# An example of a security protocol

This protocol is designed in the semi-honest model. Two parties encrypt their input and send it to the cloud. Cloud will perform computation using a homomorphic encryption and send the result to P2. Afterward, P2 sends its computed value to P1, and finally, P1 will obtain the output.

Note: Output (\$S\$) is the number of zeros among these values \$D_z(R_1),D_z(R_2),D_z(F)\$.

Note: Cloud does not know anything about the parties inputs and output, and it just computes on encrypted data and send the result to the P2.

Note: P2 sends \$z_2\$ to P1 via a secure channel and then P1 computes the private key \$z=z1*z2\$.

In the case of a guaranteed honest majority, I am going to prove the security of the protocol using the real ideal model just as below(I have tried to construct the real views according to the Hazay-Lindell’s book-page 21):

Case1: P2 is corrupted

\$VIEW^Pi_{P_2}\$=\${I_2,r,y_2,x_2,z_2,Enc_K(F)}\$, \$r\$ is used in the \$E_Y\$ process.

Case2: P1 is corrupted

\$VIEW^Pi_{P_1}\$=\${I_1,r,y_1,x_1,z_1,z_2,R_1,R_2,F}\$, \$r\$ is used in the \$E_Y\$ process.

Case3: Cloud is corrupted

\$VIEW^Pi_{Cloud}\$=\${r,E_Y(I_2),E_Y(I_1)}\$

Question1: Are the real views, which I have shown in three cases, correct? Should I consider the cases where (P1, P2), (P1, Cloud) and (P2, Cloud) are corrupted, too?

Question2: Would you please tell me how the simulator in the ideal world should simulate in each case? (Please, explain the trickiest part of each case that I should consider it in my proving)

Question3: How does the simulator simulate value \$Enc_K(F)\$ received from the cloud? (\$Enc_K\$ is a symmetric encryption)

Question4: How does the simulator show the correctness in each case?

# Details of the homomorphic Encryption used in the protocol

Get this bounty!!!

This site uses Akismet to reduce spam. Learn how your comment data is processed.