Article

Selective private function evaluation with applications to private statistics

Authors:
Ran Canetti

IBM T.J. Watson Research Center, Hawthorne, NY

IBM T.J. Watson Research Center, Hawthorne, NY
View Profile

,
Yuval Ishai

DIMACS Center, Piscataway, NJ; and AT&T Labs-Research, Florham Park, NJ

DIMACS Center, Piscataway, NJ; and AT&T Labs-Research, Florham Park, NJ
View Profile

,
Ravi Kumar

IBM Almaden Research Center, San Jose, CA

IBM Almaden Research Center, San Jose, CA
View Profile

,
Michael K. Reiter

Bell Labs., Murray Hill, NJ

Bell Labs., Murray Hill, NJ
View Profile

,
Ronitt Rubinfeld

NEC Research Institute, Princeton, NJ

NEC Research Institute, Princeton, NJ
View Profile

,
Rebecca N. Wright

AT&T Labs-Research, Florham Park, NJ

AT&T Labs-Research, Florham Park, NJ
View Profile

PODC '01: Proceedings of the twentieth annual ACM symposium on Principles of distributed computingAugust 2001Pages 293–304https://doi.org/10.1145/383962.384047

Published:01 August 2001Publication History

PODC '01: Proceedings of the twentieth annual ACM symposium on Principles of distributed computing

Pages 293–304

ABSTRACT

Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client interacts with one or more servers holding copies of a database x = x₁, … , x_n in order to compute f(x_i₁, … , x_{i_m}), for some function f and indices i = i₁, … , i_m chosen by the client. Ideally, the client must learn nothing more about the database than f(x_i, … , x_{i_m}), and the servers should learn nothing.

Generic solutions for this problem, based on standard techniques for secure function evaluation, incur communication complexity that is at least linear in n, making them prohibitive for large databases even when f in relatively simple and m is small. We present various approaches for constructing sublinear-communication SPFE protocols, both for the general problem and for special cases of interest. Our solutions not only offer sublinear communication complexity, but are also practical in many scenarios.

