Abstract
Solving linear systems of equations is a universal problem. In the context of secure multiparty computation (MPC), a method to solve such systems, especially for the case in which the rank of the system is unknown and should remain private, is an important building block.
We devise an efficient and data-oblivious algorithm (meaning that the algorithm’s execution time and branching behavior are independent of all secrets) for solving a bounded integral linear system of unknown rank over the rational numbers via the Moore–Penrose pseudoinverse, using finite-field arithmetic. I.e., we compute the Moore–Penrose inverse over a finite field of sufficiently large order, so that we can recover the rational solution from the solution over the finite field. While we have designed the algorithm with an MPC context in mind, it could be valuable also in other contexts where data-obliviousness is required, like secure enclaves in CPUs.
Previous work by Cramer, Kiltz and Padró (CRYPTO 2007) proposes a constant-rounds protocol for computing the Moore–Penrose pseudoinverse over a finite field. The asymptotic complexity (counted as the number of secure multiplications) of their solution is \(O(m^4 + n^2 m)\), where m and n, \(m\le n\), are the dimensions of the linear system. To reduce the number of secure multiplications, we sacrifice the constant-rounds property and propose a protocol for computing the Moore–Penrose pseudoinverse over the rational numbers in a linear number of rounds, requiring only \(O(m^2n)\) secure multiplications.
To obtain the common denominator of the pseudoinverse, required for constructing an integer-representation of the pseudoinverse, we generalize a result by Ben-Israel for computing the squared volume of a matrix. Also, we show how to precondition a symmetric matrix to achieve generic rank profile while preserving symmetry and being able to remove the preconditioner after it has served its purpose. These results may be of independent interest .
Full version of this paper available at https://eprint.iacr.org/2019/470.
N.J. Bouman—work done while at TU Eindhoven, under support from H2020-EU SODA.
N. de Vreede—supported by H2020-EU PRIViLEDGE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A matrix A of rank r has generic rank profile if and only if all upper-left square submatrices of A up to dimension \(r \times r\) are invertible.
- 2.
Rohde [35] actually shows his result for complex matrices, but for our purposes it is more convenient to state his result for real matrices.
- 3.
References
Albert, A.A.: Symmetric and alternate matrices in an arbitrary field, I. Trans. Am. Math. Soc. 43(3), 386–436 (1938)
Bapat, R.B., Rao, K.P.S.B., Prasad, K.M.: Generalized inverses over integral domains. Linear Algebra Appl. 140, 181–196 (1990)
Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In: Proceedings of the 8th Symposium on Principles of Distributed Computing, pp. 201–209. ACM, NY (1989)
Ben-Israel, A.: A volume associated with \(m \times n\) matrices. Linear Algebra Appl. 167, 87–111 (1992)
Ben-Israel, A., Greville, T.N.E.: Generalized Inverses - Theory and Applications. CMS Books in Mathematics, Springer (2003). https://doi.org/10.1007/b97366
Blom, F., Bouman, N.J., Schoenmakers, B., de Vreede, N.: Efficient secure ridge regression from randomized Gaussian elimination. Cryptology ePrint Archive, Report 2019/773 (2019)
Bogdanov, D., Kamm, L., Laur, S., Sokk, V.: Rmind: A tool for cryptographically secure statistical analysis. IEEE Trans. Dependable Sec. Comput. 15(3), 481–495 (2018)
Borodin, A., von zur Gathen, J., Hopcroft, J.: Fast parallel matrix and GCD computations. Inf. Control 52(3), 241–256 (1982)
Boullion, T.L., Odell, P.L.: Generalized Inverse Matrices. Wiley, New York (1971)
Bouman, N.J., de Vreede, N.: New protocols for secure linear algebra: Pivoting-free elimination and fast block-recursive matrix decomposition. Cryptology ePrint Archive, Report 2018/703 (2018)
Chen, L., Eberly, W., Kaltofen, E., Saunders, B.D., Turner, W.J., Villard, G.: Efficient matrix preconditioners for black box linear algebra. Linear Algebra Appl. 343–344, 119–146 (2002)
Cramer, R., Damgård, I.: Secure distributed linear algebra in a constant number of rounds. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 119–136. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_7
Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_19
