Private Function Evaluation: Improvements and Applications

In the problem of two-party private function evaluation (PFE), one party P_A possesses a private function f and (optionally) a private input x_A, while the other party P_B holds a private input x_B. Their goal is to compute f(x_A, x_B) for one or both parties while no other information beyond f(x_A, x_B) is revealed. Two-party PFE has great potential to solve dilemmas existing in many real-world scenarios. For example, a traditional enterprise holds a private dataset and needs a corresponding algorithm to process it, while an algorithm-driven company possesses the algorithm but treats it as confidential. Another example is for a data trading scenario: A data seller intends to sell an evaluation result derived from her dataset rather than the entire dataset at once, while the data buyer wants to hide his evaluation done on the dataset. A two-party PFE protocol can easily solve these dilemmas. This thesis revisits the two-party PFE problem. Based on the private function f, two-party PFE problems can be divided into two categories. One considers f as arbitrary functions, while the other considers f as limited classes of functions, \eg low-depth circuits and polynomials. Our major contributions categorized according to the function f are summarized as follows. 1. Considering f as an arbitrary function, we propose the first constant-round actively secure PFE protocol with linear complexity. Based on this result, we further provide the first constant-round publicly verifiable covertly (PVC) secure PFE protocol with linear complexity to gain better efficiency. In our constructions, as a by-product, we design a specific protocol for proving that a list of ElGamal ciphertexts is derived from an extended permutation performed on a given list of elements, which may be of independent interest. In addition, a reusability property is added to our two PFE protocols. Namely, if the same function f is involved in multiple protocol executions between P_A and P_B, the protocol could be executed more efficiently from the second execution. Moreover, we further extend this property to be global, such that it supports multiple executions for the same f in a reusable fashion between P_A and arbitrary parties playing the role of P_B. 2. Aiming at practical data trading scenarios, we introduce a specified concept of PFE, namely blind polynomial evaluation. Here, f is an arbitrary function that can be represented as a multivariate polynomial. We provide a generic construction and an instantiated blind polynomial evaluation protocol via an approach of switching the homomorphic encryption schemes of ciphertexts. Then to improve the efficiency of our protocol, we also introduce an improved zero-knowledge protocol for multi-exponentiation with encrypted bases. Finally, we combine our protocol with the blockchain paradigm to obtain a practical data trading framework.

[1] Y. Liu, Q. Wang, and S. Yiu. “Making Private Function Evaluation Safer, Faster, and Simpler”. In: Public-Key Cryptography - PKC 2022 - 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, VirtualEvent, March 8-11, 2022, Proceedings, Part I. Ed. by G. Hanaoka, J. Shikata, and Y. Watanabe. Vol. 13177. Lecture Notes in Computer Science. Springer, 2022, pp. 349–378.
[2] Y. Liu, Q. Wang, and S. Yiu. “Improved Zero-Knowledge Argument of Encrypted Extended Permutation”. In: Information Security and Cryptology - 17th International Conference, Inscrypt 2021, Virtual Event, August 12-14, 2021, Revised Selected Papers. Ed. by Y. Yu and M. Yung. Vol. 13007. Lecture Notes in Computer Science. Springer, 2021, pp. 281–298.
[3] Y. Liu, Q. Wang, and S.-M. Yiu. “Blind Polynomial Evaluation and Data Trading”. In: Applied Cryptography and Network Security - 19th International Conference, ACNS 2021, Kamakura, Japan, June 21-24, 2021. Lecture Notes in ComputerScience. Springer, 2021.
[4] Y. Liu, Q. Wang, and S. Yiu. “An Improvement of Multi-exponentiation with Encrypted Bases Argument: Smaller and Faster”. In: Information Security and Cryptology - 16th International Conference, Inscrypt 2020, Guangzhou, China, December 11-14, 2020, Revised Selected Papers. Ed. by Y. Wu and M. Yung. Vol. 12612. Lecture Notes in Computer Science. Springer, 2020, pp. 397–414.
