IEEE Access (Jan 2021)
(Server-Aided) Two-Party Multiplication of Encrypted Shares Using (<italic>k, n</italic>) Threshold Secret Sharing With <italic>N ≥ k</italic> Servers
Abstract
Two-party computation allows two clients to jointly compute an arbitrary function of their inputs without revealing these inputs to each other. In this study, we adopt a server-aided model, in which a set of computing servers performs computation using the inputs of two clients. In the (k, $n$ ) threshold secret sharing scheme, input $s$ is divided into $n$ shares and can be recovered from $k$ shares, where $k$ is a threshold. Typically, the multiplication of shares increases the polynomial’s degree from $(k-1)$ to $(2k-2)$ , thus increasing the number of shares required from $k$ to $2k-1$ . Because each server typically holds only one share, the number of servers required also increases to $2k-1$ . Therefore, a set of $n$ servers can compute multiplication securely only if the adversary corrupts at most $k-1 < n/2$ servers. In this study, we differentiate ${N}$ , which is the number of required servers, and ${n}$ , which is the parameter of the (k, $n$ ) threshold secret sharing scheme. We propose a method of multiplication by using only $N\ge k$ servers. This is implemented by sending two shares of the same input to each server. In a “normal” method, sending multiple shares to one server violates security because $k$ shares can be leaked from $k-1$ servers. We overcome this by implementing a different functionality, where each share is first encrypted with a different random number (encrypted share) before being sent to a server. Instead of the “normal shares” of ab, our protocol computes the encrypted shares of ab using the encrypted shares of $a$ and $b$ . We show that the proposed method is secure against a non-colluding semi-honest adversary. Moreover, we implement our method in MATLAB and show its efficiency.
Keywords
