Journal of Cryptology

, Volume 23, Issue 3, pp 373–401

Secure Computation of the Median (and Other Elements of Specified Ranks)


DOI: 10.1007/s00145-010-9059-9

Cite this article as:
Aggarwal, G., Mishra, N. & Pinkas, B. J Cryptol (2010) 23: 373. doi:10.1007/s00145-010-9059-9


We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.


Secure function evaluationSecure multi-party computationkth-ranked elementMedianSemi-honest adversaryMalicious adversary

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  1. 1.Google ResearchMountain ViewUSA
  2. 2.Search LabsMicrosoft ResearchMountain ViewUSA
  3. 3.Department of Computer ScienceUniversity of HaifaHaifaIsrael