[5] Y. Liu, Q. Wang, and S. Yiu. “Towards Practical Homomorphic Time-Lock Puzzles: Applicability and Verifiability”. In: Computer Security - ESORICS 2022 - 27th European Symposium on Research in Computer Security, Copenhagen, Denmark,September 26-30, 2022, Proceedings, Part I. Ed. by V. Atluri, R. D. Pietro, C. D. Jensen, and W. Meng. Vol. 13554. Lecture Notes in Computer Science. Springer, 2022, pp. 424–443.
[6] C. Gentry. “Fully homomorphic encryption using ideal lattices”. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda,MD, USA, May 31 - June 2, 2009. Ed. by M. Mitzenmacher. ACM, 2009, pp. 169–178. isbn: 978-1-60558-506-2.
[7] M. Abadi and J. Feigenbaum. “Secure Circuit Evaluation”. In: J. Cryptol. 2.1 (1990), pp. 1–12.
[8] Y. Chang and C. Lu. “Oblivious polynomial evaluation and oblivious neural learning”. In: Theor. Comput. Sci. 341.1-3 (2005), pp. 39–54.
[9] M. Naor and B. Pinkas. “Oblivious Polynomial Evaluation”. In: SIAM J. Comput. 35.5 (2006), pp. 1254–1281.
[10] T. Sander, A. L. Young, and M. Yung. “Non-Interactive CryptoComputing For NC1”. In: 40th Annual Symposium on Foundations of Computer Science, FOCS’99, 17-18 October, 1999, New York, NY, USA. IEEE Computer Society, 1999, pp. 554–567.
[11] L. G. Valiant. “Universal Circuits (Preliminary Report)”. In: Proceedings of the 8th Annual ACM Symposium on Theory of Computing, May 3-5, 1976, Hershey,Pennsylvania, USA. Ed. by A. K. Chandra, D. Wotschke, E. P. Friedman, and M. A. Harrison. ACM, 1976, pp. 196–203.
[12] V. Kolesnikov and T. Schneider. “A Practical Universal Circuit Construction and Secure Evaluation of Private Functions”. In: Financial Cryptography and Data Security, 12th International Conference, FC 2008, Cozumel, Mexico, January 28-31, 2008, Revised Selected Papers. Ed. by G. Tsudik. Vol. 5143. Lecture Notes in Computer Science. Springer, 2008, pp. 83–97.
[13] Á. Kiss and T. Schneider. “Valiant’s Universal Circuit is Practical”. In: Advances in Cryptology - EUROCRYPT 2016 - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I. Ed. by M. Fischlin and J. Coron. Vol. 9665. Lecture Notes in Computer Science. Springer, 2016, pp. 699–728.
[14] H. Lipmaa, P. Mohassel, and S. S. Sadeghian. “Valiant’s Universal Circuit: Improvements, Implementation, and Applications”. In: IACR Cryptol. ePrint Arch.2016 (2016), p. 17. url: http://eprint.iacr.org/2016/017.
[15] D. Günther, Á. Kiss, and T. Schneider. “More Efficient Universal Circuit Constructions”. In: Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part II. Ed. by T. Takagi and T. Peyrin. Vol. 10625. Lecture Notes in Computer Science. Springer, 2017, pp. 443–470.
[16] S. Zhao, Y. Yu, J. Zhang, and H. Liu. “Valiant’s Universal Circuits Revisited: An Overall Improvement and a Lower Bound”. In: Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application ofCryptology and Information Security, Kobe, Japan, December 8-12, 2019, Proceedings, Part I. Ed. by S. D. Galbraith and S. Moriai. Vol. 11921. Lecture Notes in Computer Science. Springer, 2019, pp. 401–425. isbn: 978-3-030-34577-8.
[17] M. Y. Alhassan, D. Günther, Á. Kiss, and T. Schneider. “Efficient and Scalable Universal Circuits”. In: J. Cryptol. 33.3 (2020), pp. 1216–1271.
