 1. Impressive, that is almost a 50% improvement on all figures! >> Security: >> - original: computational for both players. >> - modified: computational for P1, statistical in k for P2. >> >> Problems: >> - it doesn't scale for n>2 >> - it might be complicated to implement it in VIFF, given that this is >> quite asymmetric while VIFF is highly symmetric. -- Martin Geisler _______________________________________________ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk