Moni Naor
Kobbi Nissim
ABSTRACT
A secure function evaluation protocol allows two parties to jointly compute a function f(x,y) of their inputs in a manner not leaking more information than necessary. A major result in this field is: “any function f that can be computed using polynomial resources can be computed securely using polynomial resources” (where “resources” refers to communication and computation). This result follows by a general transformation from any circuit for f to a secure protocol that evaluates f. Although the resources used by protocols resulting from this transformation are polynomial in the circuit size, they are much higher (in general) than those required for an insecure computation of f.
We propose a new methodology for designing secure protocols, utilizing the communication complexity tree (or branching program) representation of f. We start with an efficient (insecure) protocol for f and transform it into a secure protocol. In other words, ``any function f that can be computed using communication complexity c can be can be computed securely using communication complexity that is polynomial in c and a security parameter''. We show several simple applications of this new methodology resulting in protocols efficient either in communication or in computation. In particular, we exemplify a protocol for the Millionaires problem, where two participants want to compare their values but reveal no other information. Our protocol is more efficient than previously known ones in either communication or computation.
- 1.B. Aiello, Y. Ishai and O. Reingold, Priced Oblivious Transfer: How to Sell Digital Goods, Advances in Cryptology - Euorocrypt 2001, Springer.]] Google Scholar
Digital Library
- 2.S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy, Proof verification and the hardness of approximation problems, J. of the ACM, Vol. 45, No. 3, 1998, pp. 501-555.]] Google ScholarDigital Library
- 3.J. Bar-Ilan and D. Beaver, Non-Cryptographic Fault-Tolerant Computing in Constant Number of Rounds of Interaction, PODC 1989, pp. 201-209.]] Google ScholarDigital Library
- 4.P. Beame, M. Tompa, and P. Yan, Communication-space tradeoffs for unrestricted protocols, SIAM J. on Computing, 23(3), 1994, pp. 652-661.]] Google ScholarDigital Library
- 5.D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway, Security with low communication overhead, Advances in Cryptology - Crypto '90, LNCS 537, Springer, pp. 62-76.]] Google ScholarDigital Library
- 6.M. Ben-Or, S. Goldwasser and A. Wigderson, Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation, Proc. of the ACM Symp. on Theory of Computing, 1988, pp. 1-10.]] Google ScholarDigital Library
- 7.C. Cachin, S. Micali and M. Stadler, Computationally Private Information Retrieval With Polylogarithmic Communication, Advances in Cryptology - Euorocrypt '99, LNCS 1592, Springer, pp. 402-414.]]Google Scholar
- 8.R. Canetti, Security and Composition of Multiparty Cryptographic Protocols, Journal of Cryptology 13(1), pp. 143-202, 2000.]]Google ScholarDigital Library
- 9.C. Dwork, J. Lotspiech and M. Naor, Digital Signets: Self-Enforcing Protection of Digital Information, Proc. of the ACM Symp. on Theory of Computing, 1996, pp. 489-498.]] Google ScholarDigital Library
- 10.U. Feige, J. Kilian and M. Naor, On minimal models for secure computation, Proc. of the ACM Symp. on Theory of Computing, 1994, pp. 554-563.]] Google ScholarDigital Library
- 11.J. Feigenbaum, J. Fong, M. Strauss, and R.N. Wright, Secure multiparty computation of approximations, DIMACS workshop on Cryptography andIntractability, March 20-22, 2000.]]Google Scholar
- 12.J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R.N. Wright, Secure multiparty computation of approximations, to appear, 28th ICALP, 2001.]] Google ScholarDigital Library