Cramer, R.J.F., Damgård, I.B., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing: An Information Theoretic Approach. Cambridge University Press, Cambridge (2015)
Cramer, R., Kiltz, E., Padró, C.: A note on secure computation of the moore-penrose pseudoinverse and its application to secure linear algebra. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 613–630. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_34
Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 285–304. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_15
Eberly, W., Kaltofen, E.: On randomized Lanczos algorithms. In: Proceedings of the ISSAC 1997, pp. 176–183. ACM (1997)
Gascón, A., Schoppmann, P., Balle, B., Raykova, M., Doerner, J., Zahur, S., Evans, D.: Privacy-preserving distributed linear regression on high-dimensional data. PoPETs 2017(4), 345–364 (2017)
Greville, T.: Note on the generalized inverse of a matrix product. SIAM Rev. 8(4), 518–521 (1966)
Hartwig, R.E.: The reverse order law revisited. Linear Algebra Appl. 76, 241–246 (1986)
Kaltofen, E., Lobo, A.: On rank properties of Toeplitz matrices over finite fields. In: Proceedings of the ISSAC 1996, pp. 241–249. ACM (1996)
Kaltofen, E., David Saunders, B.: On wiedemann’s method of solving sparse linear systems. In: Mattson, H.F., Mora, T., Rao, T.R.N. (eds.) AAECC 1991. LNCS, vol. 539, pp. 29–38. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-54522-0_93
Kiltz, E., Mohassel, P., Weinreb, E., Franklin, M.: Secure linear algebra using linearly recurrent sequences. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 291–310. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_16
Malaschonok, G.: Fast generalized bruhat decomposition. In: Gerdt, V.P., Koepf, W., Mayr, E.W., Vorozhtsov, E.V. (eds.) CASC 2010. LNCS, vol. 6244, pp. 194–202. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15274-0_16
Marsaglia, G., Styan, G.P.H.: Equalities and inequalities for ranks of matrices. Linear Multilinear Algebra 2(3), 269–292 (1974)
Marsaglia, G., Styan, G.P.H.: Rank conditions for generalized inverses of partitioned matrices. Sankhyā: Indian J. Stat. Ser. A 36, 437–442 (1974)
Mohassel, P., Weinreb, E.: Efficient secure linear algebra in the presence of covert or computationally unbounded adversaries. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 481–496. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_27
Mulmuley, K.: A fast parallel algorithm to compute the rank of a matrix over an arbitrary field. Combinatorica 7(1), 101–104 (1987)
Nikolaenko, V., Weinsberg, U., Ioannidis, S., Joye, M., Boneh, D., Taft, N.: Privacy-preserving ridge regression on hundreds of millions of records. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 334–348. IEEE (2013)
Nishide, T., Ohta, K.: Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 343–360. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_23
Nissim, K., Weinreb, E.: Communication efficient secure linear algebra. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 522–541. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_27
Pearl, M.H.: Generalized inverses of matrices with entries taken from an arbitrary field. Linear Algebra Appl. 1(4), 571–587 (1968)
Rao, C.R.: Linear Statistical Inference and Its Applications. Wiley, New York (1973)
Rao, C.R., Mitra, S.K.: Generalized Inverse of Matrices and Its Applications. Wiley, New York (1971)
Rohde, C.A.: Generalized inverses of partitioned matrices. J. Soc. Ind. Appl. Math. 13(4), 1033–1035 (1965)
Springer, J.: Die exakte Berechnung der Moore-Penrose-Inversen einer Matrix durch Residuenarithmetik. Zeitschrift für Angewandte Mathematik und Mechanik 63(3), 203–210 (1983)
Wang, P.S.: A \(p\)-adic algorithm for univariate partial fractions. In: Proceedings of the SYMSAC 1981, pp. 212–217. ACM (1981)
Acknowledgements
We would like to thank Berry Schoenmakers for interesting discussions and valuable feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bouman, N.J., de Vreede, N. (2020). A Practical Approach to the Secure Computation of the Moore–Penrose Pseudoinverse over the Rationals. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds) Applied Cryptography and Network Security. ACNS 2020. Lecture Notes in Computer Science(), vol 12146. Springer, Cham. https://doi.org/10.1007/978-3-030-57808-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-57808-4_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57807-7
Online ISBN: 978-3-030-57808-4
eBook Packages: Computer ScienceComputer Science (R0)