Timeline for Oblivious Decision Making
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 21, 2022 at 18:51 | comment | added | Zarquan | So it is. I'm kicking myself for not knowing that, I must have known it at some point. | |
| Nov 19, 2022 at 12:48 | comment | added | Geoffroy Couteau | (Answering your second to last comment) see the EDIT to my answer: I explain how the parties can compute the XOR on their ciphertexts, using only standard mod n homomorphic operations (additions, multiplications by a constant) plus some interaction. The key trick is that x XOR y is the same as x + y - 2*x*y mod n for any large modulus n, when x and y are bits. | |
| Nov 18, 2022 at 21:32 | comment | added | Zarquan | I will say I didn't fully follow your PET protocol, and I would love to understand it. But your approach of splitting it in to shares then processing it internally between the parties gave me a solution that will work in my context. Thanks! | |
| Nov 18, 2022 at 21:31 | vote | accept | Zarquan | ||
| Nov 18, 2022 at 19:25 | comment | added | Zarquan | So the idea is that the multiple parties check to see if m_1 = n - m_2, and they get bits that can be combined with XOR to get an answer. A couple questions: I thought homomorphic XOR only existed in subgroups of size 2 and that a bitwise XOR required a bitwise representation of the ciphertext. | |
| Nov 18, 2022 at 11:39 | comment | added | Geoffroy Couteau | I wanted to write a comment to clarify exactly how to solve your problem using an equality test in the two-party setting, but it ended up being a bit long for the comment section, so I edited my answer. Feel free to ask if you need further clarification! | |
| Nov 18, 2022 at 11:38 | history | edited | Geoffroy Couteau | CC BY-SA 4.0 | added 1088 characters in body |
| Nov 18, 2022 at 0:43 | comment | added | Zarquan | Ah, I see. I misunderstood a part where you were talking about shares of size Z_2. | |
| Nov 16, 2022 at 10:45 | comment | added | Geoffroy Couteau | No, my paper does not require this at all, it operates on shares over an integer ring, precisely what you get by doing distributed description of a standard additively homomorphic scheme, e.g. Paillier or something similar. I never assume any bitwise sharing and I don't think I mention anything about this setting in the paper. | |
| Nov 14, 2022 at 20:12 | comment | added | Zarquan | Thanks for responding. From what I understood, your paper requires a bit-wise encrypted cipher. Unfortunately, in my larger setting, the ciphertext has gone through a large number of homomorphic operations that make determining a bitwise form of it difficult without decrypting it, which would defeat the purpose. Running these operations with bitwise ciphertexts would be prohibitively expensive. | |
| Nov 12, 2022 at 16:55 | history | answered | Geoffroy Couteau | CC BY-SA 4.0 |