What is it about?
Morillo and Obrador (PST 2013) proposed three VC schemes for outsourcing the computation of polynomial functions and claimed that all schemes are secure under the decisional subgroup membership assumption and their third scheme keeps the client’s input private under the square root assumption. In this paper, we show that the verifiable computation schemes of Morillo and Obrador provide no security or input privacy, In particular, a curious server can extract the client’s input x in their third scheme, if the x is not too large.
Featured Image
Why is it important?
Our results show all the Morillo-Obrador schemes are not secure under the decisional subgroup membership assumption, and their third scheme cannot keep the client’s input private under the square root assumption. And it also gives a kind reminders to the other researchers that the verification of a polynomial delegation should not be completely independent of the client’s function input.
Perspectives
I hope this article can give some reminders to the other researchers when developing a polynomial delegation schemes. And it is an opening and interesting problem to fix the broken schemes without weakening the improved efficiency of verification.
Shuaijianni Xu
ShanghaiTech University
Read the Original
This page is a summary of: Cryptanalysis of Morillo-Obrador Polynomial Delegation Schemes , IET Information Security, November 2017, the Institution of Engineering and Technology (the IET),
DOI: 10.1049/iet-ifs.2017.0259.
You can read the full text:
Contributors
The following have contributed to this page
