Secure Computation of the Median (and Other Elements of Specified Ranks)
 Gagan Aggarwal,
 Nina Mishra,
 Benny Pinkas
 … show all 3 hide
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Get AccessAbstract
We consider the problem of securely computing the kthranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kthranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates twoparty and multiparty protocols for both the semihonest and malicious cases. In the twoparty setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multiparty setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multiparty protocol can be used in the twoparty case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.
 M. Atallah, M. Blanton, K. Frikken, J. Li, Efficient correlated action selection, in Financial Cryptography (2006), pp. 296–310
 D. Beaver, Secure multiparty protocols and zeroknowledge proof systems tolerating a faulty minority. J. Cryptol. 4(2), 75–122 (1991) CrossRef
 D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols. In Proceedings of the TwentySecond Annual ACM Symposium on the Theory of Computing (1990), pp. 503–513
 I. Blake, V. Kolesnikov, Strong conditional oblivious transfer and computing on intervals, in 10th International Conference on the Theory and Application of Cryptology and Information Security ASIACRYPT (2004), pp. 515–529
 C. Cachin, Efficient private bidding and auctions with an oblivious third party, in Proc. 6th ACM Conference on Computer and Communications Security (1999), pp. 120–127
 C. Cachin, S. Micali, M. Stadler, Computationally private information retrieval with polylogarithmic communication, in Advances in Cryptology: EUROCRYPT ’99 (1999), pp. 402–414
 R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000) CrossRef
 R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (2001), pp. 136–145
 R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, R. Wright, Selective private function evaluation with applications to private statistics, in Proceedings of Twentieth ACM Symposium on Principles of Distributed Computing (2001), pp. 293–304
 R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two party computation, in 34th ACM Symposium on the Theory of Computing (2002), pp. 494–503
 J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, R. Wright, Secure multiparty computation of approximations, in Proceedings of 28th International Colloquium on Automata, Languages and Programming (2001), pp. 927–938
 M. Fischlin, A costeffective paypermultiplication comparison method for millionaires, in RSA Security 2001 Cryptographer’s Track, vol. 2020 (2001), pp. 457–471
 M. Franklin, M. Yung, Communication complexity of secure computation, in Proceedings of the TwentyFourth Annual ACM Symposium on the Theory of Computing (1992), pp. 699–710
 P. Gibbons, Y. Matias, V. Poosala, Fast incremental maintenance of approximate histograms, in Proc. 23rd Int. Conf. Very Large Data Bases (1997), pp. 466–475
 O. Goldreich, Foundations of Cryptography: vol. 2, Basic Applications (Cambridge University Press, Cambridge, 2004)
 O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in Proceedings of the 19th Annual Symposium on Theory of Computing, May 1987, pp. 218–229
 S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in Proceedings of Advances in Cryptology (1991), pp. 77–93
 Y. Ishai, K. Nissim, J. Kilian, E. Petrank, Extending oblivious transfers efficiently, in 23rd Annual International Cryptology Conference (2003), pp. 145–161
 H. Jagadish, N. Koudas, S. Muthukrishnan, V. Poosala, K. Sevcik, T. Suel, Optimal histograms with quality guarantees, in Proc. 24th Int. Conf. Very Large Data Bases (1998), pp. 275–286
 S. Jarecki, V. Shmatikov, Efficient twoparty secure computation on committed inputs, in EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 97–114 CrossRef
 E. Kushilevitz, N. Nisan, Communication Complexity (Cambridge University Press, Cambridge, 1997)
 S. Laur, H. Lipmaa, Additive conditional disclosure of secrets and applications. Cryptology ePrint Archive, Report 2005/378, 2005
 H. Lin, W. Tzeng, An efficient solution to the millionaires’ problem based on homomorphic encryption, in Third International Conference Applied Cryptography and Network Security (2005), pp. 456–466
 Y. Lindell, B. Pinkas, Privacy preserving data mining. J. Cryptol. 15(3), 177–206 (2002) CrossRef
 Y. Lindell, B. Pinkas, An efficient protocol for secure twoparty computation in the presence of malicious adversaries, in EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 52–78 CrossRef
 S. Micali, P. Rogaway, Secure computation, in Proceedings of Advances in Cryptology (1991), pp. 392–404
 M. Naor, K. Nissim, Communication preserving protocols for secure function evaluation, in Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (2001), pp. 590–599
 B. Pfitzmann, M. Waidner, Composition and integrity preservation of secure reactive systems, in ACM Conference on Computer and Communications Security (2000), pp. 245–254
 V. Poosala, V. Ganti, Y. Ioannidis, Approximate query answering using histograms. IEEE Data Eng. Bull. 22(4), 5–14 (1999)
 M. Rodeh, Finding the median distributively. J. Comput. Syst. Sci. 24(2), 162–166 (1982) CrossRef
 L. von Ahn, N. Hopper, J. Langford, Covert twoparty computation, in Proceedings of the ThirtySeventh Annual Acm Symposium on Theory of Computing (2005), pp. 513–522
 A. Yao, Protocols for secure computations, in Proceedings of the 23rd Symposium on Foundations of Computer Science (1982), pp. 160–164
 A. Yao, How to generate and exchange secrets, in Proceedings of the 27th Symposium on Foundations of Computer Science (1986), pp. 162–167
 Title
 Secure Computation of the Median (and Other Elements of Specified Ranks)
 Journal

Journal of Cryptology
Volume 23, Issue 3 , pp 373401
 Cover Date
 20100701
 DOI
 10.1007/s0014501090599
 Print ISSN
 09332790
 Online ISSN
 14321378
 Publisher
 SpringerVerlag
 Additional Links
 Topics
 Keywords

 Secure function evaluation
 Secure multiparty computation
 kthranked element
 Median
 Semihonest adversary
 Malicious adversary
 Industry Sectors
 Authors

 Gagan Aggarwal ^{(1)}
 Nina Mishra ^{(2)}
 Benny Pinkas ^{(3)}
 Author Affiliations

 1. Google Research, Mountain View, CA, USA
 2. Search Labs, Microsoft Research, Mountain View, CA, USA
 3. Department of Computer Science, University of Haifa, Haifa, Israel