- 13.M. Furer, The Power of Randomness for Communication Complexity, Proc. of the ACM Symp. on Theory of Computing, 1987, pp. 178-181.]] Google ScholarDigital Library
- 14.O. Goldreich, Secure multi-party Computation, Theory of Cryptography Library, 1998,http://philby.ucsd.edu/cryptolib/]]Google Scholar
- 15.O. Goldreich, M. Micali and A. Wigderson, How to play any mental game, Proc. of the ACM Symp. on Theory of Computing, 1987, pp. 218-229.]] Google ScholarDigital Library
- 16.Y. Ishai and E. Kushilevitz, Private Simultaneous Messages Protocols with Applications, Proc. of the 5th ISTCS, pp. 174-183, 1997.]] Google ScholarDigital Library
- 17.Y. Ishai and E. Kushilevitz, Randomizing Polynomials: A new Representation with Applications to Round-Efficient Secure Computation, Proc. of the IEEE Symp. on Found. of Computer Science, 2000, pp. 294-304.]] Google ScholarDigital Library
- 18.J. Kilian, Founding Cryptography on Oblivious Transfer, Proc. of the ACM Symp. on Theory of Computing, 1988, pp. 20-31.]] Google ScholarDigital Library
- 19.J. Kilian, A Note on Efficient Zero-Knowledge Proofs and Arguments, Proc. of the ACM Symp. on Theory of Computing, 1992, pp. 723-732.]] Google ScholarDigital Library
- 20.J. Kilian, Improved Efficient Arguments (Preliminary Version), Advances in Cryptology - Crypto '1995, LNCS 963, Springer, pp. 311-324.]] Google ScholarDigital Library
- 21.S. Khanna, R. Motwani, M. Sudan and U. Vazirani, On Syntactic versus Computational Views of Approximability, SIAM Journal of Computing vol. 28, No. 1, 1998, pp. 164-191.]] Google ScholarDigital Library
- 22.E. Kushilevitz and N. Nisan, Communication complexity, Cambridge University Press, Cambridge, 1997.]] Google ScholarDigital Library
- 23.E. Kushilevitz and R. Ostrovsky, Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval, Proc. of the IEEE Symp. on Found. of Computer Science, 1997, pp. 364-373.]] Google ScholarDigital Library
- 24.Y. Lindell and B. Pinkas, Privacy Preserving Data Mining, Advances in Cryptology - Crypto '2000, LNCS 1880, Springer, pp. 36-54.]] Google ScholarDigital Library
- 25.M. Naor and B. Pinkas, Oblivious Transfer and Polynomial Evaluation, Proc. of the ACM Symp. on Theory of Computing, 1999, pp. 245-254.]] Google ScholarDigital Library
- 26.M. Naor and B. Pinkas, Efficient Oblivious Transfer Protocols, Proc. of 13th ACM-SIAM SODA, pp. 448-457, 2001.]] Google ScholarDigital Library
- 27.M. Naor, B. Pinkas and R. Sumner, Privacy preserving auctions and mechanism design, Proc. of the ACM conference on Electronic Commerce (EC99), pp. 129-139, 1999.]] Google ScholarDigital Library
- 28.A.C. Yao, Protocols for Secure Computations, Proc. of the IEEE Symp. on Found. of Computer Science, 1982, pp. 160-164.]]Google Scholar
- 29.A.C. Yao, How to generate and exchange secrets, Proc. of the IEEE Symp. on Found. of Computer Science, 1986, pp. 162-167.]]Google ScholarDigital Library
Index Terms
- Communication preserving protocols for secure function evaluation
Recommendations
Secure and Private Function Evaluation with Intel SGX
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security WorkshopSecure function evaluation (SFE) allows two parties to jointly evaluate a publicly known function without revealing their respective inputs. SFE can be realized via well-known cryptographic protocols, such as Yao's garbled circuits (GC) and the protocol ...
Efficient protocols for unidirectional and bidirectional controlled deterministic secure quantum communication: different alternative approaches
Recently, Hassanpour and Houshmand have proposed a protocol of controlled deterministic secure quantum communication (Hassanpour and Houshmand, Quantum Inf Process 14:739---753, 2015). The authors compared the efficiency of their protocol with that of ...
Comments