On Wed, Aug 07, 2013 at 09:26:02AM +0100, Joss Wright wrote:
On Wed, Aug 07, 2013 at 01:09:07AM +0200, Adam Back wrote:
I dont get it. Paillier is additively homomorphic only. (And obviously by implication multiplyable by non-encrypted constants.)
Minor point, but by raising one Paillier ciphertext to the power of another you get multiplication without revealing the factor.
Sorry, I misremembered the homomorphic properties of Paillier. This isn't true.
RSA is multiplicatively homomorphic. And Elgamal additive.
Why is paillier proposed as "might scale homomorphic" the interesting property is dual homomorphic crypto which Gentry and variants provide (but at impractical computational and large space overhead huge). Dual or fully homomorphic is the interesting property because then you can do arbitrary computations (using multiplication as single-bit AND and addition as single-bit OR and building a CPU from gates - still expensive even if the base algorithm was as efficient as Paillier/RSA/Elgamal but interesting).
Also why would they send the "encrypted numbers" to two peers and have them do the encrypted computation? The whole point is its zero-trust secure from the point of view of the client - client encrypts, server does computations on encrypted values, sends encrypted result back to client, client decrypts - and you dont need to trust the server. No need for threshold crypto, having multiple peers do some kind of multi-party computation etc.
Adam
On Tue, Aug 06, 2013 at 08:11:52PM +0200, Eugen Leitl wrote:
----- Forwarded message from dan@geer.org -----
Date: Mon, 05 Aug 2013 14:43:28 -0400 From: dan@geer.org To: cryptography@randombit.net Subject: [cryptography] fwd: Paillier Crypto
http://9ac345a5509a.github.io/p2p-paillier/
This is a form of Homomorphic Encryption that might actually scale, given the right cloud backend. It verges on the spookiness of Quantum.
Support logic that might shed light on the true performance of Paillier.
--dan
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
-- Joss Wright | @JossWright http://www.pseudonymity.net
-- Joss Wright | @JossWright http://www.pseudonymity.net