TY - JOUR

T1 - (Server-Aided) Two-Party Multiplication of Encrypted Shares Using (k, n) Threshold Secret Sharing with N ≥ k Servers

AU - Kamal, Ahmad Akmal Aminuddin Mohd

AU - Iwamura, Keiichi

N1 - Publisher Copyright:
© 2013 IEEE.

PY - 2021

Y1 - 2021

N2 - Two-party computation allows two clients to jointly compute an arbitrary function of their inputs without revealing these inputs to each other. In this study, we adopt a server-aided model, in which a set of computing servers performs computation using the inputs of two clients. In the (k, n ) threshold secret sharing scheme, input s is divided into n shares and can be recovered from k shares, where k is a threshold. Typically, the multiplication of shares increases the polynomial's degree from (k-1) to (2k-2) , thus increasing the number of shares required from k to 2k-1. Because each server typically holds only one share, the number of servers required also increases to 2k-1. Therefore, a set of n servers can compute multiplication securely only if the adversary corrupts at most k-1 < n/2 servers. In this study, we differentiate {N} , which is the number of required servers, and {n} , which is the parameter of the (k, n ) threshold secret sharing scheme. We propose a method of multiplication by using only N\ge k servers. This is implemented by sending two shares of the same input to each server. In a 'normal' method, sending multiple shares to one server violates security because k shares can be leaked from k-1 servers. We overcome this by implementing a different functionality, where each share is first encrypted with a different random number (encrypted share) before being sent to a server. Instead of the 'normal shares' of ab, our protocol computes the encrypted shares of ab using the encrypted shares of a and b. We show that the proposed method is secure against a non-colluding semi-honest adversary. Moreover, we implement our method in MATLAB and show its efficiency.

AB - Two-party computation allows two clients to jointly compute an arbitrary function of their inputs without revealing these inputs to each other. In this study, we adopt a server-aided model, in which a set of computing servers performs computation using the inputs of two clients. In the (k, n ) threshold secret sharing scheme, input s is divided into n shares and can be recovered from k shares, where k is a threshold. Typically, the multiplication of shares increases the polynomial's degree from (k-1) to (2k-2) , thus increasing the number of shares required from k to 2k-1. Because each server typically holds only one share, the number of servers required also increases to 2k-1. Therefore, a set of n servers can compute multiplication securely only if the adversary corrupts at most k-1 < n/2 servers. In this study, we differentiate {N} , which is the number of required servers, and {n} , which is the parameter of the (k, n ) threshold secret sharing scheme. We propose a method of multiplication by using only N\ge k servers. This is implemented by sending two shares of the same input to each server. In a 'normal' method, sending multiple shares to one server violates security because k shares can be leaked from k-1 servers. We overcome this by implementing a different functionality, where each share is first encrypted with a different random number (encrypted share) before being sent to a server. Instead of the 'normal shares' of ab, our protocol computes the encrypted shares of ab using the encrypted shares of a and b. We show that the proposed method is secure against a non-colluding semi-honest adversary. Moreover, we implement our method in MATLAB and show its efficiency.

KW - (k, n) threshold secret sharing

KW - 2PC

KW - secure multiplication

KW - Secure two-party computation

KW - server-aided model

UR - http://www.scopus.com/inward/record.url?scp=85113266748&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2021.3104505

DO - 10.1109/ACCESS.2021.3104505

M3 - Article

AN - SCOPUS:85113266748

VL - 9

SP - 113117

EP - 113129

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 9512055

ER -