International Workshop on Public Key Cryptography

PKC 2011: Public Key Cryptography – PKC 2011 pp 174-191

Sub-linear, Secure Comparison with Two Non-colluding Parties

• Tomas Toft
Conference paper

DOI: 10.1007/978-3-642-19379-8_11

Volume 6571 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Toft T. (2011) Sub-linear, Secure Comparison with Two Non-colluding Parties. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds) Public Key Cryptography – PKC 2011. PKC 2011. Lecture Notes in Computer Science, vol 6571. Springer, Berlin, Heidelberg

Abstract

The classic problem in the field of secure computation is Yao’s millionaires’ problem; we consider two new protocols solving a variation of this: a number of parties, P1,..., Pn, securely hold two ℓ-bit values, x and y – e.g. x and y could be encrypted or secret shared. They wish to obtain a bit stating whether x is greater than y using only secure arithmetic; this should be done without revealing any information, even the output should remain secret. The present setting is special in the sense that it is assumed that two specific parties, referred to as Alice and Bob, are non-colluding. Though this assumption is not satisfied in general, it clearly is for the main example of this work: two-party computation based on Paillier encryption.

The first solution requires O(log(ℓ)(κ + loglog(ℓ))) secure arithmetic operations in O(log(ℓ)) rounds, where κ is a correctness parameter. The second solution requires only a constant number of rounds, but increases complexity to $$O(\sqrt{\ell}({\rm \kappa} +\log(\ell)))$$ arithmetic operations.

For the motivating setting, each arithmetic operation requires a constant number of Paillier encryptions to be exchanged between Alice and Bob. This implies that both solutions require only a sub-linear number of invocations (in the bit-length, ℓ) of the cryptographic primitives. This does not imply sub-linear communication, though, as the size of each encryption transmitted is more than ℓ bits.

Keywords

Secure computationYao’s Millionaires’ problem