[18] H. Liu, Y. Yu, S. Zhao, J. Zhang, W. Liu, and Z. Hu. “Pushing the Limits of Valiant’s Universal Circuits: Simpler, Tighter and More Compact”. In: Advances in Cryptology - CRYPTO 2021 - 41st Annual International Cryptology Conference,CRYPTO 2021, Virtual Event, August 16-20, 2021, Proceedings, Part II. Ed. by T. Malkin and C. Peikert. Vol. 12826. Lecture Notes in Computer Science. Springer, 2021, pp. 365–394
[19] A. C. Yao. “How to Generate and Exchange Secrets (Extended Abstract)”. In: 27th Annual Symposium on Foundations of Computer Science, Toronto, Canada, 27-29 October 1986. IEEE Computer Society, 1986, pp. 162–167. isbn: 0-8186-0740-8.
[20] Y. Lindell and B. Pinkas. “A Proof of Security of Yao’s Protocol for Two-Party Computation”. In: J. Cryptol. 22.2 (2009), pp. 161–188.
[21] J. Katz and L. Malka. “Constant-Round Private Function Evaluation with Linear Complexity”. In: Advances in Cryptology - ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security,Seoul, South Korea, December 4-8, 2011. Proceedings. Ed. by D. H. Lee and X. Wang. Vol. 7073. Lecture Notes in Computer Science. Springer, 2011, pp. 556–571.
[22] M. Holz, Á. Kiss, D. Rathee, and T. Schneider. “Linear-Complexity Private Function Evaluation is Practical”. In: Computer Security - ESORICS 2020 - 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford,UK, September 14-18, 2020, Proceedings, Part II. Ed. by L. Chen, N. Li, K. Liang, and S. A. Schneider. Vol. 12309. Lecture Notes in Computer Science. Springer, 2020, pp. 401–420.
[23] P. Mohassel and S. S. Sadeghian. “How to Hide Circuits in MPC an Efficient Framework for Private Function Evaluation”. In: Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications ofCryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings. Ed. by T. Johansson and P. Q. Nguyen. Vol. 7881. Lecture Notes in Computer Science. Springer, 2013, pp. 557–574.
[24] M. A. Bingöl, O. Biçer, M. S. Kiraz, and A. Levi. “An Efficient 2-Party Private Function Evaluation Protocol Based on Half Gates”. In: Comput. J. 62.4 (2019), pp. 598–613.
[25] O. Biçer, M. A. Bingöl, M. S. Kiraz, and A. Levi. “Highly Efficient and ReExecutable Private Function Evaluation With Linear Complexity”. In: IEEE Trans. Dependable Secur. Comput. 19.2 (2022), pp. 835–847.
[26] P. Mohassel, S. S. Sadeghian, and N. P. Smart. “Actively Secure Private Function Evaluation”. In: Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings, Part II. Ed. by P. Sarkar and T. Iwata. Vol. 8874. Lecture Notes in Computer Science. Springer, 2014, pp. 486–505.
[27] Y. Aumann and Y. Lindell. “Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries”. In: J. Cryptol. 23.2 (2010), pp. 281–343.
[28] G. Asharov and C. Orlandi. “Calling Out Cheaters: Covert Security with Public Verifiability”. In: Advances in Cryptology - ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012. Proceedings. Ed. by X. Wang and K. Sako. Vol. 7658. Lecture Notes in Computer Science. Springer, 2012, pp. 681–698.
[29] V. Kolesnikov and A. J. Malozemoff. “Public Verifiability in the Covert Model (Almost) for Free”. In: Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and InformationSecurity, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II. Ed. by T. Iwata and J. H. Cheon. Vol. 9453. Lecture Notes in Computer Science. Springer, 2015, pp. 210–235.
[30] C. Hong, J. Katz, V. Kolesnikov, W. Lu, and X. Wang. “Covert Security with Public Verifiability: Faster, Leaner, and Simpler”. In: Advances in Cryptology - EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19-23, 2019, Proceedings, Part III. Ed. by Y. Ishai and V. Rijmen. Vol. 11478. Lecture Notes in Computer Science. Springer, 2019, pp. 97–121.