References

1.M. Abadi and J. Feigenbaum. Secure circuit evaluation. J. Cryptologty 2(1): 1-12 (1990).]] Google ScholarDigital Library
2.N. R. Adam and J. C. Wortmann. Security-control methods for statistical databases: A comparative study. ACM Computing Surveys 21(4), 1989.]] Google ScholarDigital Library
3.W. Aiello, V. Ishai and O. Reingold. Priced oblivious transfer: How to sell digital goods. Peoc. EUROCRYPT, 2001.]] Google ScholarDigital Library
4.A. Ambalnis. An upper bound on the communication complexity of private information retrieval. Prec. t h ICALP, Springer LNCS, 1256:401-407, 1997.]] Google ScholarDigital Library
5.D. Beaver and J. Feigenbaum. Hiding instances in multioracle queries. Proc. STAGS, Springer LNCS, 415:37-48, 1990.]] Google ScholarDigital Library
6.D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway. Locally random reductions: Improvements and applications. J. Ceyptologl 1O(1): 17-36 (1997). A preliminaxy version appeared in CRYPTO '90.]]Google Scholar
7.A. Beimel and Y. Ishai. Information-Theoretic Private Information Retrieval: A Unified Construction. Peoc. ICALP, 2001.]] Google ScholarDigital Library
8.A. Beimel, Y. Ishal, and T. Malkin. Reducing the servers' computation in private information retrieval: P} with preprocessing. Proc. CRYPTO, Springer LNCS, 1880:56-74, 2000.]] Google ScholarDigital Library
9.J. Benaloh. Verifiable Secret Ballot Elections. Ph. D. Thesis, Yale University, 1996.]] Google ScholarDigital Library
10.M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proc. Oth S TOC, pp. 1-10, 1988.]] Google ScholarDigital Library
11.C. Cachin, J. Camenisch, J. Kilian, and J. Muller. One-round secure computation and secure autonomous mobile agents. Proc. ICALP, 2000.]] Google ScholarDigital Library
12.C. Cachin, S. Micali, and M. Staller. Computationally private information retrieval with polylogarithmic communication. Proc. EUROCRYPT, 1999.]]Google ScholarCross Ref
13.R. Canetti, Security and composition of multiparty cryptographic protocols, J. Cryptology, 13(1), Winter 2000.]]Google ScholarDigital Library
14.D. Chaum, C. Crdpeau, and I. Darnggrd. Multiparty unconditionally secure protocols (extended abstract). Proc. Oth STOG, pp. 11-19, 1988.]] Google ScholarDigital Library
15.D. Chaum, I. Damg;Lrd, and J. van de Granf. Multiparty computations ensuring privacy of each party's input and correctness of the result. Proc. CRYPTO, Springer LNCS, 293:87-119, 1989.]] Google ScholarDigital Library
16.B. Chor and N. Gilboa. Computationally private information retrieved. Proc. gth STOG, pp. 304-313, 1997.]] Google ScholarDigital Library
17.B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. Proc. 36th FOCS, pp. 41-50, 1995.]] Google ScholarDigital Library
18.R. Cramer, I. Damggrd, and J. Nielsen, Multiparty computation from threshold homomorphic encryption, Prec. EUROCRYPT, 2001.]] Google ScholarDigital Library
19.D. E. Denning. Cryptography and Data Security. Addison-Wesley, 1982.]] Google ScholarDigital Library
20.Y. Dodis, S. Halevi, and T. Rabin A Cryptographic Solution to a Game Theoretic Problem. Proc. CRYPTO, 2000.]] Google ScholarDigital Library
21.S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. C. ACM, 28:637-647, 1985.]] Google ScholarDigital Library
22.J. Peigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R. Wright. Secure Multiparty Computation of Approximations. Proc. ICALP, 2001.]] Google ScholarDigital Library
23.U. Feige, I. Kilian, and M. Naor. A minimal model for secure computation. Proc. 6th STOC, pp. 554-563, 1994.]] Google ScholarDigital Library
24.M. Franklin and S. Haber, Joint encryption and message-efficient secure multiparty computation, J. CrIjptology, 9(4):217-232, Autumn 1996.]]Google ScholarDigital Library
25.Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin. Protecting data privacy in private information retrieval schemes. Proc. 30th STOC, pp. 151-160, 1998.]] Google ScholarDigital Library
26.O. Goldreich, Secure multi-party computation, (working draft, Version 1.1), 1998. Available from http ://philby.ucsd.edu/cryptolib/B00KS/oded-sc.html.]]Google Scholar
27.O. Goldreich and A. Kahan. How to construct constant-round zero-knowledge proof systems for NP. J. Uryptology. 9(3):167-189, 1996.]]Google ScholarDigital Library
28.O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game - A completeness theorem for protocols with honest majority. Proc. 19th STOC, pp. 218-229, 1987.]] Google ScholarDigital Library
29.S. Goldwasser and S. Micali. Probabilistic encryption. JCSS, 28(21):270-299, 1984.]]Google ScholarCross Ref
30.Y. Ishal and E. Kushilevitm Private simultaneous messages protocols with applications. Proc. 5th ISTCS, pp. 174-183, 1997.]] Google ScholarDigital Library
31.Y. Ishai and E. Kushilevit=. Improved upper bounds on information theoretic private information retrieval. Prec. 81st STOC, pp. 79-88, 1999.]] Google ScholarDigital Library
32.E. Kushilevitz and R. Ostrovsky. Replication is not needed: Single database computationaly-private information retrieval. Proc. 38th FOCS, pp. 364-373, 1997.]] Google ScholarDigital Library
33.Y. Lindell and B. Pinkas, Privacy preserving data mining. Proc. GRYPTO, Springer LNCS, 1880:36-54, 2000.]] Google ScholarDigital Library
34.E. Mann. Private access to distributed information. Master's thesis, Technion - Israel Institute of Technology, Halfa, 1998.]]Google Scholar
35.M. Naor, and K. Nissim. Communication preserving protocols for secure function evaluation. Proc. 33rd STOC, 2001.]] Google ScholarDigital Library
36.M. Naor and B. Pinkas. Oblivious transfer and polynomiM evaluation. Prec. 31st STOC, pp. 245-254, 1999.]] Google ScholarDigital Library
37.M. Naor and B. Pinkas. Oblivious transfer with adaptive queries. Proc. CRYPTO, Springer LNCS, 1666:573-590, 1999.]] Google ScholarDigital Library
38.M. Naor and B. Pinkas. Efficient oblivious transfer protocols. Proc. 11th SODA, 2001.]] Google ScholarDigital Library
39.D. Naccache and J. Stern. A new public key cryptosystem. Proc. BUROGRYPT, pp. 27-36, 1997.]]Google ScholarCross Ref
40.T. Okamoto and S. Uchiyama. A new public key cryptosystem as secure as factoring. Proc. EUROCRYPT, Springer LNCS, 1403:308-318, 1998.]]Google Scholar
41.P. Palllier. Public-key cryptosystems based on composite degree residuosity classes. Proc. EUROCRYPT, Springer LNCS, 1592:223-238, 1999.]]Google Scholar
42.M. O. Rabin. Hotu to ezchange secrets by oblivious transfer. Technical report TR-81, Harvard Aiken Computation Laboratory, 1981.]]Google Scholar
43.J. P. Stern. A new and efficient all-or-nothing disclosure of secrets protocol. Prec. ASIACRYPT, Springer LNCS, 1514:357-371, 1998.]] Google ScholarDigital Library
44.S. Wiesner. Conjugate coding. SIGACT News 15:78-88, 1983.]] Google ScholarDigital Library
45.A. C-C. Yao. Protocols for secure computation. Proc. and FOCS, pp. 160-164, 1982.]]Google ScholarCross Ref
46.A. C-C. Yao. How to generate and exchange secrets. Proc. Tth FOCS, pp. 162-167, 1986.]]Google ScholarDigital Library

