How to share a function securely

TL;DR: The primitive of function sharing is defined, a functional analog of secret sharing, and employed to construct novel cryptosystems with improved integrity, availability and security properties and should be contrasted with the model of secure function evaluation protocols.

Abstract: We define the primitive of function sharing, a functional analog of secret sharing, and employ it to construct novel cryptosystems. The basic idea of function sharing is to split a hard to compute (trapdoor) function into shadow functions (or share-functions). The intractable function becomes easy to compute at a given point value when given any threshold (at least t out of i) of shadow functions evaluations at that point. Otherwise, the function remains hard. Furthermore, the function must remain intractable even after exposing up to t— 1 shadow functions and exposing values of all shadow functions at polynomially many inputs. The primitive enables the distribution of the power to perform cryptography (signature, decryption, etc.) to agents. This enables the design of various novel cryptosystems with improved integrity, availability and security properties. Our model should be contrasted with the model of secure function evaluation protocols. We require no channeIs between agents holding the shadow functions, as the agents act non-interactively on a publicly available input. Our security solely relies on secure memories (and results) as in regular cr yptosyst ems. In secure function evaluation, on the other hand, it is necessary to have private/ secured bilateral channels, interactive protocol, and security of all inputs – in addition to secure memories. *Dip. di Informatica ed Applicazioni Universit& di Salerno, Baronissi (SA), Italy. t Dept. of EE&CS, Univ. of Wisconsin Milwaukee, WI. Partially supported by NSF Grant NCR-9106327. $GTE Laboratories Incorporated, Waltham, MA. $IBM T. J. Watson Research Center, Yorktown Heights, NY. Permission to co y without fee all or part of this material is x granted provide that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association of Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. STOC 945/94 Montreal, Quebec, Canada . @ 1994 ACM 0-89791 -663-8194/0005...$3.50