Evaluating 2-DNF Formulas on Ciphertexts

  • Dan Boneh
  • Eu-Jin Goh
  • Kobbi Nissim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


Let ψ be a 2-DNF formula on boolean variables x 1,...,x n ∈ {0,1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x 1,...,x n . In other words, given the encryption of the bits x 1,...,x n , anyone can create the encryption of ψ(x 1,...,x n ). More generally, we can evaluate quadratic multi-variate polynomials on ciphertexts provided the resulting value falls within a small set. We present a number of applications of the system:

  1. 1

    In a database of size n, the total communication in the basic step of the Kushilevitz-Ostrovsky PIR protocol is reduced from \(\sqrt{n}\) to \(\sqrt[3]{n}\).

  2. 2

    An efficient election system based on homomorphic encryption where voters do not need to include non-interactive zero knowledge proofs that their ballots are valid. The election system is proved secure without random oracles but still efficient.

  3. 3

    A protocol for universally verifiable computation.



Encryption Scheme Random Oracle Homomorphic Encryption Message Space Private Information Retrieval 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Garay, J., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Benaloh, J.: Verifiable Secret-Ballot Elections. PhD thesis, Yale University (1987)Google Scholar
  3. 3.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. SIAM Journal of Computing 32(3), 586–615 (2003); Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–615. Springer, Heidelberg (2001)Google Scholar
  4. 4.
    Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. In: Topics in Algebraic and Noncommutative Geometry. Contemporary Mathematics, vol. 324. American Mathematical Society, Providence (2003)Google Scholar
  5. 5.
    Cachin, C., Camenisch, J., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 512–523. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: 36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin, October 23–25, pp. 41–50. IEEE, Los Alamitos (1995)Google Scholar
  7. 7.
    Cohen, J., Fischer, M.: A robust and verifiable cryptographically secure election scheme. In: Proceedings of 26th IEEE Symposium on Foundations of Computer Science, pp. 372–382 (1985)Google Scholar
  8. 8.
    Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996)Google Scholar
  9. 9.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. European Transactions on Telecommunications 8(5), 481–490 (1997)CrossRefGoogle Scholar
  10. 10.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  13. 13.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. Journal of Computer and System Sciences 60(3), 592–629 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Goldreich, O.: The Foundations of Cryptography, vol. 2. Cambridge University Press, Cambridge (2004)CrossRefGoogle Scholar
  16. 16.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, Toronto, Ontario, Canada, October 27–29, pp. 174–187. IEEE, Los Alamitos (1986)Google Scholar
  17. 17.
    Goldwasser, S., Micali, S.: Probabilistic encryption & how to play mental poker keeping secret all partial information. In: Proceedings of the fourteenth annual ACM symposium on Theory of computing, pp. 365–377. ACM Press, New York (1982)CrossRefGoogle Scholar
  18. 18.
    Jakobsson, M., Juels, A.: Millimix: Mixing in small batches. Technical Report 99-33, Center for Discrete Mathematics and Theoretical Computer Science (DIMACS) (October 1999)Google Scholar
  19. 19.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval (extended abstract). In: 38th Annual Symposium on Foundations of Computer Science, Miami Beach, Florida, October 20–22, pp. 364–373. IEEE, Los Alamitos (1997)CrossRefGoogle Scholar
  21. 21.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  22. 22.
    Miller, V.: Short programs for functions on curves (Unpublished manuscript) (1986)Google Scholar
  23. 23.
    Miller, V.: The Weil pairing, and its efficient calculation. J. of Cryptology 17(4) (2004)Google Scholar
  24. 24.
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  25. 25.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  26. 26.
    Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  27. 27.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  28. 28.
    Rabin, M.: Transaction protection by beacons. Journal of Computer and System Science 27(2), 256–267 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. Foundations of Secure Computation (1978)Google Scholar
  30. 30.
    Sander, T., Young, A., Yung, M.: Non-interactive CryptoComputing for NC 1. In: Proceedings of the 40th Symposium on Foundations of Computer Science (FOCS), New York, NY, USA, october 1999, pp. 554–567. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  31. 31.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  32. 32.
    Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Symposium on Foundations of Computer Science (FOCS), pp. 160–164. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Dan Boneh
    • 1
  • Eu-Jin Goh
    • 1
  • Kobbi Nissim
    • 2
  1. 1.Computer Science DepartmentStanford UniversityStanfordUSA
  2. 2.Department of Computer ScienceBen-Gurion UniversityBeer-ShevaIsrael

Personalised recommendations