Consider the following problem in secure multiparty computation: Alice and Bob possess integers x and y respectively. Charlie is a researcher who would like to compute the value of some function f(x,y). The requirement is that Charlie should not gain any knowledge about x and y other than that which can be obtained from the function itself. Moreover, Alice and Bob do not trust each other and should not gain knowledge about each other's data. This paper contains initial work on a methodology to enable such secure function evaluation using additive and multiplicative homomorphisms as cryptographic primitives instead of oblivious transfer. It is shown that Charlie can compute the encrypted value of any polynomial in x and y. We present two secure function evaluation protocols for semi-honest participants that can be extended to polynomial functions of an arbitrary number of variables.
展开▼
