[cryptography] Paillier Crypto for homomorphic computation
Adam Back
adam at cypherspace.org
Tue Aug 6 16:09:07 PDT 2013
I dont get it. Paillier is additively homomorphic only. (And obviously by
implication multiplyable by non-encrypted constants.)
RSA is multiplicatively homomorphic. And Elgamal additive.
Why is paillier proposed as "might scale homomorphic" the interesting
property is dual homomorphic crypto which Gentry and variants provide (but
at impractical computational and large space overhead huge). Dual or fully
homomorphic is the interesting property because then you can do arbitrary
computations (using multiplication as single-bit AND and addition as
single-bit OR and building a CPU from gates - still expensive even if the
base algorithm was as efficient as Paillier/RSA/Elgamal but interesting).
Also why would they send the "encrypted numbers" to two peers and have them
do the encrypted computation? The whole point is its zero-trust secure from
the point of view of the client - client encrypts, server does computations
on encrypted values, sends encrypted result back to client, client decrypts
- and you dont need to trust the server. No need for threshold crypto,
having multiple peers do some kind of multi-party computation etc.
Adam
On Tue, Aug 06, 2013 at 08:11:52PM +0200, Eugen Leitl wrote:
>----- Forwarded message from dan at geer.org -----
>
>Date: Mon, 05 Aug 2013 14:43:28 -0400
>From: dan at geer.org
>To: cryptography at randombit.net
>Subject: [cryptography] fwd: Paillier Crypto
>
>
>> http://9ac345a5509a.github.io/p2p-paillier/
>>
>> This is a form of Homomorphic Encryption that might actually scale,
>> given the right cloud backend. It verges on the spookiness of
>> Quantum.
>>
>> Support logic that might shed light on the true performance of
>> Paillier.
>>
>> http://plaintext.crypto.lo.gy/article/658/encounter
>
>
>--dan
>
>_______________________________________________
>cryptography mailing list
>cryptography at randombit.net
>http://lists.randombit.net/mailman/listinfo/cryptography
>
>----- End forwarded message -----
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>______________________________________________________________
>ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
>AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list