Efficient Secure Two-Party Exponentiation

We present a new framework to design secure two-party computation protocols for exponentiation over integers and over Z(Q) where Q is a publicly-known prime. Using our framework, we realize efficient protocols in the semi-honest setting. Assuming the base is non-zero, and the exponent is at roost Q/2 for the Z(Q) case, our protocols consist of at most 5 rounds (each party sending 5 messages) and the total communication consists of a small constant number (<= 18) of encrypted/encoded elements in Z(Q). Without these assumptions, our protocols are still more efficient than a protocol recently proposed by Damgard et al. in TCC 2006 (24 vs. > 114 rounds, approximate to 279l + 12t for an error rate of 2(-t) vs. > 110l log l secure multiplications, where l is the bit length of the shares).Our protocols are constructed from different instantiations of Our framework with different assumptions (homomorphic encryption or oblivious transfers) to achieve different advantages. Our key idea is to exploit the properties of both additive and multiplicative secret sharing. We also propose efficient transformation protocols between these sharings, which might be of independent interest.