#StackBounty: #encryption #protocol-design #provable-security #protocol-analysis #security-definition Security Proof for a protocol in …

Bounty: 100

An example of a security protocol

This protocol is designed in the semi-honest model. Two parties encrypt their input and send it to the cloud. Cloud will perform computation using a homomorphic encryption and send the result to P2. Afterward, P2 sends its computed value to P1, and finally, P1 will obtain the output.

Note: Output ($S$) is the number of zeros among these values $D_z(R_1),D_z(R_2),D_z(F)$.

Note: Cloud does not know anything about the parties inputs and output, and it just computes on encrypted data and send the result to the P2.

Note: P2 sends $z_2$ to P1 via a secure channel and then P1 computes the private key $z=z1*z2$.

In the case of a guaranteed honest majority, I am going to prove the security of the protocol using the real ideal model just as below(I have tried to construct the real views according to the Hazay-Lindell’s book-page 21):

Case1: P2 is corrupted

$VIEW^Pi_{P_2}$=${I_2,r,y_2,x_2,z_2,Enc_K(F)}$, $r$ is used in the $E_Y$ process.

Case2: P1 is corrupted

$VIEW^Pi_{P_1}$=${I_1,r,y_1,x_1,z_1,z_2,R_1,R_2,F}$, $r$ is used in the $E_Y$ process.

Case3: Cloud is corrupted


Question1: Are the real views, which I have shown in three cases, correct? Should I consider the cases where (P1, P2), (P1, Cloud) and (P2, Cloud) are corrupted, too?

Question2: Would you please tell me how the simulator in the ideal world should simulate in each case? (Please, explain the trickiest part of each case that I should consider it in my proving)

Question3: How does the simulator simulate value $Enc_K(F)$ received from the cloud? ($Enc_K$ is a symmetric encryption)

Question4: How does the simulator show the correctness in each case?

enter image description here

Details of the homomorphic Encryption used in the protocol


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.