ABSTRACT
Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client interacts with one or more servers holding copies of a database x = x1, … , xn in order to compute f(xi1, … , xim), for some function f and indices i = i1, … , im chosen by the client. Ideally, the client must learn nothing more about the database than f(xi, … , xim), and the servers should learn nothing.
Generic solutions for this problem, based on standard techniques for secure function evaluation, incur communication complexity that is at least linear in n, making them prohibitive for large databases even when f in relatively simple and m is small. We present various approaches for constructing sublinear-communication SPFE protocols, both for the general problem and for special cases of interest. Our solutions not only offer sublinear communication complexity, but are also practical in many scenarios.
- 1.M. Abadi and J. Feigenbaum. Secure circuit evaluation. J. Cryptologty 2(1): 1-12 (1990).]] Google ScholarDigital Library
- 2.N. R. Adam and J. C. Wortmann. Security-control methods for statistical databases: A comparative study. ACM Computing Surveys 21(4), 1989.]] Google ScholarDigital Library
- 3.W. Aiello, V. Ishai and O. Reingold. Priced oblivious transfer: How to sell digital goods. Peoc. EUROCRYPT, 2001.]] Google ScholarDigital Library
- 4.A. Ambalnis. An upper bound on the communication complexity of private information retrieval. Prec. t h ICALP, Springer LNCS, 1256:401-407, 1997.]] Google ScholarDigital Library
- 5.D. Beaver and J. Feigenbaum. Hiding instances in multioracle queries. Proc. STAGS, Springer LNCS, 415:37-48, 1990.]] Google ScholarDigital Library
- 6.D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway. Locally random reductions: Improvements and applications. J. Ceyptologl 1O(1): 17-36 (1997). A preliminaxy version appeared in CRYPTO '90.]]Google Scholar
- 7.A. Beimel and Y. Ishai. Information-Theoretic Private Information Retrieval: A Unified Construction. Peoc. ICALP, 2001.]] Google ScholarDigital Library
- 8.A. Beimel, Y. Ishal, and T. Malkin. Reducing the servers' computation in private information retrieval: P} with preprocessing. Proc. CRYPTO, Springer LNCS, 1880:56-74, 2000.]] Google ScholarDigital Library
- 9.J. Benaloh. Verifiable Secret Ballot Elections. Ph. D. Thesis, Yale University, 1996.]] Google ScholarDigital Library
- 10.M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proc. Oth S TOC, pp. 1-10, 1988.]] Google ScholarDigital Library
- 11.C. Cachin, J. Camenisch, J. Kilian, and J. Muller. One-round secure computation and secure autonomous mobile agents. Proc. ICALP, 2000.]] Google ScholarDigital Library
- 12.C. Cachin, S. Micali, and M. Staller. Computationally private information retrieval with polylogarithmic communication. Proc. EUROCRYPT, 1999.]]Google ScholarCross Ref
- 13.R. Canetti, Security and composition of multiparty cryptographic protocols, J. Cryptology, 13(1), Winter 2000.]]Google ScholarDigital Library
- 14.D. Chaum, C. Crdpeau, and I. Darnggrd. Multiparty unconditionally secure protocols (extended abstract). Proc. Oth STOG, pp. 11-19, 1988.]] Google ScholarDigital Library
- 15.D. Chaum, I. Damg;Lrd, and J. van de Granf. Multiparty computations ensuring privacy of each party's input and correctness of the result. Proc. CRYPTO, Springer LNCS, 293:87-119, 1989.]] Google ScholarDigital Library
- 16.B. Chor and N. Gilboa. Computationally private information retrieved. Proc. gth STOG, pp. 304-313, 1997.]] Google ScholarDigital Library
- 17.B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. Proc. 36th FOCS, pp. 41-50, 1995.]] Google ScholarDigital Library
- 18.R. Cramer, I. Damggrd, and J. Nielsen, Multiparty computation from threshold homomorphic encryption, Prec. EUROCRYPT, 2001.]] Google ScholarDigital Library
- 19.D. E. Denning. Cryptography and Data Security. Addison-Wesley, 1982.]] Google ScholarDigital Library
- 20.Y. Dodis, S. Halevi, and T. Rabin A Cryptographic Solution to a Game Theoretic Problem. Proc. CRYPTO, 2000.]] Google ScholarDigital Library
- 21.S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. C. ACM, 28:637-647, 1985.]] Google ScholarDigital Library
- 22.J. Peigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R. Wright. Secure Multiparty Computation of Approximations. Proc. ICALP, 2001.]] Google ScholarDigital Library
- 23.U. Feige, I. Kilian, and M. Naor. A minimal model for secure computation. Proc. 6th STOC, pp. 554-563, 1994.]] Google ScholarDigital Library
- 24.M. Franklin and S. Haber, Joint encryption and message-efficient secure multiparty computation, J. CrIjptology, 9(4):217-232, Autumn 1996.]]Google ScholarDigital Library