Index Terms

Selective private function evaluation with applications to private statistics

Recommendations

Efficient generalized selective private function evaluation with applications in biometric authentication
Inscrypt'09: Proceedings of the 5th international conference on Information security and cryptology

In a selective private function evaluation (SPFE) protocol, the client privately computes some predefined function on his own input and on m out of server's n database elements. We propose two new generalized SPFE protocols that are based on the new ...
Read More
Secure and Private Function Evaluation with Intel SGX
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Secure function evaluation (SFE) allows two parties to jointly evaluate a publicly known function without revealing their respective inputs. SFE can be realized via well-known cryptographic protocols, such as Yao's garbled circuits (GC) and the protocol ...
Read More
Practical Secure Evaluation of Semi-private Functions
ACNS '09: Proceedings of the 7th International Conference on Applied Cryptography and Network Security

Two-party Secure Function Evaluation (SFE) is a very useful cryptographic tool which allows two parties to evaluate a function known to both parties on their private (secret) inputs. Some applications with sophisticated privacy needs require the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PODC '01: Proceedings of the twentieth annual ACM symposium on Principles of distributed computing
August 2001
323 pages
ISBN:1581133839
DOI:10.1145/383962
Chairmen:
Ajay Kshemkalyani
Univ. of Illinois at Chicago, Chicago
,
Nir Shavit
Tel-Aviv Univ.; and Sun Labs.
Copyright © 2001 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 August 2001
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
PODC '01 Paper Acceptance Rate39of118submissions,33%Overall Acceptance Rate740of2,477submissions,30%
More
Upcoming Conference
PODC '24

Sponsor:

sigact

sigact

ACM Symposium on Principles of Distributed Computing

June 17 - 21, 2024

Nantes , France
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 57
  Total Citations
  View Citations
- 555
  Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Selective private function evaluation with applications to private statistics

PODC '01: Proceedings of the twentieth annual ACM symposium on Principles of distributed computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Efficient generalized selective private function evaluation with applications in biometric authentication

Secure and Private Function Evaluation with Intel SGX

Practical Secure Evaluation of Semi-private Functions