## Homomorphic Public-Key Cryptosystems and Encrypting Boolean Circuits (2003)

Citations: | 14 - 4 self |

### BibTeX

@TECHREPORT{Grigoriev03homomorphicpublic-key,

author = {Dima Grigoriev and Ilia Ponomarenko},

title = {Homomorphic Public-Key Cryptosystems and Encrypting Boolean Circuits},

institution = {},

year = {2003}

}

### OpenURL

### Abstract

In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group.

### Citations

1179 |
Probabilistic encryption
- Goldwasser, Micali
- 1984
(Show Context)
Citation Context ...ural problems concerning secret computations is to design a homomorphic public-key cryptosystem over a finite group. The known examples of such systems include the quadratic residue cryptosystem (see =-=[12, 11]-=-) over the group of order 2 and the cryptosystems (see [22, 24, 25]) over some cyclic and dihedral groups. However, in these and some other cryptosystems the involved groups are solvable and so can no... |

624 | Public Key Cryptosystems based on CompositeDegree Residue Classes
- Paillier
- 1999
(Show Context)
Citation Context ...ut providing a square root of g. Although, there is a common conjecture that verifying for an element to be a square (as well as some power) is also difficult. Let us mention that a cryptosystem from =-=[19]-=- over H = Z + n (for the same assumptions on n as in the quadratic residue cryptosystem) with respect to the homomorphism f : 4 G ! H where G = Z n 2 and ker(f) = fg n : g 2 Gg, in which A = G and P :... |

558 | How to generate and exchange secrets - Yao - 1986 |

331 | The relative efficiency of propositional proof systems
- Cook, Reckhow
- 1979
(Show Context)
Citation Context ...n problem. On the other hand, our ability to compute P \Gamma1 enables us to efficiently implement the decryption algorithm. One can treat P as a proof system for membership to ker(f) in the sense of =-=[3]-=-. Moreover, in case when A is a certain group and P is a homomorphism we have the following exact sequence of group homomorphisms A P !G f !H! f1g (1) (recall that the exact sequence means that the im... |

274 | Protecting mobile agents against malicious hosts
- Sander, Tschudin
- 1998
(Show Context)
Citation Context ...Using such a cryptosystem one can efficiently implement a secret computation given by any circuit over the structure H. Some other applications of homomorphic public-key cryptosystems can be found in =-=[3, 8, 9, 27]-=-. We mention also that the group theory is a source of constructions (apart from homomorphic cryptosystems) in the cryptography, see e.g. [13, 16, 20, 21, 23]. It is well known that any boolean circui... |

137 |
A Fast Monte-Carlo Test for Primality
- Solovay, Strassen
- 1977
(Show Context)
Citation Context ...which yields a certain n 2 DN;m . The algorithm picks randomly integers p = 1 (modm) and q = \Gamma1 (modm) from the interval [2 N ; 2 N+1 ] and tests primality of the picked numbers by means of e.g. =-=[23]-=-. According to [5] there is a constant c ? 0 such that for any b relatively prime with m there are at least c2 N =('(m)N) primes of the form mx+b in the interval [2 N ; 2 N+1 ]. Therefore, after O(N) ... |

126 | Combinatorial group theory. Presentations of groups in terms of generators and relations, Second edition - Magnus, Karrass, et al. - 1976 |

116 |
Multiplicative number theory
- Davenport
- 1967
(Show Context)
Citation Context ...any element of the set R n;m = fR ae G n;m : jf n;m (R)j = jRj = mg is a right transversal of G m n;m in G n;m . We notice that by the Dirichlet theorem on primes in arithmetic progressions (see e.g. =-=[5]-=-) the set Dm is not empty. Moreover, by the same reason the set DN;m = fn 2 N : n = pq; (p; q) 2 Dm ; jpj = jqj = Ng is also nonempty for sufficiently large N 2 N. Theorem 2.1 Let H be a cyclic group ... |

