Secure evaluation of polynomial using privacy ring homomorphisms

Method of secure evaluation of polynomial y = F(x1, ..., xk) over some rings on untrusted computer is proposed. Two models of untrusted computer are considered: passive and active. In passive model untrusted computer correctly computes polynomial F and tries to know secret input (x1, ..., xk) and output y. In active model untrusted computer tries to know input and output and tries to change correct output y so that this change cannot be determined. Secure computation is proposed by using one-time privacy ring homomorphism /n → /n[z]/(f(z)), n = pq, generated by trusted computer. In the case of active model secret check point v = F(u1, ..., uk) is used. Trusted computer generates polynomial f(z) = (z − t)(z + t), t ∈ /n and input Xi(z) ∈ /n[z]/(f(z)) such that Xi(t) ≡ xi (mod n) for passive model, and f(z) = (z − t1)(z − t2)(z − t3), ti ∈ /n and input Xi(z) ∈ /n[z]/(f(z)) such that Xi(t1) ≡ xi (mod n), Xi(t2) ≡ ui (mod n) for active model. Untrusted computer computes function Y(z) = F(X1(z), ..., Xk(z)) in the ring /n[z]/(f(z)). For passive model trusted computer determines secret output y ≡ Y(t) (mod n). For active model trusted computer checks that Y(t2) ≡ v (mod n), then determines correct output y ≡ Y(t1) (mod n).