Article

Journal of Cryptology

, Volume 23, Issue 3, pp 373-401

First online:

Secure Computation of the Median (and Other Elements of Specified Ranks)

  • Gagan AggarwalAffiliated withGoogle Research Email author 
  • , Nina MishraAffiliated withSearch Labs, Microsoft Research
  • , Benny PinkasAffiliated withDepartment of Computer Science, University of Haifa

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract

We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.

Keywords

Secure function evaluation Secure multi-party computation kth-ranked element Median Semi-honest adversary Malicious adversary