95 | New publickey cryptosystem using braid groups
- Ko, Lee, et al.
- 2000
(Show Context)
Citation Context ...Definitions and results. An important problem of modern cryptography concerns secret public-key computations in algebraic structures. There is a lot of public-key cryptosystems using groups (see e.g. =-=[2, 10, 11, 12, 14, 15, 16, 21, 22]-=- and also Subsection 1.3) but only a few of them have a homomorphic property in the sense of the following definition (cf. [11]). Definition 1.1 Let H be a finite nonidentity group, G a finitely gener... |

82 | Probabilistic Algorithms in Finite Fields
- Rabin
- 1980
(Show Context)
Citation Context ...hm solving the problem FACTOR(n;m). Then we can find the decomposition n = pq. Now using Rabin's probabilistic polynomial-time algorithm for finding roots of polynomials over finite prime fields (see =-=[20]-=-), we can solve the problem INVERSE(P ) for an element g 2 G as follows: Step 1. Find the numbers g p 2 Z p and g q 2 Z q such that g = g p \Theta g q , i.e. g p = g (mod p), g q = g (mod q). Step 2. ... |

82 |
Algebraic Aspects of Cryptography
- Koblitz
- 1998
(Show Context)
Citation Context ...morphic public-key cryptosystems can be found in [3, 8, 9, 27]. We mention also that the group theory is a source of constructions (apart from homomorphic cryptosystems) in the cryptography, see e.g. =-=[13, 16, 20, 21, 23]-=-. It is well known that any boolean circuit of logarithmic depth can be efficiently simulated by a circuit over an arbitrary finite nonsolvable group, see [2] (another approach to encrypting boolean c... |

67 | A New Public-Key Cryptosystem Based on Higher Residues
- Naccache, Stern
(Show Context)
Citation Context ...Definitions and results. An important problem of modern cryptography concerns secret public-key computations in algebraic structures. There is a lot of public-key cryptosystems using groups (see e.g. =-=[2, 10, 11, 12, 14, 15, 16, 21, 22]-=- and also Subsection 1.3) but only a few of them have a homomorphic property in the sense of the following definition (cf. [11]). Definition 1.1 Let H be a finite nonidentity group, G a finitely gener... |

47 |
Non-uniform automata over groups
- BARRINGTON, STRAUBING, et al.
- 1990
(Show Context)
Citation Context ...ction 3 a homomorphic cryptosystem is yielded for an arbitrary H, in this case the group G being a free product of certain Abelian groups produced in Section 2. In Section 4 we recall the result from =-=[1]-=- designing a polynomial size simulation of any boolean circuit B of the logarithmic depth over an arbitrary unsolvable group H (in particular, one can take H to be the symmetric group Sym(5)). Combini... |

46 | New Public-Key Schemes Based on Elliptic Curves over the Ring Zn
- Koyama, Maurer, et al.
- 1991
(Show Context)
Citation Context ...Definitions and results. An important problem of modern cryptography concerns secret public-key computations in algebraic structures. There is a lot of public-key cryptosystems using groups (see e.g. =-=[2, 10, 11, 12, 14, 15, 16, 21, 22]-=- and also Subsection 1.3) but only a few of them have a homomorphic property in the sense of the following definition (cf. [11]). Definition 1.1 Let H be a finite nonidentity group, G a finitely gener... |

45 |
A provably secure additive and multiplicative privacy homomorphism
- Domingo-Ferrer
- 2002
(Show Context)
Citation Context ...Using such a cryptosystem one can efficiently implement a secret computation given by any circuit over the structure H. Some other applications of homomorphic public-key cryptosystems can be found in =-=[3, 8, 9, 27]-=-. We mention also that the group theory is a source of constructions (apart from homomorphic cryptosystems) in the cryptography, see e.g. [13, 16, 20, 21, 23]. It is well known that any boolean circui... |

