Download
1 / 7
70 likes | 191 Views
MPC for Comparing Two Shared Secrets without Bit-Decomposition. Takashi Nishide * † Kazuo Ohta † † The University of Electro-Communications * Hitachi Software Engineering Co., Ltd. 2006/03/05. Comparison Protocol.
E N D
MPC for ComparingTwo Shared Secretswithout Bit-Decomposition Takashi Nishide*†Kazuo Ohta† †The University of Electro-Communications *Hitachi Software Engineering Co., Ltd. 2006/03/05
Comparison Protocol • Given [a]p,[b]p , parties compute[a <? b]p where a,b∈{0,1,…,p-1},(a <? b) ∈{0,1} and(a <? b) = 1 iff a < b. • [a]p : Polynomial sharing of a secret a[a]B: Bitwise sharing of a secret athat is, the shares of the bits of a[a]B = {[al-1]p,…,[a0]p} s.t. a =∑2iai
Overview of 2 Approaches Our SchemeGiven [a]p, [b]pCompute[a <? p/2]p,[b <? p/2]p, and [a-b mod p <?p/2]pCompute [a <? b]p from the above 3 shared bits. • Existing Scheme[DFKNT06]Given [a]p, [b]pCompute[a]B,[b]B.Compute [a <? b]p by Bitwise Less-Than.
Our Construction • Comparison Protocol for [a <? b]passuming [a <? p/2]p is available
Our Construction(Cont.)How to Compute [a <? p/2]p r Generate a bitwise sharing [r]B, compute [c]p=[a]p+[r]pand reveal c.If r ∈ {rlow,…, rhigh} a < p/2.Otherwise a > p/2.[r ∈? {rlow,…, rhigh}]p= [rlow- 1 <? r]p * [r <? rhigh+ 1]p a c=a+r mod p p 0 rhigh rlow p/2
Complexity Analysis • Comparison Protocol based on [DFKNT06]2 * Bit-Decomposition in parallel1 * Bitwise Less-Than • Our Comparison Protocol3 * joint random number bitwise-sharing in parallel6 * bitwise less-than in parallel3 * multiplication in parallel3 * multiplication in 2 rounds
