MyOPE: Malicious securitY for Oblivious Polynomial Evaluation


Séminaire AMAC: CASC

21/06/2023 - 13:30 Paola de Perthuis (ENS et Cosmian) IMAG 106

Oblivious Polynomial Evaluation (OPE) schemes are two-party protocols between a sender with a private polynomial and a receiver with a private evaluation point where the receiver learns the evaluation of the polynomial in her point and no additional information.

MyOPE is a “short-sighted" non-interactive polynomial evaluation scheme with a poly-logarithmic communication complexity in the presence of malicious senders. In addition to strong privacy guarantees, MyOPE enforces honest sender behavior and consistency by adding verifiability to the calculations.

The main building block for this new verifiable OPE is an inner product argument (IPA) over rings that guarantees an inner product relation holds between committed vectors. Our IPA works for vectors with elements from generic rings of polynomials and has constant-size proofs that consist in one commitment while the verification, once the validity of the vector-commitments has been checked, consists is one quadratic equation only.

We further demonstrate the applications of our IPA for verifiable OPE using Fully Homomorphic Encryption (FHE) over rings of polynomials: we prove the correctness of an inner product between the vector of powers of the evaluation point and the vector of polynomial coefficients, along with other inner-products necessary in this application’s proof. MyOPE builds on generic secure encoding techniques for succinct commitments, that allow real-world FHE parameters and Residue Number System (RNS) optimizations, suitable for high-degree polynomials.