36 |
Permutation groups and polynomial-time computation
- Luks
- 1993
(Show Context)
Citation Context ...e membership problem when the group in question is given by generators. If Γ is a symmetric group of degree n, then both of these problems can be solved in time n O(1) by the sift algorithm (see e.g. =-=[17]-=-). However, if Γ = GLn(Zm) then both of these problem are closely related with the discrete logarithm problem (when n = 1, m is a prime and X consists of a generator of the multiplicative group of the... |

29 |
On polynomial approximation of the discrete logarithm and the Diffie–Hellman mapping
- Coppersmith, Shparlinski
- 2000
(Show Context)
Citation Context ...em which relies on the Diffie-Hellman key agreement protocol (see e.g. [8]). It involves cyclic groups and relates to the discrete logarithm problem [15]; the complexity of this system was studied in =-=[4]-=-. Some generalizations of this system to non-abelian groups (in particular, the matrix groups over some rings) were suggested in [18] where secrecy was based on an analog of the discrete logarithm pro... |

25 |
Finite Rings with Identity
- Macdonald
- 1974
(Show Context)
Citation Context ...yptosystem over a finite commutative ring (for details see Section 3). Before formulating it we recall that any finite commutative ring with identity is isomorphic to a direct sum of local rings (see =-=[19]-=-). Theorem 1.2 Let R be a finite commutative ring with identity different from a direct sum of several copies of rings isomorphic to Z2. Then there exists a homomorphic publickey cryptosystem over R w... |

24 |
On Data Banks and Privacy Homomorphisms. Foundations of Secure Computation
- Rivest, Dertouzos
- 1978
(Show Context)
Citation Context |

24 |
A new privacy homomorphism and applications
- Domingo-Ferrer
- 1996
(Show Context)
Citation Context ...d in [26] (see also [10]) and in [5] it was demonstrated that a direct approach to it fails. At present there are only a few results in this direction. In particular, we mention the cryptosystem from =-=[7]-=- based on a homomorphism from the direct sum of rings isomorphic Z. A finite version of this system [8] was 3recently broken in [1]. As the second main result of this paper we present a homomorphic p... |

23 |
On privacy homomorphisms
- Brickell, Yacobi
- 1987
(Show Context)
Citation Context ... designed for the first time over finite commutative rings. 1 Introduction 1.1. The problem of constructing reliable cryptosystems for secret computations had been extensively studied last years (see =-=[3, 5, 10, 14, 26]-=-). Generally, it consists in encryption of a circuit over an algebraic structure H (e.g. group, ring, etc.). One of possible approaches to it is to find a publically known algebraic structure G and a ... |

17 | Open questions, talk abstracts, and summary of discussions
- Feigenbaum, Merritt
- 1991
(Show Context)
Citation Context ... designed for the first time over finite commutative rings. 1 Introduction 1.1. The problem of constructing reliable cryptosystems for secret computations had been extensively studied last years (see =-=[3, 5, 10, 14, 26]-=-). Generally, it consists in encryption of a circuit over an algebraic structure H (e.g. group, ring, etc.). One of possible approaches to it is to find a publically known algebraic structure G and a ... |

16 | The complexity of Grigorchuk groups with application to cryptography, Theoret - Garzon, Zalcstein - 1991 |

14 |
Non-interactive cryptocomputing for NC
- Sander, Young, et al.
- 1999
(Show Context)
Citation Context ...ow the output of B one has to be able to calculate f(g) 2 H, which is supposedly to be difficult due to Theorem 1.3. We mention that a different approach to encrypt boolean circuits was undertaken in =-=[24]-=-. 1.2. Discussion on complexity and security. One can see that the encryption procedure can be performed by means of public keys efficiently. However, the decryption procedure is a secret one in the f... |