- 25.Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin. Protecting data privacy in private information retrieval schemes. Proc. 30th STOC, pp. 151-160, 1998.]] Google ScholarDigital Library
- 26.O. Goldreich, Secure multi-party computation, (working draft, Version 1.1), 1998. Available from http ://philby.ucsd.edu/cryptolib/B00KS/oded-sc.html.]]Google Scholar
- 27.O. Goldreich and A. Kahan. How to construct constant-round zero-knowledge proof systems for NP. J. Uryptology. 9(3):167-189, 1996.]]Google ScholarDigital Library
- 28.O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game - A completeness theorem for protocols with honest majority. Proc. 19th STOC, pp. 218-229, 1987.]] Google ScholarDigital Library
- 29.S. Goldwasser and S. Micali. Probabilistic encryption. JCSS, 28(21):270-299, 1984.]]Google ScholarCross Ref
- 30.Y. Ishal and E. Kushilevitm Private simultaneous messages protocols with applications. Proc. 5th ISTCS, pp. 174-183, 1997.]] Google ScholarDigital Library
- 31.Y. Ishai and E. Kushilevit=. Improved upper bounds on information theoretic private information retrieval. Prec. 81st STOC, pp. 79-88, 1999.]] Google ScholarDigital Library
- 32.E. Kushilevitz and R. Ostrovsky. Replication is not needed: Single database computationaly-private information retrieval. Proc. 38th FOCS, pp. 364-373, 1997.]] Google ScholarDigital Library
- 33.Y. Lindell and B. Pinkas, Privacy preserving data mining. Proc. GRYPTO, Springer LNCS, 1880:36-54, 2000.]] Google ScholarDigital Library
- 34.E. Mann. Private access to distributed information. Master's thesis, Technion - Israel Institute of Technology, Halfa, 1998.]]Google Scholar
- 35.M. Naor, and K. Nissim. Communication preserving protocols for secure function evaluation. Proc. 33rd STOC, 2001.]] Google ScholarDigital Library
- 36.M. Naor and B. Pinkas. Oblivious transfer and polynomiM evaluation. Prec. 31st STOC, pp. 245-254, 1999.]] Google ScholarDigital Library
- 37.M. Naor and B. Pinkas. Oblivious transfer with adaptive queries. Proc. CRYPTO, Springer LNCS, 1666:573-590, 1999.]] Google ScholarDigital Library
- 38.M. Naor and B. Pinkas. Efficient oblivious transfer protocols. Proc. 11th SODA, 2001.]] Google ScholarDigital Library
- 39.D. Naccache and J. Stern. A new public key cryptosystem. Proc. BUROGRYPT, pp. 27-36, 1997.]]Google ScholarCross Ref
- 40.T. Okamoto and S. Uchiyama. A new public key cryptosystem as secure as factoring. Proc. EUROCRYPT, Springer LNCS, 1403:308-318, 1998.]]Google Scholar
- 41.P. Palllier. Public-key cryptosystems based on composite degree residuosity classes. Proc. EUROCRYPT, Springer LNCS, 1592:223-238, 1999.]]Google Scholar
- 42.M. O. Rabin. Hotu to ezchange secrets by oblivious transfer. Technical report TR-81, Harvard Aiken Computation Laboratory, 1981.]]Google Scholar
- 43.J. P. Stern. A new and efficient all-or-nothing disclosure of secrets protocol. Prec. ASIACRYPT, Springer LNCS, 1514:357-371, 1998.]] Google ScholarDigital Library
- 44.S. Wiesner. Conjugate coding. SIGACT News 15:78-88, 1983.]] Google ScholarDigital Library
- 45.A. C-C. Yao. Protocols for secure computation. Proc. and FOCS, pp. 160-164, 1982.]]Google ScholarCross Ref
- 46.A. C-C. Yao. How to generate and exchange secrets. Proc. Tth FOCS, pp. 162-167, 1986.]]Google ScholarDigital Library
Index Terms
- Selective private function evaluation with applications to private statistics
Recommendations
Efficient generalized selective private function evaluation with applications in biometric authentication
Inscrypt'09: Proceedings of the 5th international conference on Information security and cryptologyIn a selective private function evaluation (SPFE) protocol, the client privately computes some predefined function on his own input and on m out of server's n database elements. We propose two new generalized SPFE protocols that are based on the new ...
Secure and Private Function Evaluation with Intel SGX
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security WorkshopSecure function evaluation (SFE) allows two parties to jointly evaluate a publicly known function without revealing their respective inputs. SFE can be realized via well-known cryptographic protocols, such as Yao's garbled circuits (GC) and the protocol ...
Practical Secure Evaluation of Semi-private Functions
ACNS '09: Proceedings of the 7th International Conference on Applied Cryptography and Network SecurityTwo-party Secure Function Evaluation (SFE) is a very useful cryptographic tool which allows two parties to evaluate a function known to both parties on their private (secret) inputs. Some applications with sophisticated privacy needs require the ...
Comments