International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: A New Protocol for Conditional Disclosure of Secrets And Its Applications

Sven Laur
Helger Lipmaa
Search ePrint
Search Google
Abstract: Many protocols that are based on homomorphic encryption are private only if a client submits inputs from a limited range $S$. Conditional disclosure of secrets (CDS) helps to overcome this restriction. In a CDS protocol for a set $S$, the client obtains server's secret if and only if the client's inputs belong to $S$ and thus the server can guard itself against malformed queries. We extend the existing CDS protocols to work over additively homomorphic cryptosystems for every set from $NP/poly$. The new construction is modular and easy to apply. As an example, we derive a new oblivious transfer protocol with log-squared communication and a millionaire's protocol with logarithmic communication. We also implement private, universally verifiable and robust multi-candidate electronic voting so that all voters only transmit an encryption of their vote. The only hardness assumption in all these protocols is that the underlying public-key cryptosystem is IND-CPA secure and the plaintext order does not have small factors.
  title={A New Protocol for Conditional Disclosure of Secrets And Its Applications},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols/Conditional disclosure of secrets, crypto-computing, homomorphic encryption, oblivious transfer, two-party computation},
  note={ACNS 2007 13592 received 20 Oct 2005, last revised 20 Mar 2007},
  author={Sven Laur and Helger Lipmaa},