12 | Improved public key cryptosystem using finite non-abelian groups, Preprint NSRI, Korea
- Paeng, Kwon, et al.
(Show Context)
Citation Context ...ogarithm problem [15]; the complexity of this system was studied in [4]. Some generalizations of this system to non-abelian groups (in particular, the matrix groups over some rings) were suggested in =-=[18]-=- where secrecy was based on an analog of the discrete logarithm problems in groups of inner automorphisms. Certain variations of the Diffie-Hellman systems over the braid groups were described in [12]... |

7 |
Public key cryptosystems based on word problems, in ICOMIDC Symp
- Van, Jeyanthi, et al.
- 1988
(Show Context)
Citation Context ...ore one can easily verify the condition (H2) and on the other hand this allows one to provide evidence for the difficulty of a decryption. In this connection we mention a public-key cryptosystem from =-=[6]-=- in which f was the natural epimorphism from a free group G onto the group H (infinite, non-abelian in general) given by generators and relations. In this case for any element of H one can produce its... |

6 |
Cryptanalysis of a provable secure additive and multiplicative privacy homomorphism
- Bao
(Show Context)
Citation Context ... in this direction. In particular, we mention the cryptosystem from [7] based on a homomorphism from the direct sum of rings isomorphic Z. A finite version of this system [8] was 3recently broken in =-=[1]-=-. As the second main result of this paper we present a homomorphic public-key cryptosystem over a finite commutative ring (for details see Section 3). Before formulating it we recall that any finite c... |

5 | Public-key cryptography and invariant theory
- Grigoriev
(Show Context)
Citation Context |

5 |
bounds on generic algorithms
- Maurer, Wolf, et al.
- 1998
(Show Context)
Citation Context |

4 |
Dense probabilistic encryption, First Ann
- Benaloh
- 1994
(Show Context)
Citation Context |

4 |
A New Public-Key Cryptosystem as Secure as
- Okamoto, Uchiyama
- 1998
(Show Context)
Citation Context ...c in the sense of Definition 1.1 because condition (H3) of it does not hold. (In particular, since jGjsjHj 2 , one can inverse P in a polynomial time in jHj.) By the same reason the cryptosystem from =-=[17]-=- over H = Z + p with respect to the homomorphism f : G ! H where G = Z p 2 q and ker(f) = fg pq : g 2 Gg (here the integers p; q are distinct large primes of the same size) is also not homomorphic (be... |

4 |
Algebraisch homomorphe Kryptosysteme
- Rappe
- 2000
(Show Context)
Citation Context |

3 |
Sánchez del Castillo, “An implementable scheme for secure delegation of statistical data
- Domingo-Ferrer, Ricardo
- 1997
(Show Context)
Citation Context ...Using such a cryptosystem one can efficiently implement a secret computation given by any circuit over the structure H. Some other applications of homomorphic public-key cryptosystems can be found in =-=[3, 8, 9, 27]-=-. We mention also that the group theory is a source of constructions (apart from homomorphic cryptosystems) in the cryptography, see e.g. [13, 16, 20, 21, 23]. It is well known that any boolean circui... |

1 |
Public-key cryptosystems and invariant theory
- Grigoriev
(Show Context)
Citation Context ...morphic public-key cryptosystems can be found in [3, 8, 9, 27]. We mention also that the group theory is a source of constructions (apart from homomorphic cryptosystems) in the cryptography, see e.g. =-=[13, 16, 20, 21, 23]-=-. It is well known that any boolean circuit of logarithmic depth can be efficiently simulated by a circuit over an arbitrary finite nonsolvable group, see [2] (another approach to encrypting boolean c... |

1 |
On data banks and privacy homomorphisms, Found. of Secure Computations
- Rivest, Adleman, et al.
- 1978
(Show Context)
Citation Context ... designed for the first time over finite commutative rings. 1 Introduction 1.1. The problem of constructing reliable cryptosystems for secret computations had been extensively studied last years (see =-=[3, 5, 10, 14, 26]-=-). Generally, it consists in encryption of a circuit over an algebraic structure H (e.g. group, ring, etc.). One of possible approaches to it is to find a publically known algebraic structure G and a ... |