snwagh
commented
2 years ago You're right that the algorithm leaks the power of 2 interval of the denominator. However, the important point is this leakage is quantified (notice how the functionalities in Figure 8, 9 are crafted) and thus when composed with other building blocks, the range of divisors of all locations where Algorithm 6 is invoked is leaked but nothing more. The study of whether this leakage is acceptable in a given scenario is not studied in this work.
In the paper, the division protocol a/b shown in Algorithm 6 leaks the range of the divisor b. How to ensure the security of this protocol?