[31] I. Damgård, C. Orlandi, and M. Simkin. “Black-Box Transformations from Passive to Covert Security with Public Verifiability”. In: Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part II. Ed. by D. Micciancio and T. Ristenpart. Vol. 12171. Lecture Notes in Computer Science. Springer, 2020, pp. 647–676.
[32] S. Faust, C. Hazay, D. Kretzler, and B. Schlosser. “Generic Compiler for Publicly Verifiable Covert Multi-Party Computation”. In: Advances in Cryptology - EUROCRYPT 2021 - 40th Annual International Conference on the Theory andApplications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part II. Ed. by A. Canteaut and F. Standaert. Vol. 12697. Lecture Notes in Computer Science. Springer, 2021, pp. 782–811.
[33] P. Scholl, M. Simkin, and L. Siniscalchi. “Multiparty Computation with Covert Security and Public Verifiability”. In: IACR Cryptol. ePrint Arch. 2021 (2021), p. 366. url: https://eprint.iacr.org/2021/366.
[34] R. Zhu, C. Ding, and Y. Huang. “Efficient Publicly Verifiable 2PC over a Blockchain with Applications to Financially-Secure Computations”. In: Proceedings of the2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019. Ed. by L. Cavallaro, J. Kinder, X. Wang, and J. Katz. ACM, 2019, pp. 633–650.
[35] S. Faust, C. Hazay, D. Kretzler, and B. Schlosser. “Financially Backed Covert Security”. In: Public-Key Cryptography - PKC 2022 - 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Virtual Event, March 8-11, 2022, Proceedings, Part II. Ed. by G. Hanaoka, J. Shikata, and Y. Watanabe. Vol. 13178. Lecture Notes in Computer Science. Springer, 2022, pp. 99–129.
[36] T. E. Gamal. “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”. In: Advances in Cryptology, Proceedings of CRYPTO ’84,Santa Barbara, California, USA, August 19-22, 1984, Proceedings. Ed. by G. R. Blakley and D. Chaum. Vol. 196. Lecture Notes in Computer Science. Springer, 1984, pp. 10–18. isbn: 3-540-15658-5.
[37] P. Paillier. “Public-Key Cryptosystems Based on Composite Degree Residuosity Classes”. In: Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, CzechRepublic, May 2-6, 1999, Proceeding. Ed. by J. Stern. Vol. 1592. Lecture Notes in Computer Science. Springer, 1999, pp. 223–238. isbn: 3-540-65889-0.
[38] T. Tassa, A. Jarrous, and Y. Ben-Ya’akov. “Oblivious evaluation of multivariate polynomials”. In: J. Mathematical Cryptology 7.1 (2013), pp. 1–29.
[39] G. Couteau, T. Peters, and D. Pointcheval. “Encryption Switching Protocols”. In: Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I. Ed. by M. Robshaw and J. Katz. Vol. 9814. Lecture Notes in Computer Science. Springer, 2016, pp. 308–338. isbn: 978-3-662-53017-7.
[40] G. Castagnos, L. Imbert, and F. Laguillaumie. “Encryption Switching Protocols Revisited: Switching Modulo p”. In: Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings, Part I. Ed. by J. Katz and H. Shacham. Vol. 10401. Lecture Notes in Computer Science. Springer, 2017, pp. 255–287. isbn: 978-3-319-63687-0.
[41] G. Couteau, T. Peters, and D. Pointcheval. “Secure Distributed Computation on Private Inputs”. In: Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers. Ed. by J. García-Alfaro, E. Kranakis, and G. Bonfante. Vol. 9482. Lecture Notes in Computer Science. Springer, 2015, pp. 14–26.
[42] S. Nakamoto et al. “Bitcoin: A peer-to-peer electronic cash system”. In: (2008).
[43] G. Wood et al. “Ethereum: A secure decentralised generalised transaction ledger”. In: Ethereum project yellow paper 151.2014 (2014), pp. 1–32.
[44] R. Cleve. “Limits on the Security of Coin Flips when Half the Processors Are Faulty (Extended Abstract)”. In: Proceedings of the 18th Annual ACM Symposiumon Theory of Computing, May 28-30, 1986, Berkeley, California, USA. Ed. by J. Hartmanis. ACM, 1986, pp. 364–369. isbn: 0-89791-193-8.
[45] I. Bentov and R. Kumaresan. “How to Use Bitcoin to Design Fair Protocols”. In: Advances in Cryptology - CRYPTO 2014 - 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part II. Ed. by J. A. Garay and R. Gennaro. Vol. 8617. Lecture Notes in Computer Science. Springer, 2014, pp. 421–439. isbn: 978-3-662-44380-4.
[46] M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. “Secure Multiparty Computations on Bitcoin”. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, 2014, pp. 443–458. isbn: 978-1-4799-4686-0.
[47] R. Kumaresan, V. Vaikuntanathan, and P. N. Vasudevan. “Improvements to Secure Computation with Penalties”. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. Ed. by E. R. Weippl, S. Katzenbeisser, C. Kruegel, A. C. Myers, and S. Halevi. ACM, 2016, pp. 406–417. isbn: 978-1-4503-4139-4.
[48] S. Delgado-Segura, C. Pérez-Solà, G. Navarro-Arribas, and J. Herrera-Joancomartí.“A Fair Protocol for Data Trading Based on Bitcoin Transactions”. In: Future Generation Computer Systems (2017). issn: 0167-739X.
[49] S. Dziembowski, L. Eckey, and S. Faust. “FairSwap: How To Fairly Exchange Digital Goods”. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19,2018. Ed. by D. Lie, M. Mannan, M. Backes, and X. Wang. ACM, 2018, pp. 967–984. isbn: 978-1-4503-5693-0.
[50] L. Eckey, S. Faust, and B. Schlosser. “OptiSwap: Fast Optimistic Fair Exchange”. In: ASIA CCS ’20: The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, October 5-9, 2020. Ed. by H. Sun, S. Shieh,G. Gu, and G. Ateniese. ACM, 2020, pp. 543–557.
[51] Y. Lu, Q. Tang, and G. Wang. “ZebraLancer: Private and Anonymous Crowdsourcing System atop Open Blockchain”. In: 38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018, Vienna, Austria, July 2-6, 2018.IEEE Computer Society, 2018, pp. 853–865.
[52] V. Koutsos, D. Papadopoulos, D. Chatzopoulos, S. Tarkoma, and P. Hui. “Agora: A Privacy-aware Data Marketplace”. In: 40th IEEE International Conference on Distributed Computing Systems, ICDCS 2020, Singapore, November 29 - December1, 2020. IEEE, 2020, pp. 1211–1212.
[53] Y. Lu, Q. Tang, and G. Wang. “Dragoon: Private Decentralized HITs Made Practical”. In: 40th IEEE International Conference on Distributed Computing Systems, ICDCS 2020, Singapore, November 29 - December 1, 2020. IEEE, 2020, pp. 910–920.
[54] M. Naor and O. Reingold. “Number-theoretic constructions of efficient pseudorandom functions”. In: J. ACM 51.2 (2004), pp. 231–262.
[55] O. Goldreich. The Foundations of Cryptography - Volume 2: Basic Applications. Cambridge University Press, 2004. isbn: 0-521-83084-2.
[56] C. Hazay and Y. Lindell. Efficient Secure Two-Party Protocols - Techniques and Constructions. Information Security and Cryptography. Springer, 2010. isbn: 978-3-642-14302-1.
[57] A. Fiat and A. Shamir. “How to Prove Yourself: Practical Solutions to Identification and Signature Problems”. In: Advances in Cryptology - CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings. Ed. by A. M. Odlyzko. Vol. 263.Lecture Notes in Computer Science. Springer, 1986, pp. 186–194.
[58] M. Bellare, V. T. Hoang, and P. Rogaway. “Foundations of garbled circuits”. In: the ACM Conference on Computer and Communications Security, CCS’12, Raleigh, NC, USA, October 16-18, 2012. Ed. by T. Yu, G. Danezis, and V. D. Gligor. ACM, 2012, pp. 784–796. NC, USA, October 16-18, 2012. Ed. by T. Yu, G. Danezis, and V. D. Gligor. ACM, 2012, pp. 784–796.
[59] S. Goldwasser and S. Micali. “Probabilistic Encryption”. In: J. Comput. Syst. Sci. 28.2 (1984), pp. 270–299.
[60] D. Beaver, S. Micali, and P. Rogaway. “The Round Complexity of Secure Protocols (Extended Abstract)”. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, May 13-17, 1990, Baltimore, Maryland, USA. Ed. by H.Ortiz. ACM, 1990, pp. 503–513.
[61] R. Canetti, P. Sarkar, and X. Wang. “Blazing Fast OT for Three-Round UC OT Extension”. In: Public-Key Cryptography - PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Edinburgh, UK, May 4-7, 2020, Proceedings, Part II. Ed. by A. Kiayias, M. Kohlweiss, P. Wallden, and V. Zikas. Vol. 12111. Lecture Notes in Computer Science. Springer, 2020, pp. 299–327.
[62] M. Keller, E. Orsini, and P. Scholl. “Actively Secure OT Extension with Optimal Overhead”. In: Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, PartI. Ed. by R. Gennaro and M. Robshaw. Vol. 9215. Lecture Notes in Computer Science. Springer, 2015, pp. 724–741.
[63] D. Chaum and T. P. Pedersen. “Wallet Databases with Observers”. In: Advances in Cryptology - CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings. Ed. by E. F. Brickell. Vol. 740. Lecture Notes in Computer Science. Springer, 1992, pp. 89–105.
[64] Y. Lindell and B. Pinkas. “An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries”. In: Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings. Ed. by M. Naor. Vol. 4515. Lecture Notes in Computer Science. Springer, 2007, pp. 52–78.
[65] S. Bayer and J. Groth. “Efficient Zero-Knowledge Argument for Correctness of a Shuffle”. In: Advances in Cryptology - EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques,Cambridge, UK, April 15-19, 2012. Proceedings. Ed. by D. Pointcheval and T. Johansson. Vol. 7237. Lecture Notes in Computer Science. Springer, 2012, pp. 263–280. isbn: 978-3-642-29010-7.
[66] J. Bootle, A. Cerulli, P. Chaidos, J. Groth, and C. Petit. “Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting”. In: Advances in Cryptology - EUROCRYPT 2016 - 35th Annual International Conference on theTheory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part II. Ed. by M. Fischlin and J. Coron. Vol. 9666. Lecture Notes in Computer Science. Springer, 2016, pp. 327–357.
[67] T. P. Pedersen. “Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing”. In: Advances in Cryptology - CRYPTO ’91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15,1991, Proceedings. Ed. by J. Feigenbaum. Vol. 576. Lecture Notes in Computer Science. Springer, 1991, pp. 129–140. isbn: 3-540-55188-3.
[68] B. Bünz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell. “Bulletproofs: Short Proofs for Confidential Transactions and More”. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, SanFrancisco, California, USA. IEEE Computer Society, 2018, pp. 315–334.
[69] J. Thaler. Proofs, Arguments, and Zero-Knowledge. Version January 23, 2021. http://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.pdf. 2021.
[70] O. Goldreich and A. Kahan. “How to Construct Constant-Round Zero-Knowledge Proof Systems for NP”. In: J. Cryptol. 9.3 (1996), pp. 167–190.
[71] C. Dwork. “Differential Privacy”. In: Automata, Languages and Programming, 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II. Ed. by M. Bugliesi, B. Preneel, V. Sassone, and I. Wegener. Vol. 4052.Lecture Notes in Computer Science. Springer, 2006, pp. 1–12.
[72] I. Damgård, M. Jurik, and J. B. Nielsen. “A generalization of Paillier’s publickey system with applications to electronic voting”. In: Int. J. Inf. Sec. 9.6 (2010), pp. 371–385.
[73] J. Groth. “A Verifiable Secret Shuffle of Homomorphic Encryptions”. In: J. Cryptology 23.4 (2010), pp. 546–579.
[74] V. Shoup. NTL: A library for doing number theory. url: http://www.shoup. net/ntl.